App service using private link but still need public access

Matt Browne 21 Reputation points
2022-08-16T08:39:40.113+00:00

I'm trying to configure an app service such that it has a private link setup into our VPN enabled vnet but also allow public access (e.g. to allow front door and our devops agents access).

The docs (https://learn.microsoft.com/en-gb/azure/app-service/networking/private-endpoint) note that "by default" public access is disabled, to me that sounds like it is possible to not have the default, is that actually possible?

231408-image.png

I'd rather not route everything through our vnet (using hub and spoke design) because to my mind that adds a single point of failure we don't need, e.g. having front door connect to the app service over the MS backbone means it isn't reliant on my vnet infrastructure. But the vpn access is useful for internal access direct to the app service.

Azure Virtual Network
Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
2,195 questions
Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
6,989 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Jackson Martins 9,796 Reputation points MVP
    2022-08-16T10:08:41.483+00:00

    Hi @Matt Browne
    unfortunately by default, public access is disabled by default, and you cannot enable it, the App-assigned address option is grayed out and you lose public access.

    Best