Hi,
If you create a Private Endpoint for App Service, then Private Endpoint would be the inbound endpoint and all other access to App Service will be blocked. You can only access your App Service by sending traffic to the IP of the Private Endpoint which is deployed in your VNET.
In your case, when Azure DevOps tries to reach the App Service, it might get the Public IP resolution and tries to reach the App Service via the Public Endpoint which is why the traffic is blocked.
So, you will need to make sure that your DevOps is integrated to a VNET which is linked to the Private DNS Zone, so the DNS resolution of the DevOps to App Service will point to the Private Endpoint IP.
Regards,
Karthik Srinivas