By default, the app service would be accessible from public network. But some organization would like to make this app service as private so that it would be accessible only from the local private network.

To make the app service follow the steps below.

• Go to the Networking section of App service and select the option ‘Private Endpoints’

• In the Private Endpoint connections page, click on ‘Add’ and select ‘Express’

• Give a name for the endpoint and select the private subnet information from the dropdowns and make sure to keep the option Yes for Integrating with private DNS zone.

• Once the Private Endpoint is created the public inbound IP will be replaced by a private IP and you may use this IP to map to a custom domain in your local DNS server or use the private FQDN (<appname>.azurewebsites.net) to access the app service within your extended private network.