Ensure that Azure App Services have access restriction configured to control network access to your app.
By setting up access restrictions, you can define a priority-ordered allow/deny list that controls network access to your app. The list can include IP addresses or Azure Virtual Network subnets. When there are one or more entries, an implicit deny all exists at the end of the list. The most secure configuration is to disable public network access entirely. If public access is enabled, this plugin checks for explicit access restrictions with an “Any” IP address and “Deny” action rule.
Add access restriction rules under network settings for the app services