hands-on lab

Configuring Web Apps for Private Access using VNet Integration

Get guided in a real environmentPractice with a step-by-step scenario in a real, provisioned environment.
Learn and validateUse validations to check your solutions every step of the way.
See resultsTrack your knowledge and monitor your progress.
Lab description

Azure App Service supports various security mechanism to secure the resources that are meant to be internal. VNet integration feature allows you to integrate PaaS services to be included in Azure backbone infrastructure in your subscription and enable communication without routing traffic over the internet. Along with that, the access Restriction controls the inbound traffic to the application where you define a priority-ordered allow/deny list to manage the network access to your application.

Restricting access for Azure resources can be necessary when hosting an internal website and services that are not supposed to be accessible over the internet. You may want to allow access to these services through an office network or a VPN to ensure only authorized networks can access them. Leveraging these security features enables your organization to focus more on development instead of deploying expensive resources to block public access to these applications.

In this hands-on lab, you will learn how to restrict public access to the Azure Web Apps using VNet Integration and Access Restrictions.

Learning Objectives

Upon completion of this intermediate-level lab, you will be able to:

  • Understand the security functionality of App Service Resource
  • Configure VNet Integration on App Service
  • Add Access Restriction rules for Virtual Network access
  • Validating the access from Internet and Azure VM

Intended Audience

  • Candidates for Azure Network Engineer Exam (AZ-700)
  • Cloud Architects
  • Network Engineers
  • Security Engineers
  • DevOps Engineers


Familiarity with the following will be beneficial but is not required:

  • Azure Virtual Machine
  • Azure App Service

The following content can be used to fulfill the prerequisite:


May 26th, 2023 - Resolved an issue that caused the lab to fail periodically


Environment before
Environment after
About the author
Learning paths

Parveen is an Azure advocate with previous experience in the professional consulting services industries. He specializes in infrastructure and DevOps with a wide range of knowledge in security and access management. He is also an Azure Certified - DevOps Engineer Expert, Security Engineer, Developer Associate, Administrator Associate, CompTIA Certified - Network+, Security+, and AWS Cloud Practitioner.
Parveen enjoys writing about cloud technologies and sharing the knowledge with the community to help students upskill in the cloud.

Covered topics
Lab steps
Logging in to the Microsoft Azure Portal
Testing Web App Access through the Virtual Machine and the Internet
Enabling VNet Integration and Access Restrictions on the Web App