Hi Wester,
I understand that you're experiencing difficulties securing your web application on Azure. Here are some general steps and best practices that may help:
HTTPS and certificates: Azure App Service allows you to secure your applications with HTTPS. When you create your app, its default domain name will already be accessible using HTTPS. If you set up a custom domain for your app, it is also recommended that you secure it with an SSL/TLS certificate.
Insecure protocols: To protect your app from unencrypted HTTP connections, App Service offers a one-click option to enforce HTTPS. TLS 1.0 is no longer recommended for use, as it is not considered secure according to industry standards such as PCI DSS. You can disable outdated protocols and enforce TLS 1.1 and 1.2 instead.
Authentication: Set up authentication for your web app and restrict access to users within your organization.Accessing Azure Services: Use managed identities to securely access the Azure data plane, including Azure Storage, Azure SQL Database, and Azure Key Vault. This allows you to retrieve non-personal data from these services in your web application.
Microsoft Graph: Use Microsoft Graph to access user data for the currently signed-in user, or use managed identities to retrieve non-user data for your web application.
If the response helped, please do click Accept Answer and Yes for was this answer helpful.