Hi @Steve Sanda , I understand that you want to restrict access to your App Service from a VM in a different Azure AD tenant.
You don't need Vnet peering. You can't use Service Endpoint as your VM is in a different Azure AD tenant.
You have 2 options:
- Restrict access on public IP address.
- Find out the outbound public IP address of your VM: either a Public IP address attached directly on your VM, NAT Gateway, or outbound IP of a Firewall.
- Configure your App Service: add IP restriction rule for your VM's outbound public IP address.
- Access using private IP address.
- Create a private endpoint for your App Service on your VM's subnet.
- Follow the steps from this guide: Cross-tenant secure access to Azure web apps with private endpoints.
- Optionally, you can disable public endpoint of your App Service.
Please accept an answer if correct. Original posters help the community find answers faster by identifying the correct answer. Here is how.