Thanks for the good question.
You could leverage App Service Hybrid Connections -Which enables your apps to make outbound calls to specified TCP endpoints. The endpoint can be on-premises (database), in a VNet or anywhere that allows outbound traffic to Azure on port 443. The feature requires the installation of a relay agent called the Hybrid Connection Manager (HCM) on a Windows Server 2012 or newer host. Each Hybrid Connection correlates to a single TCP host and port combination.
App Service Hybrid connection - how it works
For the 2nd case, As I understand you have both VM and App Service on the same VNet already. The new VNet Integration feature enables you to place the backend of your app in a subnet in a Resource Manager VNet in the same region.