Your application requires service passwords, connection strings, and other secret configuration values to do its job. Storing and handling secret values is risky, and every usage introduces the possibility of leakage. Azure Key Vault, in combination with managed identities for Azure resources, enables your Azure web app to access secret configuration values easily and securely without needing to store any secrets in your source control or configuration.
There's a tradeoff between security and ease-of-access. The conditional-access feature of Azure Active Directory helps you implement a good balance between the two. Learn how to implement a conditional-access policy using Azure Active Directory.