How to monitor and audit App Service Configuration and File changes

Overview

The ability to track and audit changes to websites is a common requirement among enterprises. This audit trail helps to identify who made changes and when, either accidentally or maliciously. When running an application on a local server there are many options to achieve this, however when running in Azure App Service we must rely on the features that the platform offers because there is no access to the machine itself.

Troubleshooting App Service failed VNET integration and outbound connectivity issues

Overview:

A significant part of a website’s functionality often involves outbound connectivity to dependencies like database, API, etc. Azure App Services have default outbound connectivity to the public Internet using its pool of outbound IPs and a capability to integrate with a VNET to achieve connectivity into a private network, including on-prem.

Two options for VNET integration in multi-tenant App Service currently exist:

Point-to-site VPN Gateway required VNET integration: https://docs.microsoft.com/en-us/azure/app-service/web-sites-integrate-with-vnet#gateway-required-vnet-integration
Regional (preview) VNET integration: https://docs.microsoft.com/en-us/azure/app-service/web-sites-integrate-with-vnet#regional-vnet-integration
(non-multitenant) ASE: https://docs.microsoft.com/en-us/azure/app-service/environment/app-service-app-service-environment-network-architecture-overview

I will not discuss these options in great detail here, but instead focus on how to troubleshoot general outbound connectivity issues to both public and private endpoints.