privatelink.azurewebsites.net zone to the customer's VNet (or peer to the VNet hosting the zone), and confirm the A record for the Web App points to IP.privatelink.database.windows.net zone, linked/peered correctly).Note: The current implementation authenticates via SQL login (username/password), not Azure AD / Managed Identity. Managed Identity setup is not required unless the customer wants to move to passwordless/AAD authentication as a separate hardening step.
Server=tcp:<server>.database.windows.net,1433;
Initial Catalog=<database>;
User ID=<mcp_user>;
Password=<password>;
Encrypt=True;
TrustServerCertificate=False;
Connection Timeout=30;DATABASE_CONNECTION_STRING application setting