To use VNet integration, the App service plan must be Standard, Premium, PremiumV2, PremiumV3. The default Plan that Nerdio Manager is initially created with is Basic.
Nerdio Manager consists of a number of PaaS services. The entry point into the Nerdio Manager application is the App Service. By default, the NMW app service is protected with Azure AD authentication (including MFA and conditional access) and is accessible from any internet location. It is possible to further protect the NMW App Service by using Access Restrictions.
To harden SQL Server see this KB article.
- Locate Nerdio Manager App Service resource in Azure portal. It will typically have a name in the following format: nmw-app-xxxxxxxxx
- Go to Settings>Networking>Configure Access Restrictions (default configuration is to allow all access)
- Click "+ Add rule" and specify the source IP address block to allow access. This will automatically add a new Deny all rule to the list to prevent access from all other locations.
After a few minutes, only whitelisted IP ranges will be able to connect to the Nerdio Manager application.