Thank you for posting your query on Microsoft Q&A, from above description I could understand that you want to allow access to your Azure server hosted webapp from limited set of IP address.
Please do let me know if this is not the case by responding in the comments section.
The above objective could be achieved by the following steps:
- Register a web app in Entra ID (Azure AD) redirecting to your web application hosted on Azure VM Web server.
- Now navigate to conditional access blade and create a Named location with your defined vNet or public IP range and Mark as trusted location:
- Create a CA policy, select small user group under "Assignments" and Target the Web App you registered in first step:
- Select All locations in condition and exclude trusted network:
- Select Block access in Grant blade:
- Anytime a user tries to access the application they will be blocked unless they are requesting through trusted IP address you want.
Thanks,
Akshay Kaushik
Please "Accept the answer" (Yes), and share your feedback if the suggestion answers you’re your query. This will help us and others in the community as well.