You have a financial application developed in ASP.NET Core named finance1. You plan to migrate finance1 to an Azure App Service.
The application should be accessible only from private virtual networks on Azure or through a Virtual Private Network (VPN) connection with on-premises networks. For compliance reasons, the application needs to run on isolated physical hardware.
You need to implement the App Service to deploy finance1.
Which App Service tier should you use?
You should use ASE. The ASE is an isolated environment used to securely run App Service apps. You can use ASE to provide complete isolation and secure network access using an Internal Load Balancer to deploy your App Service into a subnet in a virtual network and run your workload in dedicated and isolated hardware.
You should not use the PremiumV2, Standard, or Basic tiers. These tiers provide a public endpoint to access your application from the internet. Although you can filter inbound network traffic to block the internet connectivity and integrate the App Service with virtual networks by using service endpoints, these tiers run in multi-tenant hardware managed by Azure and do not run in complete isolated hardware.