Yesterday we had the opportunity to configure a Azure environment with a ER and building this with a hub-spoke where the spoke had a App Service.

I had help from my colleagues to do the ER and Hub. Then I created a vnet for the subscription for the app service.

I created a /28 vnet and subnet as I wanted to keep the amount of IP´s at a fairly limited level and set up the peering and everything looked great. I provisioned a test-VM and tested to reach the onprem resources and that also worked as expected.

The supplier that we worked with complained though that it did not work to integrate this subnet into the App Service as he got an error when trying.

What I learned after looking a bit more carefully was though that the App Service integration required a /27 subnet that was dedicated for the web service. There are some requirements and limits that you can read on the link below:

https://docs.microsoft.com/en-us/azure/app-service/web-sites-integrate-with-vnet#regional-vnet-integration

I had to remove the VM and also the peering as it is not possible to change the vnet properties ,such as address space, otherwise

With no dependencies I could change the address space to a /26. I wanted a dedicated subnet for the App Service and also a subnet for a VM to test some networking. After creating the subnets and recreated the peering everything worked great, including the integration to the App Service, and just as a coincident it was released as GA to do regional vnet integration.

Learning from this is among other things, to read the documentation first and also not accept the networking departments restricted allocation of network ranges because it will probably end in frustration!