I see Azure DDoS protection can be enabled at the VNET level, and I understand that I can configure the integration of an App Services web app with a VNET, but is that enough to place my application under DDoS protection?
I am under the impression that the VNET integration in App Services is only meant to give the application access to resources that live in a VNET. Is that really the case? Or will such integration also place the application under the DDoS protection that is enabled for the VNET?
Do I need to have a fully isolated App Services Environment (ASE) in a VNET to keep web applications under the DDoS protection plan of the VNET?