It is preferred to host web applications and web services on Azure App Services. In many cases, an Azure App Service will be hosted privately within an Azure App Service Environment.
If the application cannot be hosted on an Azure App Service, the application can be hosted on a shared instance of IIS running on a virtual machine (VM) load balanced cluster. Keep in mind that multiple web applications can be run, each in isolation, on a single IIS instance.
RESTful APIs and SOAP web services hosted privately on internal virtual networks can be exposed publicly via Azure API management – which is an API gateway and reverse proxy.
Web applications (having a UI) that are hosted privately on internal virtual networks can be exposed via Azure Application Gateway. While Azure Application Gateway can be used to expose web services publicly, it is best practice exposed web services via API Management.
PREVIOUS: Environment Provisioning
Solution Architecture Guidance
NEXT: CI+CD (Continuous Integration/Continuous Delivery)