What is the minimum access needed in Azure Portal > Networking > Access Restrictions > Advanced Tool Site to allow the Portal access to manage WebJobs

What is the minimum access needed in Azure Portal > Networking > Access Restrictions > Advanced Tool Site to allow the Azure Portal access to manage WebJobs?

I’m getting an error "The scm site for your app is blocked. In order to use webjobs you must allow traffic to the advanced tool site." unless I allow all traffic which has security implications (I want to deny all traffic except required)

The error message when you don’t allow all access has a link https://learn.microsoft.com/en-us/azure/app-service/app-service-ip-restrictions?tabs=azurecli#manage-access-restriction-rules-in-the-portal to a generic page on access restrictions but nothing specific to this issue.

I want to know specifically how to allow webjobs to be managed (view logs & run) in the Azure Portal without allowing all traffic access to the SCM site (I have tried "Allow All" and it works (as expected)). Is there a service tag? I tried Deny All except IPv4 addresses 0.0.0.0/0 and IPv6 addresses ::/0 but that didn’t work. Also tried allowing the service tag AzurePortal and AzureCloud … none of those worked. The app service is on a vnet so tried granting access to that subnet (didn’t work). None of the above worked so I’m not sure what traffic origin the portal is when it tries to access the WebJobs to manage them (start/stop them, view logs etc).

My WebJobs still run ok, I just can’t manage them via the portal unless I allow all access to the advanced tool site.

Look forward to some insights to what I thought would be a common issue.

Is it just not standard to try and restrict access to the SCM site and potentially any configuration secrets? (yes, should be using Azure Key Vault etc but I’m not currently).