We're in the process of building a new web application on Azure and are using Sitecore as the front end. The application will contain sensitive information, so the overall security posture is to have all Azure resources hidden inside of a VNET, with the only public front end being an Azure app gateway.
So far in our Test/Dev environment we've used the ARM templates provides by Sitecore and it's all good. However it seems that the ARM templates used are assuming the use of Azure SQL Databases, which we cannot place into a VNET using Service Endpoints. For me to keep the databases tucked away in an internal VNET we'll need to use Azure SQL Managed Instances instead.
Is this possible / supported? Going out on a limb, I don't suppose there's ARM templates for this?
Thanks - Steve