This video goes over two ways of restricting access to Microsoft Azures PaaS services; Service Endpoints and Private Endpoints.  Both are used to restrict access to PaaS serviced, but work differently.  The video gives an overview if the differences and then does a walkthrough of deploying Service Endpoints and Private Endpoints using an Azure Storage account as an example.