So it seems my problem was based on a false premise that the Azure Private DNS Zone to link to a Private Endpoint for App Services which use Unique Default Hostnames had to be one of:

• <region>.privatelink.azurewebsites.net
• privatelink.<region>.azurewebsites.net

when what's actually needed is the same Azure Private DNS Zone as for app services that don't use Unique Default Hostnames - i.e.:

• privatelink.azurewebsites.net

What happens then is 2 records get automatically registered in the Azure Private DNS Zone:

And this zone then resolves the fqdn mywebapp-<hash>.<region>.privatelink.azurewebsites.net and everything just works.

I've submitted a PR to the azure docs repo to add specific information about DNS configuration for app services that use Unique Default Hostnames to help anyone else who might otherwise fall down the same rabbit-hole as I did...

https://github.com/MicrosoftDocs/azure-docs/pull/124485

So it seems my problem was based on a false premise that the Azure Private DNS Zone to link to a Private Endpoint for App Services which use Unique Default Hostnames had to be one of:

• <region>.privatelink.azurewebsites.net
• privatelink.<region>.azurewebsites.net

when what's actually needed is the same Azure Private DNS Zone as for app services that don't use Unique Default Hostnames - i.e.:

• privatelink.azurewebsites.net

What happens then is 2 records get automatically registered in the Azure Private DNS Zone:

And this zone then resolves the fqdn

• mywebapp-<hash>.<region>.privatelink.azurewebsites.net

and everything just works.

I've submitted a PR to the azure docs repo to add specific information about DNS configuration for app services that use Unique Default Hostnames to help anyone else who might otherwise fall down the same rabbit-hole as I did...

https://github.com/MicrosoftDocs/azure-docs/pull/124485