Your company operates both an on-premises network and an Azure subscription, but currently lacks a Site-to-Site VPN or an ExpressRoute connection between the two. You are responsible for designing the security standards for Azure App Service web apps that need to access Microsoft SQL Server databases hosted on the on-premises network. Your objective is to recommend security standards ensuring that these web apps can securely access the databases while minimizing the number of internet-accessible endpoints on the on-premises network. What should be included in your recommendation?