Common Security & Governance Blind Spots in Azure Integration

"Hello everyone,

I'm starting a discussion to gather insights on a critical topic: security and governance for Azure Integration Services (AIS). As environments grow with dozens of Logic Apps, Functions, APIM instances, etc., it becomes harder to maintain a strong security posture.

I’d like to hear from your experience: What are the most common security and governance blind spots people miss when building out their integration platforms on Azure?

To get us started, here are a few areas I'm thinking about:

1. Secret Management: Beyond just "use Key Vault," what are the subtle mistakes or challenges teams face?
2. Network Security: How critical is VNet integration and the use of Private Endpoints for services like Service Bus and Storage Accounts in your opinion? When is it overkill?
3. Monitoring & Observability: What are the best ways to get a single, unified view of a business transaction that flows through multiple Azure services for security auditing?

Looking forward to a great discussion and learning from the community's collective experience!"