I am looking into PCI 3DS compliance in Azure. I have come across the document "PCI3DS_Azure_Shared_Responsibility_Matrix" which includes "Offerings in scope". This list of services does NOT include "App Services" or "Application Gateway". However this document (https://azure.microsoft.com/en-us/resources/azure-cloud-platform-for-pci-3ds/) describes the use of those out-of-scope services. What does it mean to me, that "App Services" and "Application Gateway" are not in scope?