When using APIM how do you prevent circumventing APIM to go straight to backend?

[onionhammer]

Please provide us with the following information:

This issue is for a: (mark with an x)

- [ ] bug report -> please search issues before submitting
- [ ] feature request
- [x] documentation issue or request
- [ ] regression (a behavior that used to work and stopped in a new release)

It seems from the example that APIM would provide no protection to the container apps if the underlying FQDN was known

[rajesh-ms]

You can either use key to represent APIM or enable mTLS