Just like in the Speaker API, add the authorization to the Conferences API.

This is probably some code which needs to be added in the Startup and configuration. Of course, it also needs the settings being added in the ARM template.

Just like the Conferences API, the Speaker API needs to be VNet integrated also.

This should only be a change in the ARM template.

The Speaker & Conferences API's now keep their state using an in-memory list.

It would be better to use something else for this. My suggestion is to use the Serverless offering of Cosmos DB for this to keep costs to a minimum.
Connecting to it should be done by using the managed identity of the App Service.

It will make the ARM template much more readable & reusable.

Also, use the copy() function to deploy the App Services and split the appSettings and other config stuff from the App Service deployment template.

Describe what you want to do in this project, how it works and how to set it up for yourself.

The API's should be deployed the their respective App Services
The Azure Functions (workers) should be deployed to their respective Function Apps.

Everything should be deployed via the ARM templates in this repository. The complete solution is being deployed via Azure DevOps now, but has to be migrated over here.

Only allow HTTPS traffic and at least TLS1.2.

Can be handled via ARM template.

The Speaker API & Conferences API are using configuration settings from an App Registration inside the Azure Active Directory.

A script should be added to the create these App Registrations.
Also, the front-end API needs to be granted a role (Reader and/or Writer) to the Speaker- & Conferences API. I also want this to be in the script, or in a different script if you prefer.

Some work has already been done in the branch https://github.com/Jandev/secure-apis/tree/feature/creating-app-registrations-in-script but needs to be finished accordingly.