I noticed that the database server address is a public endpoint. Does this mean that the access request goes through the internet before it reaches the server if my app visits a database in the same datacenter?
No. The Azure datacenter’s network routing deduces that this is one of its own addresses and directly routes the request to the IP address via the datacenter’s internal network. This way of routing is more secure, so there is less concern about third parties monitoring query requests or results. However, if your app and database are not in the same datacenter, database query requests and results do go through the Internet. In this situation, we recommend that you use Secure Sockets Layer (SSL) to ensure the privacy of data transfers. For more information about SSL connections, see Use SSL to securely access MySQL Database on Azure.