I am trying to add new ip addresses to the whitelist of Azure AppService. I am unable to use XML Transformation or simply replace tokens as the needed list of new entries will be obtained in the beginning of the release and not before. I am also unable to modify the content of the zipped site (published with /p:DeployOnBuild=True). The deployment is done using "Azure App Service Deploy" task. I know of Set-AzureRMWebApp cmdlet but it only allows to modify the appSettings and connectionStrings sections. It there any other solution?

Using Set-AzureRMResource PowerShell command:

$r = Get-AzureRmResource -ResourceGroupName "Resoucegroup name" -ResourceType Microsoft.Web/sites/config -ResourceName resourcename/web -ApiVersion 2016-08-01

$p = $r.Properties
$p.ipSecurityRestrictions = @()
$restriction = @{}
$restriction.Add("ipAddress","0.0.0.0")
$restriction.Add("subnetMask","0.0.0.0")
$p.ipSecurityRestrictions+= $restriction

Set-AzureRmResource -ResourceGroupName  "Resoucegroup name" -ResourceType Microsoft.Web/sites/config -ResourceName resourcename/web -ApiVersion 2016-08-01 -PropertyObject $p

A Related thread: Azure Resource Manager IP Security Restrictions using Powershell

Another way is that you can publish project with FileSystem method:

Some Build Tasks:

1. Visual Studio Build (MSBuild Arguments: /p:SkipInvalidConfigurations=true /p:DeployOnBuild=true /p:WebPublishMethod=FileSystem /p:publishUrl="$(build.artifactstagingdirectory)\\" /p:DeployDefaultTarget=WebPublish)
2. Publish Build Artifacts (Path to Publish: $(build.artifactstagingdirectory))

Release Tasks:

1. Replace token or Other tasks to update web.config (Could use File Transform & Variable Substitution in Azure App Service Deploy task)
2. Azure App Service Deploy (1. Uncheck Publish using WebDeloy option 2. Package or folder: $(System.DefaultWorkingDirectory)