To understand the scope of security considerations to have about this resource, you should know that the Integration Account is a specialized storage, it does not do processing. The multi-tenant implementation for XML validation, Flat File encode-decode and transforms, is to host the functionality in Azure Function for isolation. B2B / EDI connectors (AS2, EDIFACT, X12) also using Integration Account have two generations, the first is hosted on a web app, the later is running directly with the Logic App service.
The Azure Function fetches from the Integration Account the schemas and maps. Another way to look at this is that the XML payload is not sent to the Integration Account for validation.
Both generations of B2B connectors will retrieve the agreement, schema, etc. from the Integration Account. The EDI payload here also is not sent to the Integration Account for processing.
All communications are over HTTPS and hence encrypted.
Within the same region, the network routing will happen through Azure backbone.
The AS2, X12, EDIFACT connectors can actually support cross region as well, which requires the traffic to go over the public internet. One reason to use Integration Account cross region is when you want to setup a recovery site in a different tectonic plate, and want to maintain the EDI state for resuming your business operations as close as possible to current state upon fail-over. More about that in our public documentation Set up cross-region disaster recovery for integration accounts in Azure Logic Apps.
