Basic and other lower tiers of Azure API Management do not allow the use of Azure VNet. This may allow the clients to access your APIs directly. Thus increasing attack surface.
In Azure Console -
In Terraform -
References:
https://learn.microsoft.com/en-us/azure/api-management/
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management#sku_name