3

Does creating a private endpoint for an azure service automatically completely lock it down from public access? or does this need to be explicitly done?

I am checking for Azure Storage right now, but would like to know how it works for all Azure PAAS services.

TeeDee
  • 1,450
  • 1
  • 13
  • 15

1 Answers1

2

By default when you create a Private Endpoint in the Azure Portal it will automatically lock out public access. You can, however, turn public or broader access back on using the Networking tab and updating the firewall settings. (As you implement Private Endpoints, please make note of the DNS configuration/requirements. That's been my major stumbling area.)

Mike
  • 346
  • 1
  • 6
  • Thanks Mike. Do you know if it's the same with Service endpoints? Do they stop public access? – TeeDee Apr 23 '21 at 21:52
  • Service Endpoints operate by adding routes to allow traffic out of the virtual network to reach the public endpoint of the service selected. It does not disable public endpoints. It essentially does the same thing as private endpoints, but doesn't create a private IP address. To disable public access, you really need to configure vnet traffic on the firewall settings. If you are worried about someone changing it after the face, you can put a read-only lock on the resource. For a storage account, that'll also prevent anyone from viewing the access keys as well. – Mike Apr 24 '21 at 01:29