You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/private-link/network-security-perimeter-concepts.md
+7-7Lines changed: 7 additions & 7 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,25 +1,25 @@
1
1
---
2
2
title: What is a network security perimeter?
3
-
description: Learn about the components of a network security perimeter, a feature that allows Azure PaaS resources to communicate within an explicit trusted boundary, or perimeter.
3
+
description: Learn about the components of network security perimeter, a feature that allows Azure PaaS resources to communicate within an explicit trusted boundary, or perimeter.
4
4
author: mbender-ms
5
5
ms.author: mbender
6
6
ms.service: azure-private-link
7
7
ms.topic: overview
8
-
ms.date: 12/3/2024
8
+
ms.date: 01/06/2025
9
9
ms.custom: references_regions, ignite-2024
10
10
#CustomerIntent: As a network security administrator, I want to understand how to use Network Security Perimeter to control network access to Azure PaaS resources.
11
11
---
12
12
13
13
# What is a network security perimeter?
14
14
15
-
A network security perimeter allows organizations to define a logical network isolation boundary for PaaS resources (for example, Azure Storage account and SQL Database server) that are deployed outside your organization’s virtual networks. It restricts public network access to PaaS resources within the perimeter; access can be exempted by using explicit access rules for public inbound and outbound.
15
+
Network security perimeter allows organizations to define a logical network isolation boundary for PaaS resources (for example, Azure Storage account and SQL Database server) that are deployed outside your organization’s virtual networks. It restricts public network access to PaaS resources within the perimeter; access can be exempted by using explicit access rules for public inbound and outbound.
16
16
17
17
For access patterns involving traffic from virtual networks to PaaS resources, see [What is Azure Private Link?](private-link-overview.md).
18
18
19
19
Features of a network security perimeter include:
20
20
21
-
- Resource to resource access communication within perimeter members, preventing data exfiltration to non-authorized destinations.
22
-
-Manage external public access with explicit rules for PaaS resources associated with the perimeter.
21
+
- Resource to resource access communication within perimeter members, preventing data exfiltration to nonauthorized destinations.
22
+
-External public access management with explicit rules for PaaS resources associated with the perimeter.
23
23
- Access logs for audit and compliance.
24
24
- Unified experience across PaaS resources.
25
25
@@ -42,7 +42,7 @@ A network security perimeter includes the following components:
42
42
|**Diagnostics settings**| Extension resource hosted by Microsoft Insights to collect logs & metrics for all resources in the perimeter. |
43
43
44
44
> [!NOTE]
45
-
> For organizational and informational safety, it is advised not to include any personally identifiable or sensitive data in the network security perimeter rules or other network security perimeter configurations.
45
+
> For organizational and informational safety, don't include any personally identifiable or sensitive data in the network security perimeter rules or other network security perimeter configurations.
46
46
47
47
## Network security perimeter properties
48
48
@@ -84,7 +84,7 @@ When a network security perimeter is created and the PaaS resources are associat
84
84
85
85
Access rules can be used to approve public inbound and outbound traffic outside the perimeter. Public inbound access can be approved using Network and Identity attributes of the client such as source IP addresses, subscriptions. Public outbound access can be approved using FQDNs (Fully Qualified Domain Names) of the external destinations.
86
86
87
-
For example, upon creating a network security perimeter and associating a set of PaaS resources like Azure Key Vault and SQL DB in enforced mode, with the perimeter, all incoming and outgoing public traffic is denied to these PaaS resources by default. To allow any access outside the perimeter, necessary access rules can be created. Within the same perimeter, profiles may also be created to group PaaS resources with similar set of inbound and outbound access requirements.
87
+
For example, upon creating a network security perimeter and associating a set of PaaS resources with the perimeter like Azure Key Vault and SQL DB in enforced mode, all incoming and outgoing public traffic is denied to these PaaS resources by default. To allow any access outside the perimeter, necessary access rules can be created. Within the same perimeter, profiles can be created to group PaaS resources with similar set of inbound and outbound access requirements.
88
88
89
89
## Onboarded private link resources
90
90
A network security perimeter-aware private link resource is a PaaS resource that can be associated with a network security perimeter. Currently the list of onboarded private link resources are as follows:
0 commit comments