You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
- If you intend to use the Azure CLI, [install the latest version](/cli/azure/install-azure-cli).
33
33
34
34
## Create the private endpoints
35
-
When you are creating a private endpoint for an Azure resource, the following resources are deployed:
35
+
When you create a private endpoint for an Azure resource, the following resources are deployed:
36
36
37
-
-**A private endpoint**: An Azure resource representing either the private endpoint for the storage account or the Storage Sync Service. You can think of this as a resource that connects your Azure resource and a network interface.
37
+
-**A private endpoint**: An Azure resource representing either the private endpoint for the storage account or the Storage Sync Service. Think of this as a resource that connects your Azure resource and a network interface.
38
38
-**A network interface (NIC)**: The network interface that maintains a private IP address within the specified virtual network/subnet. This is the exact same resource that gets deployed when you deploy a virtual machine, however instead of being assigned to a VM, it's owned by the private endpoint.
39
39
-**A private DNS zone**: If you've never deployed a private endpoint for this virtual network before, a new private DNS zone will be deployed for your virtual network. A DNS A record will also be created for Azure resource in this DNS zone. If you've already deployed a private endpoint in this virtual network, a new A record for Azure resource will be added to the existing DNS zone. Deploying a DNS zone is optional, however highly recommended to simplify the DNS management required.
40
40
@@ -584,13 +584,21 @@ When you restrict the storage account to specific virtual networks, you are allo
584
584
---
585
585
586
586
### Disable access to the Storage Sync Service public endpoint
587
-
Azure File Sync enables you to restrict access to specific virtual networks through private endpoints only; Azure File Sync does not support service endpoints for restricting access to the public endpoint to specific virtual networks. This means that the two states for the Storage Sync Service's public endpoint are enabled and disabled.
587
+
Azure File Sync enables you to restrict access to specific virtual networks through private endpoints only; Azure File Sync doesn't support service endpoints for restricting access to the public endpoint to specific virtual networks. This means that the two states for the Storage Sync Service's public endpoint are **enabled** and **disabled**.
588
+
589
+
> [!IMPORTANT]
590
+
> You must create a private endpoint before disabling access to the public endpoint. If the public endpoint is disabled and there's no private endpoint configured, sync can't work.
588
591
589
592
# [Portal](#tab/azure-portal)
590
-
This is not possible through the Azure portal. Please select the Azure PowerShell tab to get instructions on how to disable the Storage Sync Service public endpoint.
593
+
To disable access to the Storage Sync Service's public endpoint, follow these steps:
594
+
595
+
1. Sign in to the [Azure portal](https://portal.azure.com?azure-portal=true).
596
+
1. Navigate to the Storage Sync Service and select **Settings** > **Network** from the left navigation.
597
+
1. Under **Allow access from**, select **Private endpoints only**.
598
+
1. Select a private endpoint from the **Private endpoint connections** list.
591
599
592
600
# [PowerShell](#tab/azure-powershell)
593
-
To disable access to the Storage Sync Service's public endpoint, we will set the `incomingTrafficPolicy` property on the Storage Sync Service to `AllowVirtualNetworksOnly`. If you would like to enable access to the Storage Sync Service's public endpoint, set `incomingTrafficPolicy` to `AllowAllTraffic` instead. Remember to replace `<storage-sync-service-resource-group>` and `<storage-sync-service>`.
601
+
To disable access to the Storage Sync Service's public endpoint, set the `incomingTrafficPolicy` property on the Storage Sync Service to `AllowVirtualNetworksOnly`. If you want to enable access to the Storage Sync Service's public endpoint, set `incomingTrafficPolicy` to `AllowAllTraffic` instead. Remember to replace `<storage-sync-service-resource-group>` and `<storage-sync-service>` with your own values.
0 commit comments