Skip to content

Commit 27ea2c1

Browse files
PRMerger15PRMerger15
authored
Merge pull request #174881 from noakup/master
adding links to the configuration article from the Private Link design article
2 parents 4322bd2 + 39bbf06 commit 27ea2c1

File tree

1 file changed

+4
-1
lines changed

1 file changed

+4
-1
lines changed

articles/azure-monitor/logs/private-link-design.md

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -62,9 +62,10 @@ Choosing the proper access mode has detrimental effects on your network traffic.
6262
![Diagram of AMPLS Open access mode](./media/private-link-security/ampls-open-access-mode.png)
6363
Access modes are set separately for ingestion and queries. For example, you can set the Private Only mode for ingestion and the Open mode for queries.
6464

65-
6665
Apply caution when selecting your access mode. Using the Private Only access mode will block traffic to resources not in the AMPLS across all networks that share the same DNS, regardless of subscription or tenant (with the exception of Log Analytics ingestion requests, as explained below). If you can't add all Azure Monitor resources to the AMPLS, start with by adding select resources and applying the Open access mode. Only after adding *all* Azure Monitor resources to your AMPLS, switch to the 'Private Only' mode for maximum security.
6766

67+
See [Use APIs and command line](./private-link-configure.md#use-apis-and-command-line) for configuration details and examples.
68+
6869
> [!NOTE]
6970
> Log Analytics ingestion uses resource-specific endpoints. As such, it doesn’t adhere to AMPLS access modes. **To assure Log Analytics ingestion requests can’t access workspaces out of the AMPLS, set the network firewall to block traffic to public endpoints, regardless of the AMPLS access modes**.
7071
@@ -100,6 +101,8 @@ That granularity allows you to set access according to your needs, per workspace
100101

101102
Blocking queries from public networks means clients (machines, SDKs etc.) outside of the connected AMPLSs can't query data in the resource. That data includes logs, metrics, and the live metrics stream. Blocking queries from public networks affects all experiences that run these queries, such as workbooks, dashboards, Insights in the Azure portal, and queries run from outside the Azure portal.
102103

104+
See [Set resource access flags](./private-link-configure.md#set-resource-access-flags) for configuration details.
105+
103106
### Exceptions
104107

105108
#### Diagnostic logs

0 commit comments

Comments
 (0)