You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/private-link/private-link-faq.yml
+6-6Lines changed: 6 additions & 6 deletions
Original file line number
Diff line number
Diff line change
@@ -75,7 +75,7 @@ sections:
75
75
- question: |
76
76
Do all Azure services reside in the Azure virtual network that the customer provides? How does a virtual network service endpoint work with Azure services?
77
77
answer: |
78
-
Not all Azure services reside in the customer's virtual network. Most Azure data services (such as Azure Storage, Azure SQL, and Azure Cosmos DB) are multitenant services that can be accessed over public IP addresses. For more information, see [Deploy dedicated Azure services into virtual networks](virtual-network-for-azure-services.md).
78
+
Not all Azure services reside in the customer's virtual network. Most Azure data services (such as Azure Storage, Azure SQL, and Azure Cosmos DB) are multitenant services that can be accessed over public IP addresses. For more information, see [Deploy dedicated Azure services into virtual networks](/azure/virtual-network/vnet-integration-for-azure-services).
79
79
80
80
When you turn on virtual network service endpoints on the network side, and set up appropriate virtual network ACLs on the Azure service side, access to an Azure service is restricted to an allowed virtual network and subnet.
81
81
@@ -164,7 +164,7 @@ sections:
164
164
answer: |
165
165
Service endpoints add a system route that takes precedence over Border Gateway Protocol (BGP) routes and provides optimum routing for the service endpoint traffic. Service endpoints always take service traffic directly from your virtual network to the service on the Microsoft Azure backbone network.
166
166
167
-
For more information about how Azure selects a route, see [Virtual network traffic routing](virtual-networks-udr-overview.md).
167
+
For more information about how Azure selects a route, see [Virtual network traffic routing](/azure/virtual-network/virtual-networks-udr-overview).
168
168
169
169
- question: |
170
170
Do service endpoints work with ICMP?
@@ -190,12 +190,12 @@ sections:
190
190
answer: |
191
191
You can use virtual network service endpoint policies to filter virtual network traffic to Azure services, allowing only specific Azure service resources over the service endpoints. Endpoint policies provide granular access control from the virtual network traffic to the Azure services.
192
192
193
-
To learn more, see [Virtual network service endpoint policies for Azure Storage](virtual-network-service-endpoint-policies-overview.md).
193
+
To learn more, see [Virtual network service endpoint policies for Azure Storage](/azure/virtual-network/virtual-network-service-endpoint-policies-overview).
194
194
195
195
- question: |
196
196
Does Microsoft Entra ID support virtual network service endpoints?
197
197
answer: |
198
-
Microsoft Entra ID doesn't support service endpoints natively. For a complete list of Azure services that support virtual network service endpoints, see [Virtual network service endpoints](./virtual-network-service-endpoints-overview.md).
198
+
Microsoft Entra ID doesn't support service endpoints natively. For a complete list of Azure services that support virtual network service endpoints, see [Virtual network service endpoints](/azure/virtual-network/virtual-network-service-endpoints-overview).
199
199
200
200
In that list, the *Microsoft.AzureActiveDirectory* tag listed under services that support service endpoints is used for supporting service endpoints to Azure Data Lake Storage Gen1. [Virtual network integration for Data Lake Storage Gen1](../data-lake-store/data-lake-store-network-security.md?toc=%2fazure%2fvirtual-network%2ftoc.json) makes use of the virtual network service endpoint security between your virtual network and Microsoft Entra ID to generate additional security claims in the access token. These claims are then used to authenticate your virtual network to your Data Lake Storage Gen1 account and allow access.
201
201
@@ -236,12 +236,12 @@ sections:
236
236
answer: |
237
237
You can use virtual network service endpoint policies to filter virtual network traffic to Azure services, allowing only specific Azure service resources over the service endpoints. Endpoint policies provide granular access control from the virtual network traffic to the Azure services.
238
238
239
-
To learn more, see [Virtual network service endpoint policies for Azure Storage](virtual-network-service-endpoint-policies-overview.md).
239
+
To learn more, see [Virtual network service endpoint policies for Azure Storage](/azure/virtual-network/virtual-network-service-endpoints-overview).
240
240
241
241
- question: |
242
242
Does Microsoft Entra ID support virtual network service endpoints?
243
243
answer: |
244
-
Microsoft Entra ID doesn't support service endpoints natively. For a complete list of Azure services that support virtual network service endpoints, see [Virtual network service endpoints](./virtual-network-service-endpoints-overview.md).
244
+
Microsoft Entra ID doesn't support service endpoints natively. For a complete list of Azure services that support virtual network service endpoints, see [Virtual network service endpoints](/azure/virtual-network/virtual-network-service-endpoints-overview).
245
245
246
246
In that list, the *Microsoft.AzureActiveDirectory* tag listed under services that support service endpoints is used for supporting service endpoints to Azure Data Lake Storage Gen1. [Virtual network integration for Data Lake Storage Gen1](../data-lake-store/data-lake-store-network-security.md?toc=%2fazure%2fvirtual-network%2ftoc.json) makes use of the virtual network service endpoint security between your virtual network and Microsoft Entra ID to generate additional security claims in the access token. These claims are then used to authenticate your virtual network to your Data Lake Storage Gen1 account and allow access.
Copy file name to clipboardExpand all lines: articles/virtual-network/virtual-network-service-endpoints-overview.md
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -83,7 +83,7 @@ The following table compares Azure Service Endpoints and Private Endpoints acros
83
83
| Scope | Per service | Per instance |
84
84
| Connectivity | Uses Azure PaaS public IP; traffic goes over Azure backbone | PaaS resource gets a private IP in your VNET; traffic stays within the VNET |
85
85
| Data Security | Traffic leaves VNET to Azure backbone | No data exfiltration; traffic remains private |
86
-
| On-Premises Connectivity | Not supported natively; requires public IP whitelisting | Supported via ExpressRoute and VPN |
86
+
| On-Premises Connectivity | Not supported natively; requires public IP added to allow list.| Supported via ExpressRoute and VPN |
87
87
| UDRs and NSGs | No specific overlaps; traffic can bypass endpoint | May require special configuration to avoid bypass |
88
88
| Data Protection | Requires integration with firewall/NVA for exfiltration protection | Built-in data protection |
89
89
| Cost | No additional cost | Charged based on traffic and number of endpoints |
0 commit comments