Skip to content

Commit 5cd61bb

Browse files
spelluruspelluru
committed
Firewall and network rules - private endpoints
1 parent de4b05a commit 5cd61bb

File tree

1 file changed

+5
-4
lines changed

1 file changed

+5
-4
lines changed

articles/event-grid/consume-private-endpoints.md

Lines changed: 5 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@
22
title: Deliver events using private link service
33
description: This article describes how to work around the limitation of not able to deliver events using private link service.
44
ms.topic: how-to
5-
ms.date: 03/01/2023
5+
ms.date: 08/16/2023
66
---
77

88
# Deliver events using private link service
@@ -42,9 +42,10 @@ To deliver events to Storage queues using managed identity, follow these steps:
4242
1. [Add the identity to the **Storage Queue Data Message Sender**](../storage/blobs/assign-azure-role-data-access.md) role on Azure Storage queue.
4343
1. [Configure the event subscription](managed-service-identity.md#create-event-subscriptions-that-use-an-identity) that uses a Storage queue as an endpoint to use the system-assigned or user-assigned managed identity.
4444

45-
> [!NOTE]
46-
> - If there's no firewall or virtual network rules configured for the Azure Storage account, you can use both user-assigned and system-assigned identities to deliver events to the Azure Storage account.
47-
> - If a firewall or virtual network rule is configured for the Azure Storage account, you can use only the system-assigned managed identity if **Allow Azure services on the trusted service list to access the storage account** is also enabled on the storage account. You can't use user-assigned managed identity whether this option is enabled or not.
45+
## Firewall and virtual network rules
46+
If there's no firewall or virtual network rules configured for the destination Storage account, Event Hubs namespace, or Service Bus namespace, you can use both user-assigned and system-assigned identities to deliver events.
47+
48+
If a firewall or virtual network rule is configured for the destination Storage account, Event Hubs namespace, or Service Bus namespace, you can use only the system-assigned managed identity if **Allow Azure services on the trusted service list to access the storage account** is also enabled on the destinations. You can't use user-assigned managed identity whether this option is enabled or not.
4849

4950
## Next steps
5051
For more information about delivering events using a managed identity, see [Event delivery using a managed identity](managed-service-identity.md).

0 commit comments

Comments
 (0)