Skip to content

Commit 69ae450

Browse files
PRMerger15PRMerger15
authored
Merge pull request #103036 from arv100kri/arv100kri/sql-mi
[Azure Search] Update SQL managed instance note
2 parents a77554d + df9b5e3 commit 69ae450

File tree

1 file changed

+6
-3
lines changed

1 file changed

+6
-3
lines changed

articles/search/search-howto-connecting-azure-sql-mi-to-azure-search-using-indexers.md

Lines changed: 6 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -31,11 +31,14 @@ Check the Network Security Group has the correct **Inbound security rules** that
3131
![NSG Inbound security rule](media/search-howto-connecting-azure-sql-mi-to-azure-search-using-indexers/nsg-rule.png "NSG Inbound security rule")
3232

3333
> [!NOTE]
34-
> You can choose to be more restrictive in the inbound access to your managed SQL instance by replacing the current rule (`public_endpoint_inbound`) with 2 rules:
34+
> Indexers still require that SQL Managed Instance be configured with a public endpoint in order to read data.
35+
> However, you can choose to restrict the inbound access to that public endpoint by replacing the current rule (`public_endpoint_inbound`) with the following 2 rules:
3536
>
36-
> * Allowing inbound access from the `AzureCognitiveSearch` [service tag](https://docs.microsoft.com/azure/virtual-network/service-tags-overview#available-service-tags) ("SOURCE" = `AzureCognitiveSearch`)
37+
> * Allowing inbound access from the `AzureCognitiveSearch` [service tag](https://docs.microsoft.com/azure/virtual-network/service-tags-overview#available-service-tags) ("SOURCE" = `AzureCognitiveSearch`, "NAME" = `cognitive_search_inbound`)
3738
>
38-
> * Allowing inbound access from the IP address of the search service, which can be obtained by pinging its fully qualified domain name (eg., `<your-search-service-name>.search.windows.net`). ("SOURCE" = `IP address`)
39+
> * Allowing inbound access from the IP address of the search service, which can be obtained by pinging its fully qualified domain name (eg., `<your-search-service-name>.search.windows.net`). ("SOURCE" = `IP address`, "NAME" = `search_service_inbound`)
40+
>
41+
> For each of those 2 rules, set "PORT" = `3342`, "PROTOCOL" = `TCP`, "DESTINATION" = `Any`, "ACTION" = `Allow`
3942
4043
## Get public endpoint connection string
4144
Make sure you use the connection string for the **public endpoint** (port 3342, not port 1433).

0 commit comments

Comments
 (0)