You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/azure-monitor/platform/private-link-security.md
+8-5Lines changed: 8 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -16,11 +16,11 @@ ms.subservice:
16
16
17
17
With Private Link you can:
18
18
19
-
- Connect to Azure Monitor without opening up any public network access
20
-
- Keep all traffic inside the Microsoft Network
21
-
- Restrict access to your monitoring data to only authorized private links
22
-
- Stop data exfiltration from your networks by only authorizing access to specific resources, and block access to all destinations
19
+
- Connect privately to Azure Monitor without opening up any public network access
20
+
- Ensure your monitoring data is only accessed through authorized private networks
21
+
- Prevent data exfiltration from your private networks by defining specific Azure Monitor resources connect thru your private endpoint
23
22
- Securely connect your private on-premises network to Azure Monitor using ExpressRoute and Private Link
23
+
- Keep all traffic inside the Microsoft Azure backbone network
24
24
25
25
For more information, see [Key Benefits of Private Link](../../private-link/private-link-overview.md#key-benefits)
26
26
@@ -52,7 +52,10 @@ If the answer to any of these questions is yes, set the restrictions as explaine
52
52
Remember – you can connect the same workspaces or application to multiple AMPLS, to allow them to be reached by different networks.
53
53
54
54
### Group together Monitoring resources by network accessibility
55
-
Since each VNet can connect to only one AMPLS resource, you must group together monitoring resources that should be accessible to the same networks. The simplest way to manage this is to create one AMPLS per VNet, and select the resources to connect to that network. However, to reduce resources and improve manageability, you may want to reuse an AMPLS across network. For example, if your internal virtual networks VNet1 and VNet2 should connect to workspaces Workspace1 and Workspace2 and Application Insights component Application Insights 3, associate all three resources to the same AMPLS. If VNet3 should only access Workspace1, create another AMPLS resource, associate Workspace1 to it and connect VNet3 as shown in the following diagrams:
55
+
56
+
Since each VNet can connect to only one AMPLS resource, you must group together monitoring resources that should be accessible to the same networks. The simplest way to manage this is to create one AMPLS per VNet, and select the resources to connect to that network. However, to reduce resources and improve manageability, you may want to reuse an AMPLS across network.
57
+
58
+
For example, if your internal virtual networks VNet1 and VNet2 should connect to workspaces Workspace1 and Workspace2 and Application Insights component Application Insights 3, associate all three resources to the same AMPLS. If VNet3 should only access Workspace1, create another AMPLS resource, associate Workspace1 to it, and connect VNet3 as shown in the following diagrams:
56
59
57
60
0 commit comments