|
1 | 1 | --- |
2 | 2 | title: Create and use private endpoints for Azure Backup |
3 | 3 | description: Understand the process to creating private endpoints for Azure Backup where using private endpoints helps maintain the security of your resources. |
4 | | -ms.topic: conceptual |
5 | | -ms.date: 11/09/2021 |
| 4 | +ms.topic: how-to |
| 5 | +ms.date: 10/28/2022 |
6 | 6 | ms.custom: devx-track-azurepowershell |
7 | 7 | author: v-amallick |
8 | 8 | ms.service: backup |
@@ -32,6 +32,23 @@ Private endpoints for Backup can be only created for Recovery Services vaults th |
32 | 32 |
|
33 | 33 | See [this section](#create-a-recovery-services-vault-using-the-azure-resource-manager-client) to learn how to create a vault using the Azure Resource Manager client. This creates a vault with its managed identity already enabled. |
34 | 34 |
|
| 35 | +## Deny public network access to the vault |
| 36 | + |
| 37 | +You can configure your vaults to deny access from public networks. |
| 38 | + |
| 39 | +Follow these steps: |
| 40 | + |
| 41 | +1. Go to the *vault* > **Networking**. |
| 42 | + |
| 43 | +2. On the **Public access** tab, select **Deny** to prevent access from public networks. |
| 44 | + |
| 45 | + :::image type="content" source="./media/backup-azure-private-endpoints/deny-public-network.png" alt-text="Screenshot showing how to select the Deny option."::: |
| 46 | + |
| 47 | + >[!Note] |
| 48 | + >Once you deny access, you can still access the vault, but you can't move data to/from networks that don't contain private endpoints. For more information, see [Create private endpoints for Azure Backup](#create-private-endpoints-for-azure-backup). |
| 49 | +
|
| 50 | +3. Select **Apply** to save the changes. |
| 51 | + |
35 | 52 | ## Enable Managed Identity for your vault |
36 | 53 |
|
37 | 54 | Managed identities allow the vault to create and use private endpoints. This section talks about enabling the managed identity for your vault. |
@@ -218,7 +235,7 @@ Once the private endpoints created for the vault in your VNet have been approved |
218 | 235 |
|
219 | 236 | In the VM in the locked down network, ensure the following: |
220 | 237 |
|
221 | | -1. The VM should have access to AAD. |
| 238 | +1. The VM should have access to Azure AD. |
222 | 239 | 2. Execute **nslookup** on the backup URL (`xxxxxxxx.privatelink.<geo>.backup.windowsazure.com`) from your VM, to ensure connectivity. This should return the private IP assigned in your virtual network. |
223 | 240 |
|
224 | 241 | ### Configure backup |
|
0 commit comments