Azure for AWS professionals - Networking - Azure - 03 Service Endpoints
@20aman Oct 13, 2019Note that this post is a part of the series. You can view all posts in this series here: Azure for AWS professionals - Index
Service Endpoints in Azure Virtual Networks provide the ability to connect to various Microsoft public services (like Azure SQL and Azure storage) securely. From official documentation: "The endpoints also extend the identity of your VNet to the Azure services over a direct connection. Endpoints allow you to secure your critical Azure service resources to only your virtual networks. Traffic from your VNet to the Azure service always remains on the Microsoft Azure backbone network.".
When you enable Service Endpoints, the IP address for a Microsoft service, switches from a public IP address to a private IP address. If you have any firewall rules in place then those will need to be updated. E.g. a VM connecting to a Microsoft Azure SQL database.
Note that a service endpoint is always enabled on a Subnet level.
To begin, navigate to the Virtual Networks and select the virtual network you require. Under settings menu, click on the "Service endpoints". To create a new service endpoint click on the "+Add" button.
You are prompted to enter a service. You can pick from one of the service available. Microsoft.Storage and Microsoft.Sql are the most common use cases from the list. Microsoft keeps updating this list over a period of time.
Once the service is selected, next select the subnet for which you want to enable the service endpoint. Hit Ok and you are done. It will take some time for the configurations to finish at the backend, but now you will have connectivity from your network to the service leveraging private IP addresses internally (instead of public IP addresses).
For more information check this link: Virtual Network service endpoints