Hi,
I do not pretend to be an expert but I will share my understanding and the sources I used to get that understanding.
- The question is why is an ELB deployed with VNET integrated Data Explorer cluster?
Since you are deploying a cluster, you need a way to set redundancy and to split the load.
According to the subnet size (https://learn.microsoft.com/en-us/azure/data-explorer/vnet-deployment#plan-subnet-size-in-your-vnet) it seems that the pair of load balancers is Zonal (https://learn.microsoft.com/en-us/azure/load-balancer/load-balancer-standard-availability-zones#zonal) so you have 2 ELB in two zones.
- What are the use cases for the private endpoint for Data Explorer and which one is recommended?
I won't go into the details of a use case for Data Explorer since I'm not familiar enought with it. But I can talk about Private Endpoint in general.
"[A]ny routes in your virtual network that force internet traffic to your on-premises and/or virtual appliances also force Azure service traffic to take the same route as the internet traffic."
"Endpoints always take service traffic directly from your virtual network to the service on the Microsoft Azure backbone network. Keeping traffic on the Azure backbone network allows you to continue auditing and monitoring outbound Internet traffic from your virtual networks, through forced-tunneling, without impacting service traffic."
In other words, traffic without endpoints is flowing into public sector and COULD be seen by others. With private endpoint, no.
Your choice should be guided by your data. PII should be isolated, public data might not require that level of protection.
Hope it helps.