Why cannot access Azure DevOps when using private endpoint and vnet integration on my app service?

Rafael Asprilla 1 Reputation point
2022-08-29T16:10:51.513+00:00

We have integrated virtual firewalls to protect our azure assets but while configuring the app services our development team raised a concern that the azure devops git connection they have configured to sync th code of the app services was not working. As far as the functionality of the app service it can access internet and external resources using urls but cannot sync with azure devops on the Deployment center. Can you suggest a reason for this?

Azure Private Link
Azure Private Link
An Azure service that provides private connectivity from a virtual network to Azure platform as a service, customer-owned, or Microsoft partner services.
470 questions
Not Monitored
Not Monitored
Tag not monitored by Microsoft.
36,255 questions
Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
6,958 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. msrini-MSFT 9,261 Reputation points Microsoft Employee
    2022-08-30T04:43:48.317+00:00

    Hi,

    If you create a Private Endpoint for App Service, then Private Endpoint would be the inbound endpoint and all other access to App Service will be blocked. You can only access your App Service by sending traffic to the IP of the Private Endpoint which is deployed in your VNET.

    In your case, when Azure DevOps tries to reach the App Service, it might get the Public IP resolution and tries to reach the App Service via the Public Endpoint which is why the traffic is blocked.

    So, you will need to make sure that your DevOps is integrated to a VNET which is linked to the Private DNS Zone, so the DNS resolution of the DevOps to App Service will point to the Private Endpoint IP.

    Regards,
    Karthik Srinivas

    0 comments