Hello Mukthiyar Hussain Y S,
Greetings! Welcome to Microsoft Q&A Platform.
To update the network parameters of data disks and assign existing disk access in an Azure Resource Manager (ARM) template,
In your ARM template, you can define the data disks using the Microsoft.Compute/disks resource type. Specify the diskSizeGB, lun (logical unit number), and the vhd URI for each data disk.
Here’s an example snippet for a managed data disk:
"dataDisks": [
{
"name": "datadisk1",
"diskSizeGB": 1023,
"lun": 0,
"vhd": {
"uri": "[concat(reference(resourceId('Microsoft.Storage/storageAccounts/', variables('storageAccountName'))).primaryEndpoints.blob, 'vhds/datadisk1.vhd')]"
},
"createOption": "Empty"
}
]
To update network parameters, ensure that your virtual machine (VM) template includes the necessary network configuration and within the networkProfile
section of your VM template, specify the network interfaces (NICs) and their dependencies.
Enabling Private Endpoint with Private Access Link
for Azure VM
disks will provide more security and control over accessing the disk, but it does not prevent access from other Azure resources
or within the Azure Virtual Network
.
If you disable the public access on the Azure VM
disk will restrict access from the public internet and does not provide the same level of isolation and control as using Private Endpoint and Private Access Link
.
The recommendation to use Private Endpoint
with Private Access Link
for Azure VM
disks with public access aims to provide a high secure solution that aligns with best practices for network security.
Here is the updated script to disable public access on all VM disks that have public access enabled.
#Get all VM disks with public access enabled
$disks = Get-AzDisk | Where-Object { $_.DiskState -eq 'Attached' -and $_.DiskSizeGB -gt 0 -and $_.PublicAccess -eq 'Enabled' }
#Disable public access for each disk
foreach ($disk in $disks) {
Write-Host "Disabling public access for disk $($disk.Name)..."
# Update the disk with public access disabled
$disk | New-AzDiskUpdateConfig -PublicNetworkAccess "Disabled" -NetworkAccessPolicy "AllowPrivate"
Write-Host "Public access disabled for disk $($disk.Name)."
}
To assign existing disk access, ensure that the existing disks are already attached to the VM. You can reference the existing disks’ URIs in the vhd
property of the data disks.
For example, if you have an existing OS disk, you can use its URI like this:
"osDisk": {
"name": "osdisk",
"vhd": {
"uri": "[concat(reference(resourceId('Microsoft.Storage/storageAccounts/', variables('storageAccountName'))).primaryEndpoints.blob, 'vhds/osdisk.vhd')]"
},
"caching": "ReadWrite",
"createOption": "FromImage"
}
refer - https://learn.microsoft.com/en-us/azure/virtual-machines/using-managed-disks-template-deployments, https://learn.microsoft.com/en-us/azure/templates/microsoft.compute/disks?pivots=deployment-language-arm-template, https://learn.microsoft.com/en-us/azure/private-link/create-private-endpoint-template, https://learn.microsoft.com/en-us/azure/virtual-machines/disks-restrict-import-export-overview.
Similar thread for reference - https://stackoverflow.com/questions/68385774/how-to-set-os-disks-networking-to-allowprivate-private-endpoint-through-disk
Hope this answer helps! Please let us know if you have any further queries. I’m happy to assist you further.
Please "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.