Why ceating private endpoint in existing key vault blocks the public access from all network as well as selected network fails?

Question

In Key Vault, Customer firewall is set to public and some to selected network with list of IPs. As soon as we create private endpoint, all other previous connection with pubic/selected network fails. But based on below documentation, I would like establish hybrid access, means out of 100 connection to key vault, 50 can use private end point and another 50 can still use public end point.

https://learn.microsoft.com/en-us/azure/key-vault/general/private-link-diagnostics#3-confirm-that-the-key-vault-firewall-is-properly-configured

In this link it says "You have an hybrid system where some clients use private links, some use service endpoints, some use public IP address." Which means hybrid connection approach is possible

Answer 1

Hi @Dinesh Madhup

The Documentation is correct - Enabling the Azure Key Vault's Private Endpoint should typically have no effect on the Key Vault's Public Access as long as the Firewall allows it. However there was an issue recently reported that the Public Access Allow/Deny state can reset or stick to Deny when enabling Private Endpoints. We've released a fix, though you'll need to restart your Azure Portal session.

A known workaround is to enable Public Access through CLI or PowerShell instead of the Azure Portal - Please let us know if this continues to be an issue so we can review further.

Configure Azure Key Vault networking settings - CLI

--------------------------------------------------------

Let me know if you need additional assistance. If the answer was helpful, please accept it and complete the quality survey so that others can find a solution.