service endpoint for azure files from on premises

Containers ToGo 1 Reputation point
2022-10-07T13:23:49.203+00:00

I wish to confirm support for access "Azure Files" file sharing PaaS service over SMB protocol from on-premises devices while using Azure VPN Gateway with site to site connection from on-premises to Azure and accessing Azure Files shares over Azure service endpoint.

Documentation is clear that private link service is supported. I also think I've read that service endpoint is supported from devices "within the vNet". If I have an on-premises device that accesses the file share from on-premises over site to site VPN connection, can they map a drive if the VPN connection is natted over an IPv4 address and the natted address is added to the storage account firewall? Have read mixed messages. Some say that on-premises is not available over service endpoint, while others say it is. Please advise. Thank you very much!

Azure Files
Azure Files
An Azure service that offers file shares in the cloud.
1,176 questions
Azure VPN Gateway
Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
1,401 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. msrini-MSFT 9,261 Reputation points Microsoft Employee
    2022-10-08T05:46:45.637+00:00

    Hi,

    Service endpoints are used to access PaaS services over backbone from Azure VNETs. As you mentioned in the post, Private Endpoints can be used when you want to access Storage over S2S or ER over private network.

    https://learn.microsoft.com/en-us/azure/virtual-network/virtual-network-service-endpoints-overview#secure-azure-service-access-from-on-premises

    As stated in this doc, here the NAT reference is only for the public or Microsoft peering not for the private peering of ER.

    Regards,
    Karthik Srinivas

    0 comments No comments