Hello Marcia,
There are many considerations on this implementation let me start responding your Azure network question, Yes you can private private link to Azure monitor services (https://learn.microsoft.com/en-us/azure/azure-monitor/logs/private-link-security) however the traffic that you want to securize is originated from Azure monitor like below escenaries:
- Escenarie 1: Alerts call webhook of Dynatrace Activegate server.
Azure monitor ---Send Alert(Outbound)--> Activegate
- Escenarie 2: Alerts trigger logic apps and logic apps send to Activegate server.
Azure monitor --Trigger(Outbound)-->Logic Apps workflow
https://learn.microsoft.com/en-us/azure/azure-monitor/alerts/alerts-logic-apps?tabs=send-email
Private Link is primarily designed for inbound traffic, meaning it allows Azure resources to securely access Azure PaaS services over a private IP address within your virtual network1.
So from the network perspective you can focus to securize the incoming traffic to Activegate Server from Azure monitor :
Activegate server <-- Receive Alerts(Incomming) -- Azure monitor
To securize this communication you can add an NSG (if it isn't deployed yet) and only add a network rule for your Activegate server:
# Variables (replace with your actual values)
resourceGroup="<resource-group-name>"
nsgName="<nsg-name>"
ruleName="<rule-name>"
# Create the inbound rule
az network nsg rule create --resource-group $resourceGroup --nsg-name $nsgName --name $ruleName --protocol Tcp --direction Inbound --priority 100 --source-address-prefixes "AzureMonitor" --source-port-ranges "*" --destination-address-prefixes "<activegateserver-ip>" --destination-port-ranges "*" --access Allow
On the other hand the private link service for Azure monitor will help you to securize another part of your cloud architecture for example: (https://learn.microsoft.com/en-us/azure/azure-monitor/logs/private-link-configure)
Virtual Machine -- Diagnostic setting (Outbound)-- Azure monitor (Trough Private link service)
So definetevely this will help to hardening your cloud environment.
Cheers,
Luis Arias
If the information helped address your question, please Accept the answer.