Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
2,762 questions
Hello @Jiro Kitajima ,
Welcome to Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.
I understand that you would like to know how you can actually confirm that a resource, which has been configured with Private Link + Private Endpoint to prevent access from the internet cannot be accessed as intended.
I would like to share a tutorial document which might help you in understanding how the connectivity to private endpoint is validated. In this tutorial, we are testing connectivity to a web app using an Azure Private Endpoint. You can replace the webapp with any other service/resource.
From a test VM within the Vnet connected to private endpoint, you can do a nslookup to the resource IP or FQDN and you will find the private IP address from the subnet where private endpoint is enabled. It will no longer resolve to public IP if private endpoint is configured properly. If not properly configured, it will resolve to a public IP address.
Next you could test to access the IP or FQDN of the service/resource from a web browser of your local machine and see if it is accessible. If private endpoint is configured properly, you shouldn't be able to access the service from your local machine/public Internet.
For more troubleshooting steps, please refer the below docs:
https://learn.microsoft.com/en-us/azure/private-link/troubleshoot-private-endpoint-connectivity
https://learn.microsoft.com/en-us/azure/private-link/troubleshoot-private-link-connectivity
https://msrini-msft.github.io/Troubleshooting-Private-Link-DNS-Scenarios/
If you have any specific scenario or facing any particular issue, please share the details for further discussion.
Kindly let us know if the above helps or you need further assistance on this issue.
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.