![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(208, 46%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EFB%3C/text%3E%3C/svg%3E)
Azure Data Factory
An Azure service for ingesting, preparing, and transforming data at scale.
11,625 questions
@Fabian Börner - Thanks for the question and using MS Q&A platform.
When you create an Azure integration runtime within a Data Factory managed virtual network, the integration runtime is provisioned with the managed virtual network. It uses private endpoints to securely connect to supported data stores.
Creating an integration runtime within a managed virtual network ensures the data integration process is isolated and secure.
Benefits of using a managed virtual network:
- With a managed virtual network, you can offload the burden of managing the virtual network to Data Factory. You don't need to create a subnet for an integration runtime that could eventually use many private IPs from your virtual network and would require prior network infrastructure planning.
- Deep Azure networking knowledge isn't required to do data integrations securely. Instead, getting started with secure ETL is much simpler for data engineers.
- A managed virtual network along with managed private endpoints protects against data exfiltration.
There are two ways to enable managed virtual network in your data factory:
- Enable managed virtual network during the creation of data factory.
- Enable managed virtual network in integration runtime.
Regarding the difference between the "Public" subtype and the Managed VNET subtype, the "Public" subtype is used when you want to create an integration runtime that can access data stores over the public internet. This is useful when you need to access data stores that are not in Azure or when you need to access data stores that are in Azure but are not in the same virtual network as your integration runtime.
On the other hand, the Managed VNET subtype is used when you want to create an integration runtime that is provisioned with a managed virtual network. This ensures that the data integration process is isolated and secure. With a managed virtual network, you can offload the burden of managing the virtual network to Data Factory. You don't need to create a subnet for an integration runtime that could eventually use many private IPs from your virtual network and would require prior network infrastructure planning. Additionally, a managed virtual network along with managed private endpoints protects against data exfiltration**.**
For more details, refer to Azure Data Factory managed virtual network
Hope this helps. Do let us know if you any further queries.
If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 21%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAW%3C/text%3E%3C/svg%3E)