Azure Storage account access by other Azure tenant over private link

Question

Azure Storage account access by other Azure tenant over private link

M. JAMIL 10

We have a situation where our Azure storage accounts needs to access privately from different Azure tenant resources.

Is there any way to keep Azure Storage account disabled for all internet but only accessible over the private link. If it's possible then how to accomplish this?

I read about Private link service but that seems to be load balancer needed while we can't add storage account private endpoint in the load balancer backend pool.

Regards

MJ

Ramya Harinarthini_MSFT 5,356 Reputation points Microsoft Employee

2023-10-09T05:49:05.16+00:00

M. JAMIL

Just checking in to see if the below answer helped. If this answers your query, do click "Accept the answer” for the same, which might be beneficial to other community members reading this thread. And, if you have any further query do let us know.
Ramya Harinarthini_MSFT 5,356 Reputation points Microsoft Employee

2023-10-11T05:13:35.21+00:00

M. JAMIL

Just checking in to see if the below answer helped. If this answers your query, do click "Accept the answer” for the same, which might be beneficial to other community members reading this thread. And, if you have any further query do let us know.
Ramya Harinarthini_MSFT 5,356 Reputation points Microsoft Employee

2023-10-12T04:30:38.3+00:00

@M. JAMIL

Just checking in to see if the below answer helped. If this answers your query, do click "Accept the answer” for the same, which might be beneficial to other community members reading this thread. And, if you have any further query do let us know.
Ramya Harinarthini_MSFT 5,356 Reputation points Microsoft Employee

2023-10-17T14:18:39.9266667+00:00

@M. JAMIL

Just checking in to see if the below answer helped. If this answers your query, do click "Accept the answer” for the same, which might be beneficial to other community members reading this thread. And, if you have any further query do let us know.
Ramya Harinarthini_MSFT 5,356 Reputation points Microsoft Employee

2023-10-20T11:51:35.95+00:00

@M. JAMIL

Just checking in to see if the below answer helped. If this answers your query, do click "Accept the answer” for the same, which might be beneficial to other community members reading this thread. And, if you have any further query do let us know.

2 answers

Your answer

Ramya Harinarthini_MSFT 5,356 Reputation points Microsoft Employee

2023-10-09T05:49:05.16+00:00

M. JAMIL

Just checking in to see if the below answer helped. If this answers your query, do click "Accept the answer” for the same, which might be beneficial to other community members reading this thread. And, if you have any further query do let us know.
Ramya Harinarthini_MSFT 5,356 Reputation points Microsoft Employee

2023-10-11T05:13:35.21+00:00

M. JAMIL

Just checking in to see if the below answer helped. If this answers your query, do click "Accept the answer” for the same, which might be beneficial to other community members reading this thread. And, if you have any further query do let us know.
Ramya Harinarthini_MSFT 5,356 Reputation points Microsoft Employee

2023-10-12T04:30:38.3+00:00

@M. JAMIL

Just checking in to see if the below answer helped. If this answers your query, do click "Accept the answer” for the same, which might be beneficial to other community members reading this thread. And, if you have any further query do let us know.
Ramya Harinarthini_MSFT 5,356 Reputation points Microsoft Employee

2023-10-17T14:18:39.9266667+00:00

@M. JAMIL

Just checking in to see if the below answer helped. If this answers your query, do click "Accept the answer” for the same, which might be beneficial to other community members reading this thread. And, if you have any further query do let us know.
Ramya Harinarthini_MSFT 5,356 Reputation points Microsoft Employee

2023-10-20T11:51:35.95+00:00

@M. JAMIL

Just checking in to see if the below answer helped. If this answers your query, do click "Accept the answer” for the same, which might be beneficial to other community members reading this thread. And, if you have any further query do let us know.

Answer 1

@M. JAMIL

Welcome to Microsoft Q&A, thank you for posting your here!!

We cannot do this with Private Link Service and Private Link Service only works with SLB however we cannot place a Storage Account behind a SLB.

So, you have to use a Private Endpoint only. Private Endpoint can make use of a Private Link Service or a PaaS service but if we already established Private Link Service won't work.

In this scenario you must have a VNET in the same subscription as the Storage Account and create a Private Endpoint in this VNET and access this PE using VNET Peering from VNETs in different tenants

User's image

Source Link: https://learn.microsoft.com/en-us/azure/private-link/private-link-faq#what-are-the-pre-requisites-for-creating-a-private-link-service--

Please refer the below thread:

https://stackoverflow.com/questions/65811204/cross-subscription-private-endpoint-in-azure

Hope this helps!
Kindly let us know if the above helps or you need further assistance on this issue.

Please do not forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.

Answer 2

msrini-MSFT 9,291 Microsoft Employee

Hi,

There is a service named Private Endpoint where you can create a virtual NIC for Storage in a VNET and access that Private IP to reach storage account. If you want to disable internet access on Storage and if your users are part of a VNET then you can go with Private Endpoints.

Reference: https://learn.microsoft.com/en-us/azure/private-link/private-endpoint-overview

Regards,

Karthik Srinivas

Share via

Azure Storage account access by other Azure tenant over private link

2 answers

Your answer