Service Endpoint of Azure Key Vault

Apurva Pathak 125 Reputation points

Hi Folks,

I have a Key Vault for which I have restricted access to only certain Public IPs and specified Vnets in the firewall settings of the Key Vault. However, when I am trying to access the Key Vault from one of the VMs which are deployed in the whitelisted Vnets. I did have enabled Key Vault related Service Endpoint on the subnet of the VMs.

I am trying to access the KV over browser in the VMs, do service endpoint enable browsers connections as well to go via MS backbone, if yes, any reason of this not working.

Pasting a few snips below for more clarity:

KV Firewall settings:User's image

Subnet endpoint status:

User's image

Thanks in advance!


Azure Key Vault
Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
961 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Deepanshu katara 1,410 Reputation points

    Hi , To answer your question

    You can configure Key Vault firewalls and virtual networks to deny access to traffic from all networks (including internet traffic) by default. You can grant access to traffic from specific Azure virtual networks and public internet IP address ranges, allowing you to build a secure network boundary for your applications.

    So you can allow inbound/output rules for http/https in NSG and then it should work

    Please check MS doc for ref

    And still if issue occurs , please share the error in detail

    Thanks , kindly accept answer if it has helped