Hello Peter Daniels,
Thank you for posting your query here!
Option 1: Public Endpoint with Secure Transfer and RBAC/ACL Azure Data Lake Storage Gen2 (ADLS Gen2) does provide some security features. It supports both encryption-in-transit and encryption-at-rest. However, it has limited data security (no row-level, column-level, dynamic data masking, etc.). While this option might be simpler, it might not provide the level of security you need for sensitive data.
Option 2: Azure VPN, vNet, P2S Config, Private Endpoint This option provides a higher level of security. The use of a VPN ensures that data is securely transmitted over the internet. However, the configuration can be complex, and the cost might be a concern.
To answer your main question, while the public endpoint for ADLS Gen2 does provide some security, it might not be sufficient for sensitive data. Therefore, it would be advisable to continue looking at a P2S VPN solution.
As for configuring the P2S VPN, there are several resources available that can guide you through the process. https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-point-to-site-resource-manager-portal
Here are the general steps you might need to follow:
Create a Virtual Network Gateway on Azure (VPN): This involves selecting your organization subscription, resource group, region, gateway type (VPN), VPN type (Route Based), SKU (VpnGw2), and generation (Generation2).
Create a Self-Signed Certificate for P2S Connection: This is necessary for certificate-based authentication.
Export Root and Child Certificates: These certificates will be used for client authentication.
Configure Azure Point to Site VPN: This involves configuring the necessary VPN Gateway point-to-site (P2S) server settings.
P2S VPN Installation on Client Machine: The VPN client is configured using VPN client configuration files.
Do let us know if you have any further queries. I’m happy to assist you further.
Please do not forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.