Azure Landing Zone - Do we have to create the private endpoints in both the regions? [Scenario given in description]

Question

Scenario:

Our users are in Canada Central. and staff are in Bangalore - India

We have created all of our azure resources in Canada Central as it near to the users.

Now we are migrating our standard subscription to landing zones.

Our office informed us to create private endpoints of Canada Central resources in the UK South as it is near to Bangalore but

My doubt is:

1. How about if the Canada Central user needs to access the resources if private endpoints created in UK South?
2. 2. OR Do we need to create private endpoints in both the regions?

Answer 1

@Rajoli Hari Krishna ,

Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.

I understand that you have queries related to creating Private End Points.

From your verbatim,

1.How about if the Canada Central user needs to access the resources if private endpoints created in UK South?

• Creating Private EndPoint would not prevent/block the default access to a PaaS Service.
• This means, users in Canada Central can continue to access the resources how they were accessing before the private endpoint creation.

2.OR Do we need to create private endpoints in both the regions?

• While this is not mandatory, as mentioned in #1, you can still create 2 different private endPoints, one for staff and one for users if there is such a requirement.
• This configuration will work as well.

NOTE :

In order for users or staff to access a Private EndPoint, they must have access to the VNET(s) in which the private endPoint(s) are created.

See : https://learn.microsoft.com/en-us/azure/private-link/private-endpoint-overview

Please let us know if we can be of any further assistance here.

Thanks,

Kapil

---

Please Accept an answer if correct.

Original posters help the community find answers faster by identifying the correct answer.