Avinash Davkhar
Welcome to the Microsoft Q&A Platform!
To allow app-A
to be accessed only through app-B
, even though they are in different subscriptions, you can use Azure Private Link or service endpoints along with proper configuration of Azure networking and access controls.
- VNet-A in Subscription A for
app-A
. - VNet-B in Subscription B for
app-B
. - Peer VNet-A and VNet-B to enable secure communication.
- Create a Private Endpoint for
app-A
in VNet-A. - This allows
app-A
to be accessed via a private IP. - Enable VNet Integration for
app-B
to route traffic through VNet-B. - Route requests from
app-B
to the private IP ofapp-A
's Private Endpoint. - Restrict access to
app-A
to traffic only from the IP range of VNet-B. - Configure Azure AD for both
app-A
andapp-B
for additional security. - Verify
app-B
can accessapp-A
. - Confirm other sources cannot access
app-A
. - By following these concise steps, you can securely limit access to
app-A
so it is only accessible throughapp-B
.
https://learn.microsoft.com/en-us/azure/virtual-network/virtual-network-peering-overview
If the answer is helpful, please click Accept Answer and kindly upvote it