Error with Azure log analytics workspace via Azure monitor private link scope

MrFlinstone 646 Reputation points
2025-01-27T17:51:59.7+00:00

I have created an Azure monitor private link scope, configured the private endpoint. However on configuring the log analytics workspace to configure the following settings within network isolation and set them to NO.

Accept data ingestion from public networks not connected through a Private Link Scope

Accept queries from public networks not connected through a Private Link Scope

From log analytics workspaces, I get the following error whilst trying to query the logs.

Access to workspace 'loganalytics1' from 'xx.xx.xx.xx' is denied. To allow access from public networks, change the workspace Networking settings or add it to a Network Security Perimeter.

The IP address in question is my public IP address. It should not be routing via public access, but rather using the virtual network. I am also sure that the error isnt anything to do with permissions as once the network isolation settings are reverted, then it works.

Azure Monitor
Azure Monitor
An Azure service that is used to collect, analyze, and act on telemetry data from Azure and on-premises environments.
3,469 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Ashok Gandhi Kotnana 3,225 Reputation points Microsoft Vendor
    2025-01-29T16:35:20.57+00:00

    Hi @MrFlinstone ,

    Welcome to Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.

    I recommend following these steps, as they worked for me—ensuring traffic is routed via private network instead of public Set Virtual Network Configuration to No

    User's image

    Created AMPLS and added this to Azure MoniterUser's image

    AMPLS set to Private OnlyUser's image

    Attached the private endpoint to the Storage account for testing, Disabled Public Access and Enabled Private Endpoint on the below screenshots

    User's image

    User's image

    Created a VM on the same network where the private endpoint crated and assigned to it, Pinged the blob URL the traffic is going via Private not Public

    IP: 10.5.0.6User's image

    Feel free to reach out if you have any further questions or need additional information—I’m happy to assist!

    Please provide your valuable comments User's image

    Please do not forget to "Accept the answer” and “upvote it” wherever the information provided helps you, this can be beneficial to other community members.it would be greatly appreciated and helpful to others.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.