Does private endpoint restrict public access

Nick Paramonov 46 Reputation points


I saw multiple articles with vague explanations like "traffic can reach the service resource from on premises without using public endpoints" etc.
My question is: if I configure private endpoint to any type of resource, does it mean that the resource is no longer accessible through public endpoint? Even if I issue a SAS (for Storage Account, for example)?
Does it apply to ALL the private link resource types?


Azure Private Link
Azure Private Link
An Azure service that provides private connectivity from a virtual network to Azure platform as a service, customer-owned, or Microsoft partner services.
333 questions
0 comments No comments
{count} votes

Accepted answer
  1. SaiKishor-MSFT 16,776 Reputation points

    @Nick Paramonov

    Private endpoint does not restrict public access, however, it is advisable to do so for security purposes as given in document.

    You can secure your storage account to only accept connections from your VNet, by configuring the storage firewall to deny access through its public endpoint by default. You don't need a firewall rule to allow traffic from a VNet that has a private endpoint, since the storage firewall only controls access through the public endpoint. Private endpoints instead rely on the consent flow for granting subnets access to the storage service.

    Hope this answers your questions. If you have any further questions/concerns, please do let us know. Thank you!

    • Please do not forget to "Accept the answer" wherever the information provided helps you to help others in the community.

0 additional answers

Sort by: Most helpful