Regarding Microsoft public review,How to use NSG for Private Endpoint?

Mohsen Akhavan 936 Reputation points

Regarding this link, Microsoft's public preview of private endpoint support Network Security. I want to know how can I manage and add a policy on NSG and control the Private Endpoint.


I have a Virtual network with 3 subnets:

I have a VM1 on Subnet-A and a VM2 on Subnet-B. Also, I have a blob storage and I created a private link for blob storage and assign EndpointSubnet to it.

currently, I have access to blob storage from VM1 and VM2 via private endpoint and when I ping blob storage, I received private IP from EndpointSubnet.

Now, I want to remove VM2's access to blob storage. Regarding this link I

  1. I registered this feature
  2. I enable PrivateEndpointNetworkPolicies

After that, it's not possible to add private endpoint NIC to NSG and I don't how I can add this rule and remove access from VM2 to blob storage.

Azure Blob Storage
Azure Blob Storage
An Azure service that stores unstructured data in the cloud as blobs.
2,413 questions
Azure Virtual Network
Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
2,130 questions
Azure Private Link
Azure Private Link
An Azure service that provides private connectivity from a virtual network to Azure platform as a service, customer-owned, or Microsoft partner services.
460 questions
0 comments No comments
{count} votes

Accepted answer
  1. Sumarigo-MSFT 43,401 Reputation points Microsoft Employee

    @Mohsen Akhavan Firstly, apologies for the delay in responding here and any inconvenience this issue may have caused.

    You should add NSG to the subnet in which Private Endpoint is there.

    You cannot add NSG to the NIC of the PE.

    So all PEs in the subnet where NSG is associated to will adhere to the NSG rules

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful