Edit

Create an enclave endpoint in the Azure portal

In this how-to guide, you create an enclave endpoint in the Azure portal. Enclave endpoints define destination rules that other enclaves or transit hubs can use when creating enclave connections.

Prerequisites

Sign in to Azure

Sign in to the Azure portal.

Create endpoint

  1. Enter Azure Enclave in the search.

  2. Under Services, select Azure Enclave.

  3. In the Azure Enclave page, select Enclaves in the left menu.

  4. On the Enclaves page, select your Enclave's name to open the enclave resource.

  5. Select Enclave Endpoints on the left navigation and then select Create.

Screenshot showing the highlighted create button for enclave endpoints.

  1. Enter the basic details for your enclave endpoint:

    • Enclave endpoint name: Enter a name, such as endpoint-MyService.
  2. Under Endpoint rules, select Add.

  3. Enter the Rule Name, Destination IP addresses/CIDR range, Protocol, and Destination Port Range.

    For example, to allow traffic to an HTTPS server hosted on an Azure virtual machine (VM) in a workload, enter the VM private IP address or subnet IP range, such as 10.0.2.5 or 10.0.2.0/26, select TCP, and enter 443.

Screenshot showing the enclave endpoint creation screen with endpoint rule dialog open as well.

Note

Enclave endpoint rules must use destinations within enclave subnets that are protected by network security groups.

  1. Select Next and enter any tags for your enclave endpoint.

  2. Select Review + create, validate that the details for your enclave endpoint are correct, and then select Create.