Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
By default, all network traffic within an enclave is permitted by Azure Enclave product design. This means that all resources and hosts within an enclave can reach, discover, and communicate with each other. However, this poses a potential issue for community and enclave owners when first creating their Azure Enclave-related resources on how to initially migrate or bring their data into their enclaves.
Overview
If the data that needs to be moved into an enclave resides in an Azure Storage Account, you'll need to create a connection to the data source, optionally download an application to help download/copy/move, and then perform the download/copy/move operation. Follow these detailed steps:
- Log into Admin VM, or any other resource located in the enclave private network.
- Create an Endpoint (at either the community or Enclave level) and Connection (targeting the enclave/community and Endpoint created) to where the data is.
- How to make a community endpoint or enclave endpoint for your IP Data Source / External Data Network (an example of this could look like this:
name: ep-mydatasource,source: 172.168.10.0/16,protocol: https,port: 443). - How to make a Connection connecting either a community or an enclave to the Endpoint created above.
- How to make a community endpoint or enclave endpoint for your IP Data Source / External Data Network (an example of this could look like this:
- Use AzCopy, Azure portal, or Azure Storage Explorer while on Enclave Admin VM to transfer data from location specified above into the enclave.
- By default these tools aren't installed on Admin VMs or other machines. To install these tools onto resources residing in the enclave private network, you must create an endpoint and connection to the download location of these tools.
- Azure Enclave recommends downloading these tools using Azure Toolbox.

Downloading tools from Azure Toolbox
To download tools from Azure Toolbox into an enclave, Azure Enclave recommends that either an enclave or community endpoint be created to Azure Toolbox. Furthermore, enclave owners should then also create a connection from the enclave or community to the Azure Toolbox endpoint. This is an example of how to creation the connection and endpoint:
- How to make a community endpoint or enclave endpoint for your IP Data Source / External Data Network (an example of this could look like this:
name: ep-aztoolbox,source: <aztoolbox-fqdn>,protocol: https,port: 443). This is a table with the current environments and their respective FQDNs needed to connect to Azure Toolbox.
| Environment | FQDN |
|---|---|
| Test | prod.api.toolbox.azure-test.net |
| US Sec | |
| US Nat |
- How to make a Connection connecting either a community or an enclave to the Endpoint created above

Should further troubleshooting be required to investigate making Connections, see Create a Connection from the Azure portal or contact Azure Support.