Create a private endpoint for Microsoft Energy Data Services

Azure Private Link provides private connectivity from a virtual network to Azure platform as a service (PaaS). It simplifies the network architecture and secures the connection between endpoints in Azure by eliminating data exposure to the public internet.

By using Azure Private Link, you can connect to a Microsoft Energy Data Services Preview instance from your virtual network via a private endpoint, which is a set of private IP addresses in a subnet within the virtual network. You can then limit access to your Microsoft Energy Data Services instance over these private IP addresses.

You can connect to a Microsoft Energy Data Services instance that's configured with Private Link by using an automatic or manual approval method. To learn more, see the Private Link documentation.

This article describes how to set up a private endpoint for Microsoft Energy Data Services.

Important

Microsoft Energy Data Services is currently in preview. For legal terms that apply to features that are in beta, in preview, or otherwise not yet released into general availability, see the Supplemental Terms of Use for Microsoft Azure Previews.

Microsoft Energy Data Services requires registration and is available to only approved customers and partners during the preview period. To request access to Microsoft Energy Data Services during the preview period, use this form.

Prerequisites

Create a virtual network in the same subscription as the Microsoft Energy Data Services instance. This virtual network will allow automatic approval of the Private Link endpoint.

Create a private endpoint by using the Azure portal

Use the following steps to create a private endpoint for an existing Microsoft Energy Data Services Preview instance by using the Azure portal:

  1. From the All resources pane, choose a Microsoft Energy Data Services Preview instance.

  2. Select Networking from the list of settings.

  3. On the Public Access tab, select Enabled from all networks to allow traffic from all networks.

    Screenshot of the Public Access tab.

    If you want to block traffic from all networks, select Disabled.

  4. Select the Private Access tab, and then select Create a private endpoint.

    Screenshot of the Private Access tab.

  5. In the Create a private endpoint wizard, on the Basics page, enter or select the following details:

    Setting Value
    Subscription Select your subscription for the project.
    Resource group Select a resource group for the project.
    Name Enter a name for your private endpoint. The name must be unique.
    Region Select the region where you want to deploy Private Link.

    Screenshot of entering basic information for a private endpoint.

    Note

    Automatic approval happens only when the Microsoft Energy Data Services instance and the virtual network for the private endpoint are in the same subscription.

  6. Select Next: Resource. On the Resource page, confirm the following information:

    Setting Value
    Subscription Your subscription
    Resource type Microsoft.OpenEnergyPlatform/energyServices
    Resource Your Microsoft Energy Data Services instance
    Target sub-resource MEDS (for Microsoft Energy Data Services) by default

    Screenshot of resource information for a private endpoint.

  7. Select Next: Virtual Network. On the Virtual Network page, you can:

    • Configure network and private IP settings. Learn more.

    • Configure a private endpoint with an application security group. Learn more.

    Screenshot of virtual network information for a private endpoint.

  8. Select Next: DNS. On the DNS page, you can leave the default settings or configure private DNS integration. Learn more.

    Screenshot of DNS information for a private endpoint.

  9. Select Next: Tags. On the Tags page, you can add tags to categorize resources.

  10. Select Review + create. On the Review + create page, Azure validates your configuration.

    When you see Validation passed, select Create.

    Screenshot of the page that summarizes and validates configuration of your private endpoint.

  11. After the deployment is complete, select Go to resource.

    Screenshot that shows an overview of a private endpoint deployment.

  12. Confirm that the private endpoint that you created was automatically approved.

    Screenshot of information about a private endpoint with an indication of automatic approval.

  13. Select the Microsoft Energy Data Services instance, select Networking, and then select the Private Access tab. Confirm that your newly created private endpoint connection appears in the list.

    Screenshot of the Private Access tab with an automatically approved private endpoint connection.

Note

When the Microsoft Energy Data Services instance and the virtual network are in different tenants or subscriptions, you have to manually approve the request to create a private endpoint. The Approve and Reject buttons appear on the Private Access tab.

Screenshot that shows options for rejecting or approving a request to create a private endpoint.

Next steps

To learn more about using customer Lockbox as an interface to review and approve or reject access requests.