Setup Azure Translator with Private Endpoint

Question

Hello i want to setup an Azure Translator which will be fully private integrated with public access disabled and only a private endpoint. And the functionapp which will be calling it is in the same network so it will have access. I have created the private endpoint and private link and the functionapp is resolving it. But on the Endpoint tab at the translator i only see the global endpoint for Text translation. I know that i have to use the custom one

Answer 1

Hello Ceci Ivanov,

Directly to your question, Yes even after enabling a private endpoint for the Azure Translator on VNet, you would still require the service endpoint to be enabled on the same VNet. While a private endpoint brings Azure services into your VNet, a service endpoint restricts access to your PaaS resources to traffic coming from your VNet. Therefore, to enable a private endpoint, you often need to enable the service endpoint on the VNet.

My first suggestion it's to read this article on the difference between Service Endpoints vs Private Endpoints:

https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/service-endpoints-vs-private-endpoints/ba-p/3962134

About Azure Translator service using private endpoints for Translator this enable access data using an IP address from the VNet address space for your Translator resource. This feature provides additional security options for your Translator subscription

References:

• https://learn.microsoft.com/en-us/azure/private-link/private-endpoint-overview
• https://learn.microsoft.com/en-us/azure/private-link/private-endpoint-dns
• https://learn.microsoft.com/en-us/azure/ai-services/translator/custom-translator/how-to/enable-vnet-service-endpoint
• https://learn.microsoft.com/en-us/azure/ai-services/cognitive-services-virtual-networks?tabs=portal#use-private-endpoints

If the information helped address your question, please Accept the answer.

Luis