AZ-900: Define Public and Private Endpoints in Azure

Posted on by Datablog

Endpoints in Azure define how services such as databases, storage accounts like Containers, and analytics tools can be accessed over a network.

What Is an Endpoint?

An endpoint is essentially a network interface that allows communication with a resource. Examples include services like Azure Storage #29#, Azure Cosmos DB, Power BI, and Azure SQL Database.

Public Endpoints (Service Endpoints)

A public endpoint, also known as a service endpoint, uses a publicly routable IP address. It allows Azure services to be reached over the internet. These connections:

  • Do not require a VPN.
  • Are available from any device or location that has internet access.
  • Still require proper authentication and authorization. Access is restricted to users or services with correct credentials.

This setup is ideal for publicly accessible services or applications that users need to access remotely.

For more on secure identity management, see #34 and #35#.

Private Endpoints

A private endpoint allows you to connect securely to Azure services over a private IP address from within your virtual network. This avoids exposure to the public internet. Key points include:

  • They support services like Azure Storage, Azure SQL Database, and Azure Cosmos DB.
  • Resources connect from the same virtual network, or from regionally or globally peered virtual networks.
  • Access can also come from on-premises networks through a VPN Gateway or Azure ExpressRoute.

Private endpoints rely on Azure Private Link, a service that facilitates secure and scalable access across regions.

Rules and Limitations

When using private endpoints, consider the following:

  • The private endpoint and the resource it connects to must be in the same subscription and region, unless using Private Link.
  • The Private Link service can be in a different region than the VNet or private endpoint.
  • DNS configuration is important—services resolve through private DNS zones.

Why Use Private Endpoints?

  • Enhanced Security: No internet exposure reduces attack surface.
  • Compliance: Helps meet strict data residency and industry standards.
  • Hybrid Compatibility: Supports integration with on-premises networks via ExpressRoute or VPN.

Conclusion

Azure’s public and private endpoint options allow flexibility depending on your security and access requirements. Public endpoints offer easy access, while private endpoints ensure that your services stay internal and protected.

To better understand how endpoints integrate with Azure networking and security, check out our AZ-900 video course for in-depth guidance – or go back to the topics in the AZ-900 exam.

Please click here to find out more about Microsoft’s AZ-900 exam.

author avatar
Datablog
See Full Bio

Leave a Reply

Your email address will not be published. Required fields are marked *