SQL MI Private Endpoint in One Picture

PRIVATE ENDPOINT – SQL MANAGED INSTANCE

Where PE can be located?

Key points

• Connections only in one direction, from PE to SQL MI and traffic in port 1433
• When using PE, there’s no need to set up VNET peering or public endpoint
• Connection string needs SQL MI hostname / IP address is not supported
• Customer DNS or Azure DNS private zone is needed
• PE establishes secure and isolated connectivity
• PE always use proxy connection type
• PE can be created in different Azure tenant
• When connecting from same VNET than SQL MI, TLS certificate configuration needed
  
  

Article link - https://learn.microsoft.com/en-us/azure/azure-sql/managed-instance/private-endpoint-overview?view=azuresql&tabs=separate-vnets