Azure Maps Adds Support to Private Endpoints (Preview)

Location data is by nature sensitive and therefore needs to be managed securely. Today, we’re announcing the Public Preview of private endpoint support for Azure Maps, bringing enterprise-grade network isolation and data privacy to your location-aware applications. With Azure Private Link, your applications can connect to Azure Maps over a private IP inside your virtual network, keeping traffic on the Microsoft backbone network instead of the public internet. This helps reduce exposure to external threats while maintaining stringent security and compliance requirements.

Raising the Bar for Location Data Security in the Cloud

Azure Maps Private Endpoints creates a secure network bridge between your Azure VNet and Azure Maps using private endpoint. Here’s what changes:

• Network isolation: API calls are never exposed to the public internet. Traffic flows securely within Azure’s private backbone.
• Compliance support: Sensitive spatial data used by your application never traverses the public internet, directly supporting privacy and regulatory needs by minimizing external exposure.

Creating a Private Endpoint for your Azure Maps account

The create command below specifies the Maps account resource ID and the mapsAccount sub-resource, along with the virtual network and subnet used for the private endpoint. Azure creates a Private DNS zone for privatelink.account.maps.azure.com and adds the necessary DNS record automatically.

az network private-endpoint create \
  --name <myprivateendpointname> \
  --resource-group <myresourcegroup> \
  --vnet-name <myvnetname> \
  --subnet <mysubnetname> \
  --private-connection-resource-id "/subscriptions/<subscriptionid>/resourceGroups/<myresourcegroup>/providers/Microsoft.Maps/accounts/<mymapsaccountname>" \
  --group-id mapsAccount \
  --connection-name <myconnectionname></myconnectionname></mymapsaccountname></myresourcegroup></subscriptionid></mysubnetname></myvnetname></myresourcegroup></myprivateendpointname>

To use the private endpoint, configure your applications to call the Azure Maps account-specific endpoint. The access pattern is:

https://{maps-account-client-id}.{location}.account.maps.azure.com

For example, if your Maps account client ID is abc123 and the region is East US, the new Azure Maps endpoint for your account (instead of https://atlas.microsoft.com) is https://abc123.eastus.account.maps.azure.com.

Accelerating Secure Location Intelligence with Azure Maps Private Endpoints

Azure Maps private endpoint support enables teams to build secure, compliant geospatial solutions; whether you’re handling Protected Health Information (PHI) in healthcare, optimizing logistics, or running sensitive analytics in financial services.  Azure Maps API traffic is isolated within Azure’s backbone, supporting privacy, regulatory, and security goals.

Developers can keep their existing integration patterns (just update the endpoint to the account-specific private DNS name); network and security admins gain seamless VNet integration and granular access controls; business leaders can unlock location intelligence without risking data exposure or sacrificing developer velocity.

Azure Maps is now ready for your most sensitive, compliance-driven workloads: securely, efficiently, and with full network isolation.

Explore more

• Azure Maps Private Endpoints documentation
• Azure Maps Documentation
• Azure Maps Samples
• Azure Maps Pricing