Blog Post

Azure SQL Blog
1 MIN READ

Service endpoint policies for Azure Storage now generally available in SQL Managed Instance subnets

ZoranRilak's avatar
ZoranRilak
Icon for Microsoft rankMicrosoft
Jan 15, 2025

What's new?

Service endpoint policies for Azure Storage endpoints are now generally available for Azure SQL Managed Instance subnets in all public regions.

Service endpoint policies are an Azure Networking mechanism that provides fine-grained access control at the level of individual resources. Azure SQL Managed Instance now allows service endpoint policies for Azur Storage accounts, allowing you to deny your managed instances from accessing any storage account outside of a set of preapproved ones. This security mechanism helps guard your data from unauthorized copying (data exfiltration) or configuration errors, like exporting production data to development accounts.

To read more about the scenarios in which this security mechanism is especially useful, please read the preview announcement at Harden your Azure SQL Managed Instance workloads against data exfiltration.

An in-depth guide on how to configure service endpoint policies for Azure Storage in your Azure SQL Managed Instance subnets, visit the documentation page at Configure service endpoint policies for Azure SQL Managed Instance.

We hope that you'll find service endpoint policies useful in improving your managed instance security posture!

Updated Jan 15, 2025
Version 2.0
No CommentsBe the first to comment