What's new?
Service endpoint policies for Azure Storage endpoints are now generally available for Azure SQL Managed Instance subnets in all public regions.
Service endpoint policies are an Azure Networking mechanism that provides fine-grained access control at the level of individual resources. Azure SQL Managed Instance now allows service endpoint policies for Azur Storage accounts, allowing you to deny your managed instances from accessing any storage account outside of a set of preapproved ones. This security mechanism helps guard your data from unauthorized copying (data exfiltration) or configuration errors, like exporting production data to development accounts.
To read more about the scenarios in which this security mechanism is especially useful, please read the preview announcement at Harden your Azure SQL Managed Instance workloads against data exfiltration.
An in-depth guide on how to configure service endpoint policies for Azure Storage in your Azure SQL Managed Instance subnets, visit the documentation page at Configure service endpoint policies for Azure SQL Managed Instance.
We hope that you'll find service endpoint policies useful in improving your managed instance security posture!
Updated Jan 15, 2025
Version 2.0ZoranRilak
Microsoft
Joined June 07, 2021
Azure SQL Blog
Follow this blog board to get notified when there's new activity