What's new?
Service endpoint policies for Azure Storage endpoints are now generally available to Azure SQL Managed Instance subnets.
Service endpoint policies are a virtual network security mechanism that provides fine-grained access control at the level of individual resources. Service endpoint policies allow you to deny your managed instances from accessing any storage account outside of a set of preapproved ones. This security mechanism helps guard your data from unauthorized copying (data exfiltration) or configuration errors, like exporting production data to development accounts.
To read more about the scenarios in which this security mechanism is especially useful, please read the preview announcement at Harden your Azure SQL Managed Instance workloads against data exfiltration.
An in-depth guide on how to configure service endpoint policies for Azure Storage in your Azure SQL Managed Instance subnets, visit the documentation page at Configure service endpoint policies for Azure SQL Managed Instance.
Service endpoint policies for Azure Storage may not yet be available in all public Azure regions. For the latest list of supported regions, please review this documentation page.
We hope that you'll find service endpoint policies useful in improving your managed instance security posture!