Azure App service can enable Private Endpoints for inbound traffic.
Customers may want to list all VNET subnets used for Private Endpoints, and enable Network Security Group for the Private Endpoints.
There is no way to do it from Azure portal. But the below Power shell script can help customers list all the subnets used for Private Endpoints.
- List all VNET subnets used for Private Endpoint using PowerShell script
$privateEndpoints = Get-AzPrivateEndpoint
$subnetIds = $privateEndpoints | ForEach-Object { $_.Subnet.Id }
$uniqueSubnetIds = $subnetIds | Sort-Object -Unique
foreach ($subnetId in $uniqueSubnetIds) {
Get-AzResource -ResourceId $subnetId
}
The output is like this
- Regarding more parameters for Get-AzPrivateEndpoint
Check Get-AzPrivateEndpoint (Az.Network) | Microsoft Learn
- How To Enable Network Security Group for Private Endpoints
By default, network policies are disabled for a subnet in a virtual network.
You need to assign the NSG name first in this subnet, then enable NSG in “Network Policy for Private Endpoint”, then the PE will be applied the NSG rule.
Manage network policies for private endpoints - Azure Private Link | Microsoft Learn
