I was looking at private endpoint for various PaaS services, such as storage (file services). However I realized that NSG are not in GA.
This was disappointing. For instance I setup a lab with a storage account and Azure Files and enabled private endpoint. My lab had the following setup:
VNET-A: 10.1.2.0/23 with Subnet-1 10.1.3.0/26
The storage account private link NIC was on 10.1.3.4
VNET-B: 10.1.5.0/24 with Subnet-2 10.1.5.96/27
A Server 2019 VM was on 10.1.5.100
Using private link I can mount the storage account and access over SMB, however there is no way to block inbound access to the File Share, for example using an NSG on the Subnet-A, my understand is that this is a public preview feature only?
However if I use the storage account 'firewall and virtual network settings' rather then the 'private endpoint connections' settings I can use the 'allow access from > selected networks' to allow or block access to the azure files storage.
I wondering what benefit the private endpoint feature offers if NSG support is not in GA?