Azure Private Endpoint

Copper Contributor



I was looking at private endpoint for various PaaS services, such as storage (file services). However I realized that NSG are not in GA.

This was disappointing. For instance I setup a lab with a storage account and Azure Files and enabled private endpoint. My lab had the following setup:

VNET-A: with Subnet-1

The storage account private link NIC was on


VNET-B: with Subnet-2

A Server 2019 VM was on


Using private link I can mount the storage account and access over SMB, however there is no way to block inbound access to the File Share, for example using an NSG on the Subnet-A, my understand is that this is a public preview feature only?


However if I use the storage account 'firewall and virtual network settings' rather then the 'private endpoint connections' settings I can use the 'allow access from > selected networks' to allow or block access to the azure files storage. 


I wondering what benefit the private endpoint feature offers if NSG support is not in GA?



1 Reply
It's good to know that if a feature is in Public Preview, that you still can get support from Microsoft, and that only the SLA's are not applicable: :

It still holds some value as you need to be routed through your internal network instead of public network.