We wanted to make you aware of a new public preview feature available to try.
Azure Private Link Service enables you to access Azure Services (for example, Azure Key Vault, Azure Storage, and Azure Cosmos DB) and Azure hosted customer/partner services over a Private Endpoint in your virtual network. Now, in preview, you can integrate a key vault with your Azure Private Link.
Private endpoint ensures that no customer data leaves their virtual network. It eliminates exposure to your key vault from the public internet and keeps all customer traffic on Azure. If an organization used a public endpoint, they would have to configure a VPN or Expressroute connection to securely connect to key vault via the public internet. If an organization uses service endpoints, all their traffic would remain within Azure but they would have to allow their resource access to all traffic to / from the key vault service (not scoped to one particular vault).
Now with private endpoint, you can give each resource access to only 1 particular key vault, which provides a higher level granularity of permissions. Many government, healthcare, and financial institutions have tight regulations and want to plan for "worst case" scenarios in the event of a breach. This provides more redundancy and greater protections.
- A key vault
- An Azure virtual network
- A subnet in the virtual network
- Owner or contributor permissions for both the key vault and the virtual network
- Your private endpoint and virtual network must be in the same region
See our public documentation for more information on how to try this feature.