Feb 03 2020 08:41 AM
We wanted to make you aware of a new public preview feature available to try.
Azure Private Link Service enables you to access Azure Services (for example, Azure Key Vault, Azure Storage, and Azure Cosmos DB) and Azure hosted customer/partner services over a Private Endpoint in your virtual network. Now, in preview, you can integrate a key vault with your Azure Private Link.
Private endpoint ensures that no customer data leaves their virtual network. It eliminates exposure to your key vault from the public internet and keeps all customer traffic on Azure. If an organization used a public endpoint, they would have to configure a VPN or Expressroute connection to securely connect to key vault via the public internet. If an organization uses service endpoints, all their traffic would remain within Azure but they would have to allow their resource access to all traffic to / from the key vault service (not scoped to one particular vault).
Now with private endpoint, you can give each resource access to only 1 particular key vault, which provides a higher level granularity of permissions. Many government, healthcare, and financial institutions have tight regulations and want to plan for "worst case" scenarios in the event of a breach. This provides more redundancy and greater protections.
Prerequisites:
See our public documentation for more information on how to try this feature.