We are at the beginning of migration to Azure, with majority VMs in form of IaaS with managed disks. There is one default policy for “Managed disks should disable public network access”. If we try to meet this policy, we can create Disk Access with private endpoint, by following https://learn.microsoft.com/en-us/azure/virtual-machines/disks-enable-private-links-for-import-expor....
However, the concern is: looks like there will be a large number of private endpoints and a long list of DNS records in private DNS zone to manage.
Would like to know if anyone choose to do it for large scale environment, regardless the operation overhead ?