Allow creating Private Endpoint to global KMS servers

Allow creating Private Endpoint to global KMS servers
0

Upvotes

Upvote

 Oct 13 2021
0 Comments 
New

Currently, according to this link (https://docs.microsoft.com/en-us/troubleshoot/azure/virtual-machines/custom-routes-enable-kms-activation), egress traffic from Azure Windows VMs to KMS must flow across the Internet. This is not ideal, because it requires a routing configuration in Azure to route this traffic directly out to the Internet.

 

Instead, it would be ideal if it was possible to create a Private Endpoint, which points to the global KMS server (kms.core.windows.net - 23.102.135.246), to route this traffic through. This would allow all KMS traffic to stay private to Azure/Microsoft infrastructure, rather than having to flow across the Internet.