Understanding Private Endpoints - Azure Services Simplified 

You EARNED a new subscriber - nicely done ! SOME COMMENTS TO PONDER: 1. Azure Services are neither "public" nor "private" in an of themselves; 2. Azure Services are simply web services hosted on Microsoft machines in a Microsoft facility somewhere in the world. Period. 3. By DEFAULT each service has a PUBLIC ENDPOINT configured to it; this is a URL with a DNS record in the PUBLIC DNS System, which means it could be in an ISP's DNS table or a REGIONAL DNS table or a GLOBAL DNS table, but the point is, it's in a PUBLICLY-AVAILABLE DNS record, so its IP address is also a PUBLICLY-knowable IP address. 4. a PRIVATE ENDPOINT is probably MOST equivalent to a DNS entry in a HOSTS file on your laptop; this ties or maps a "vanity URL" to a PRIVATE IP address; THIS record ISN'T in any PUBLICLY-available DNS record in the Internet's PUBLIC DNS System. 5. An Azure Service can be BOTH "Public" AND "Private" at the same time :-O; all you need to do is ADD a PRIVATE Endpoint in addition to the (default) PRIVATE endpoint 😲WHY you would WANT to do this is unclear; it's akin to LOCKING the FRONT DOOR (private endpoint) but LEAVING the BACK DOOR WIDE OPEN on your house ;-) 6. You may find it useful to ALSO illustrate a VPN connection as your LAPTOP ALSO getting its IP address from that SAME SUBNET on that SAME VNET, so that it's clear to viewers just what a site-to-site VPN connection IS - it's your home-based laptop being "extended" (your term) into that same SUBNET as all the other services :-) KEEP UP THE GREAT WORK ! -Mark Vogt | Avanade (www.avanade.com)

Private endpoint is explained much better than Microsoft - hats off to you and stay blessed !!

thank you! i couldnt understand private end point before. this video was a light bulb moment! I understand now. now i am more confident taking my azure exam.

Excellent Video! Thanks for the step by step explanation and demo. It was in simple and easy to understand language.

Read through MS documentation at least 3 times before finding this video... Amazing explanation, exactly what I needed. --- Please keep up the great work

Thank you, watched so many videos where I wasn't getting it. Your's was the first that explained it clearly. Now gonna search if you have one on service endpoints.

It was explained very clearly with a very good example. It would help even those who are new to Azure keep doing this and keep posting such videos 🤗🤗

Very helpful with a clear understanding. Great work! Thank you!

Great explanation. Awaiting video on NSG, Load Balancers.

your more more better than pluralsight lectures . thank you very much I will subscribe your channel . plz do more videos.. thks

I Like the approach to come with problem statement and how we could solved with by using power of these azure features. Please do cover private endpoint and private link resource in dept manner. Thank you.

You are doing an amazing job Aman, Thanks for making this vide

Thanks for sharing this informative videos. Please create another video on UDR perspective.

excellent presentation and explanation, thank you sir

Thanks in million. Very well explained. Awesome.

Greatly explained! Thank you!

Hope to check your playlist.. great explanation

Excellent Video...very clear explanation..

Very good video simplified

very very good explanation.

Great video buddy!

Amazing...good explanation ❤️

Thank you very much for the video!! It is now clearer!!!

Great video!! Thanks :)

good video, you've really simplified the concept

One word: Perfect!!!!

great explanation, thanks a lot.

Thanks, great video

Excellent video/explanation. In your example of using a private end point on a storage account, are there metrics that can be leveraged when copying data to a storage acct via the endpoint? Thanks

great explaination.

Doing a great job. Nice information.

bro you do this sport. thank you

Excellent video

very well explained. I never knew it was that simple. I still wonder why Microsoft or other materials are incapable of explaining like this.

True to title "Simplified.. " Thanks...

Excellent video. One question: when you assign a private endpoint, will the public ip end point still be reachable?

very well explained, a 10!

Excellent video! Do you know if "Synapse Link" in Dataverse can connect to a private end point storage account in Azure? Also, the Dataverse "synapse link" does not have a defined address space in Azure’s global service tags right? So how would you setup the firewall ?

In your video around 1.4o minute, you quoted S2S vpn doesn't traverse through internet. S2S connection requires a VPN device located on-premises that has an externally facing public IP address assigned to it. Meaning, S2S uses public internet. Whereas ExpressRoute traffic doesn't traverse through internet.

Could you explain the PE limitation and about NSG?

Thanks for you why you dont have more videos I liked you way

thank you, have a question i want a public webapp to communicate with a condiential webapp (that i suppose i have to put in a vnet) howto do it?

Can we connect to resources in other subnets in same vnet using a azure private endpoint?

Hi and thanks for the video. qtn pls. can you have one private-endpoint, but many private-links that terminate on that single private endpoint ...?, or does this service just come in single pairs, i.e. one PE with one PL

Are you saying that if a VM/Subnet is associated with NSG it cannot have private endpoint feature enabled ?

If connecting over public internet can policies be used to restrict access from a known public ip address? For VMs and PAAS

thanks a lot

is the private endpoint required if my storage account and VM are in the same virtual network? or its best practice to create a PRIVATE ENDPOINT even if they are on the same virtual network

HI can you update the video as The NSG limitaions are not their now along with UDR limitaions in detail.

Can u pls explain what is express route and site to site vpn.

Would you also have a video on explaining the UDR. Please !!!

When I create a private endpoint in my virtual network，then my xxx.database.windows.net can't resolve the private IP address in my virtual network's virtual machine. But,I can use my xxx.database.windows.net in my personal computer with public IP. What can I do?

Good video. One question here: Is it possible to connect to Azure blob storage from the office without going through the public internet? It can be making a machine in the office connect to the Vnet network card in Azure through Express Route. But I don't know if it is feasible.

When trying to access the storage account from the VM,... at 2:34 you're saying that it doesnt leave the MS backbone. Also you say it goes over the internet. I am new to networking so maybe I just not firm with definitions, but I would have thought that the MS backone is NOT the internet. And therefore, accessing the storage endpoint over (e.g. a service endpoint) is private. Can you please explain my error in thinking?

Hi - do we know if the 2 limitations are still current? THe limitation of UDR's and NSG's? VERY good video by the way

so for services , now azure included service end point right 😮

Thanks for the videos. I have one doubt I have a vnet in East us region and another vnet in Westeurope and the storage is in East us region if I wants to access through private endpoints how can I achieve that.

At 8:30 he says "you should only have on eprivate endpoint per vnet. Why??

We have few appservices in 2 subnets of single vnet. Now the communication between webapps from subnet 1 to webapps of subnet2 is configured via private end point. But it is not working and giving IP forbidden error. Please suggest somw solutions bro

what about point to site vpn?

Does the limitations still hold? i doubt the NSG one. Pl reply or leave a pinned comment!

How about the Microsoft peering offered with Express Route? Does it not route traffic via the Microsoft backbone instead of the internet to Azure PaaS?

Sorry but i thank that you made a mistake when you said that s2s vpn connection does'nt go over the internet actually it does unlike express route.