Copyright (c) 2026 MindMesh Academy. All rights reserved. This content is proprietary and may not be reproduced or distributed without permission.
5.1.1. Private Endpoints
A Private Endpoint is a network interface with a private IP that connects to a PaaS service.
Connection State Lifecycle:
Connection States Explained:
| State | Traffic Flows? | Action Required |
|---|---|---|
| Pending | No | Resource owner must approve |
| Approved | Yes | None—connection is active |
| Rejected | No | Delete PE or request re-approval |
| Disconnected | No | Delete PE and recreate |
Architecture:
Supported Services:
- Azure Storage (blob, file, table, queue)
- Azure SQL Database
- Azure Cosmos DB
- Azure Key Vault
- Azure App Service
- Azure Container Registry
- And 80+ more services
Creating Private Endpoints:
- Create Private Endpoint resource
- Select target service and sub-resource
- Choose VNet and subnet
- Configure DNS integration
Network Policies:
By default, NSGs don't apply to Private Endpoints. To enable:
$subnet = Get-AzVirtualNetworkSubnetConfig -Name "PrivateEndpointSubnet" -VirtualNetwork $vnet
$subnet.PrivateEndpointNetworkPolicies = "Enabled"
Written byAlvin Varughese
Founder•15 professional certifications