Virtual Network Service Endpoints
As of today, Virtual Network Service Endpoints is in Preview and publicly available. This is one of the most requested features in Azure. Before this, one of the common issues regarding PaaS including Azure SQL and Storage was Public EndPoint, though Azure provides multiple ways to protect our workload and data, it was accessible from the Internet. Image Source: Microsoft Now, there is the possibility of locking Azure SQL and/or Storage within the Vnet or further down into Subnet level, removing the direct access to and from the Internet. This will ensure that all your traffic with remain within your network or Azure Backbone Network and egress/ingress traffic destined to Azure Services can be inspected and forced to on-prem using Forced Tunnelling . Limitation: Support only ARM model VNets and should be in the same region. Endpoints are enabled on Subnets configured in VNets. EndPoints can't be used for traffic originated from on-premises. ...