Disclaimer: Use this at your own risk! These thoughts are of my own and does not reflect my workplace or any vendor.
Hi folks,
I am writing to you about a recent addition of new resource which will help lift the security profile of your subscription.
Background:
==========
As you are aware that every VNet allows you to access other Azure cloud resources using Azure backbone via something called endpoints. At the time of writing this (Mar 2020 - Coronavirus madness), there are 9 endpoints avail.
Hi folks,
I am writing to you about a recent addition of new resource which will help lift the security profile of your subscription.
Background:
==========
As you are aware that every VNet allows you to access other Azure cloud resources using Azure backbone via something called endpoints. At the time of writing this (Mar 2020 - Coronavirus madness), there are 9 endpoints avail.
- One of the endpoints used frequently is Microsoft.Storage. This provides flexibility to go across subscriptions to connect other PaaS storage accounts. This action itself can be dangerous especially if the storage account is not firewalled.
Introduction:
=========
- That's where the new resource 'Service endpoint Policy' can help. This policy is super easy to configure and can help limit the subscription EndPoint Scope to a particular resource group or the whole subscription.
Creation:
=======
- If you create the policy in the subscription then simply associate it with subnet which requires the access to Storage account.
Pricing & Future?
=============
- Currently only available to Microsoft.Storage but I am guessing that Microsoft can help limit other endpoints in future as well?
- No Extra Cost to your subscriptions :)
Comments
Post a Comment