Azure service endpoints provide the ability for Azure administrators to expose certain Azure services directly inside a VNet. This improves security by extending your VNet identity to the service and removes public Internet access to the resources. It also improves optimizes the network routing by allowing resources within the VNet to directly access the service via the Azure backbone. Without service endpoints, it can take a range of network hops to get to the resource — in the image below, it took 9 hops from within the West Central VNet to access a storage account in West Central.

Image for post
Image for post
Did you know you can get network hops from nmap inside Azure?

After implementing service endpoints, this drops to 2…

About

Matt Davis

Now: Cloud Solution Architect @microsoft. Previously: Cloud Solution Architect / Open Stack Product Owner / Kubernetes Product Owner at @ Fortune 50.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store