With private endpoints you can also connect to resources by resource-id or alias & also you can integrate with private DNS which is not an option with service endpoint. Nicely explained by the way

Great video. Thank you and please keep producing them.

Fantastic way to explain the difference between them.

Excellent Video! Thanks for the step by step explanation and demo. It was in simple and easy to understand language.

Amazing. Love your way of explanation

Thank you. I am on the AZ104 path and this is most useful with good diagrams.

This is such a short yet concise explanation! I’ve been spending some time learning this but the documentation is kinda confusing. Kudos to the creator! 🎉

Never came across such a precise, concise and to the point explanation on the topic so far. keep it up

This is by far the best explanation I have seen on this topic, you did a fantastic job here !

Very nicely explained! Thank you.

This was very useful. Great work. Thank you

It was a very useful and informative video, cleared some of my questions, looking to the deep dive videos for both PE and SE

Best explanation so far. Good work

Merci beaucoup ... thank you much for this explanation

Thanks for the video, nice explanation

Great explanation. Nicely done

I don't usually write comments, but this is the best explanation ever. Thank you very much Sir.

Very good explanation. Thank you!

you just nailed it brother. Good work. By the way, I am an Azure architect

Congratulations for the great video!

big clarity i get on this video thQ ...sir

Great explanation!

Excellent explanation

You explained very well

Thank you.... nicely explained.

Very helpful video. thanks

i love you so much, after 3 days of finding an accurate and good example of learning this content today I can that you are the best teacher vs all the cloud gurus have

Well explained!!

Great video!

Very nice and informative

Great Video!

thank you, another great video!

Great video!.....

Nicely explained.

easily understand. thanks a lot

Amazing thanks

great explanation thanks

Isnt it wrong to say that the traffic of the service endpoint go out to the internet? As per my understanding they remain in the Azure Backbone or not?

Very Very good video!!!

Pretty clear .

Great explaination. Thanks lot. Please make and upload videos on Azure front door and azure app service networking

Thank you

Thanks!

Wow Amazing content ! Could you please create video on How to connect on premises resource like sql server from Azure by establishing S2S and P2S connection ? The term Point to site and Site to site is pretty complicated. let's understand this term in your way of explanation.

Great also please make some live demo while explanation in the video

Very good explanation..Keep making more videos on cloud concepts:)

What will be used for cluster apps? That have common database pools in the backend. How can we secure this with private endpoint?

are you sure you can add a PE to the same subnet as a VM? I am sure PE's need a dedicated subnet along with VNET integration.

Thanks for this great video! Could you also explain in an upcoming video how NSG work?

This great. I was trying to do this Service endpoint for Azure DB for PostgreSQL and I am not able to do it. Can you please guide me/Make a video for the same?

thanks for explaining. However could you tell me why the on premise network requires NAT and additional configurations ? Serv End point is enabled on the subnet just like in private endpoint, right? So if on premises devices can connect via teh virtua lnetwork in Private end point , how different is it with Service end point. Excuse me if this is a dumb question :-(

Very good! But remember we can to be service endpoints polices to azure storage limition access for example to a specific storage.

Hello @HarvestingClouds sir, Thank you for the video. We have an Azure SQL server and a SQL private endpoint, with no NSG or route table attached. We have already established VPN connectivity between the on-premises server and Azure using Azure site-to-site VPN. We have an Azure firewall and an on-premises firewall. We want to connect from the on-premises server to the Azure SQL private endpoint. Can you please guide us on how to do that? Do we have to open a port in both the Azure firewall and the on-premises firewall, and also add the on-premises firewall public IP addresses to the Azure SQL database firewall configuration in networking? Or is any one option enough?

What is case if we have both private end point and service endpoint storage resource

Is it possible to restrict the inbound and outbound rules for the web app by placing the app inside a subnet and restricting the public access using nsg rules?? I was unable to block the ports using the nsg rules. But I want to make my api app and sql db private???

Does NSG flow log show traffic for both types of endpoints?

Will pvt end point removes the public IP assigned to the Webapp or DB or any other paas so that it will notbe available to get accessed over internet after attaching to private end pont??

It would be great if you give better insights on how it appears to be a connection using private ips in case of private endpoint connections.

2:00 Are you sure that the public ip of the storage account and the private ip of the vm is used? can you make a demo?

Can you tell how to access storage account from the app service with in the same virtual network Is it possible By vnet integration in app services and by keeping selected networks in firewall and virtual network settings in storage account

Notes from this video Difference between service endpoint and Private endpoint Service Endpoint You enable the service endpoint service for let's say storage account or SQL server on a particular subnet, it exposes your subnet to all the Storage accounts or SQL servers in that region. Meaning the storage account will be aware of your subnet and virtual network. So when the vm connects to the storage account it will connect to the public IP address of the storage account but the storage account will see the private Ip address of the virtual machine. Service will be enabled for all the storage accounts. Private Endpoint Private endpoint is a service in Azure that lets us connect to a PAAS services like a storage account or sql server via a private IP address over a secured connection rather than having to connect to that resource over the internet over public IP address. Let's say you enable the private endpoint for one of the storage account, it will create a private nic for that storage account inside your subnet and you can connect to that storage account using that private IP address or NIC. It will be as if you brought that storage account inside your virtual network. Differences 1. Per service vs per instance Service endpoint is enabled for all the resources of that particular service where as private endpoint is enabled only for that particular instance of that service. 2. Public IP vs Private IP Using service endpoint vm is still connecting to public IP of the storage account over the Microsoft backbone network whereas using private endpoint vm is connecting to private IP of the NIC that is created for the storage account, so it never leaves that subnet. 3. NSG Setup In service endpoint you will still have to allow the connection to the storage account, you can leverage the service tag for that. Whereas using private endpoint the communication is happening inside the subnet so even if there is NSG it won't affect this communication and you won't have to make any modification to allow this communication. 4. On prem connectivity Using service endpoint if you have to allow on prem resources to connect to storage account you will have to configure natting but using private endpoint your on prem resources if they S2S vpn or express route configured they can easily connect to the storage account.

Our client do not want to expose public endpoint of storage account for any connectivity for security reasons, can we still configure service end point as its going through MS back bone.

Hi, Is private endpoint connection faster than service endpoint?

One drawback in private end point is ,we can't use custom domain name with private DNS, we should go with public dns only for our internal custom domain names

Could you please ellobrate us practically

What is the advantage of configuring service endpoint, when the resource can be accessed anyways without that.

Isn't key difference how secure the solution is? It seems Private Endpoint is much more secure when needing to protect sensitive data.

It was not clear regarding the NSG rules applied to Private endpoints.

7:48 you say its leaving the virtual network, while at 2:08 and 5:17 you say its not going over the internet.

Please suggest: what to use Service or Private endpoints for the scenario when we need to access from one subscription to another.. For. e.g. If we want to copy data from datalake from SubscriptionA and move the data to another Datalake in SubscriptionB?... I believe it should be Private Endpoints but waiting for all yours suggestions here :)

3) is very confusing.

Maldito acento hindú: no se entiende!

Nice try, but you are just parroting the the things without explaining.

amazing explanation