Thanks for a clear explanation and demo between the two. These 2 concepts are very similar and there is very little to separate between the 2. Your explanation and demo helped me clarify these concepts !

Thank you Travis, excellent narration with great visuals.

Dear Travis, Excellent demo. Thank you.

Wow!!, I wish all demos are this straight forward, precise and with examples. Please do more videos.

Awesome video Travis, explained everything I needed to know about Private endpoints and custom DNS in one video. Saved me a ton of time :) thanks!

Another great video Travis! Thank you so much for making these videos and certainly helps understand Azure concepts more clearly

Very well explained and most helpful! Thanks for putting this together.

Great video Travis! Thanks so much for this clear explanation.

Superb explanation about Service Endpoint and Private Endpoint. Thanks Roberts

I was looking for a video about Service Endpoints and this exactly what I was after. Thank you!

This same video series by other trainers covering the same material might be 2 hours. This is a lot of info packed into 25 minutes. I really like how you get to the point without the unnecessary babble, and you actually demo what you are covering instead of just explaining the theory behind it. Great video series, I've learned a ton from them

Excellent Demonstration!

Excellent video.... You sir have earned another subscription!

Thanks. Although I got confused by couple of formulations. Mainly: you start explanation of Service endpoints by saying "The goal then would to block access to only allow traffic from a subnet or resource on an on-premises network". A minute later you conclude by slide "Not available from private on-premises networks".

Clear explanation. Subscribed

Top class content as expected

Great demo, thanks

Great video, thank you

Merciii you are the best 👍🏻👍🏻👍🏻

Well explained

Dear Travis, Question - Once you enable a service end point or a private end point on the available services e.g. SQL Data Warehouse or Synapse, will there be a problem in connecting from other PaaS services like ADF to the Synapse cluster on which the public\private end points are enabled ?

So nice!!

Many thanks for your insightful video. Where is the DNS server in your video hosted? Could we use a DNS server hosted in Azure?

Thank you

extremely technical with diagrams and explanations ... i guess the storage account is referred to as "Public IP" and didn't even start to tell what's an endpoint.

Does the private endpoint also work for an Azure Function which is VNet integrated? I would like to access a firewall restricted storage account from the functions app without having to use an app service environment.

Everything was working till I configured the private endpoints. I wonder if I need to make any extra settings, to connect my on prem network to the vnet?

Hello, If I enable a service end point from the Subnet to example a SQL Server ( Azure Paas), do I still have to add NSG rule in outbound 443 in Subnet to allow me to connect....or that is no longer required as I enabled a Service End point already. Thank you

What is the main difference between a service endpoint and a private endpoint? Let’s say that I have a storage account with a queue and I want to write to this queue from a Logic App and later read this queue from a Function App that has VNET integration. And for debugging purposes I would also like to be able to access the queue from a local development laptop. In this case should I use a service or private endpoint?

Hi Travis, great video! I have private endpoints up and running, but now I am facing a big problem I don't know how to solve: I have an SQL database that is accesible via private endpoints and over my vnets located on the same region (Central US), but now I have another vnet full of VMs in another region (South Central US) I can not add this vnet to sql server firewall, and my VMs are now resolvind that sql server via private endpoint IP, so they can't connect to the database. (I do have a network peering between all my vnets) What can I do?

Hi Travis, in advance congratulations on your videos, they are excellent I would like to ask you a question about Azure Files. A machine that is not joined to a domain and is connected to a network for example at home, can it connect to shared resources using Active Directory authentication?

I need a private endpoint on a storage account that allows users to access multiple target resources, blobs, tables, files, queues. Do I need a private endpoint for each sub resource?

Hi Travis, I have a quick question, for a POC setup I realised it the same way that you did. There is only one issue at my side.. When I do a nslookup I got the following, nslookup storageacc.file.core.windows.net server: dns.server.com address: internal ip non-authoritative answer: name - file.etcetcetc.store.core.windows.net address - a public IP address alias - storageacc.file.core.windows.net storageacc.privatelink.file.core.windows.net The first lookup points to the public IP, however when I do another nslookup right after the one above I get the correct internal IP address. Would you have any idea what causes this? nslookup storageacc.file.core.windows.net server: dns.server.com address: internal ip non-authoritative answer: name - storageacc.privatelink.file.core.windows.net address - correct internal IP address alias - storageacc.file.core.windows.net

What's the best way to secure connect my road worriers laptops to Azure Storage?

Travis, in my environment, I’m trying to test the exact scenario you’ve presented-Private Endpoint on a storage account when using your own DNS. However, I don’t have the rights to create a new forward lookup zone, so for testing, I’ve edited the host file of a server on the same vNet and subnet as the private end point “10.x.x.x storacct1.privatelink.blob.core.windows.net”. However, when I run the nslookup, even after flushing DNS, there’s no change. The public endpoint IP is still returned. Any suggestions?

Hey Travis , good video . I have a query , by default it creates a private zone in the azure portal. What if we select no under "private zone"" during creation and continue as is ?? I also have a custom DNS will that work ?? Can't I just create A record "StorageAccountA.blob.core.windows.net" in my DNS and point to private IP ?

gracias

Does ADDS authentication work with private endpoint? I cant get it to work

hi i wanna use my tenant.onmicrosoft.com and point it both VMs and change txt and A record is that possible?

thanks for the explanation..i have a vm on azure and we are running cron jobs to copy data from one mount to azure blob storage mount point which is mounted on same vm...the traffic is routed over internet and it is taking 7-8 hours for copy..can i enable service tag ton subnet to storage account and will that solve my problem of speed and copy data from server to azure over backend network instead of internet?

if during the creation of the Private Link for a given storage account (blob), I choose not to create a private DNS zone, on the DNS server I will have to create which type of zone and dns record? Couldn't you just create a zone in the internal DNS called StorageAccountA.blob.core.windows.net and with a Type A record pointing to the Private Link's internal IP? If I don't decide to create a private zone when creating the Private Link Endpoint? Will external name resolution for the name StorageAccountA.blob.core.windows.net still be a cname for StorageAccountA.privatelink.blob.core.windows.net? Or will external name resolution for the name StorageAccountA.blob.core.windows.net go straight to the public IP?

What is the name of that green spaceship at the shelf?

Can you please look into the camera and talk - otherwise its an awesome tutorial ! thanks

azure endpoint not syncing with Origin hostname

More Ads please!

The video content is really great, but what the hell with the advertisement??? It's 8:01 and I already had 3 of them... How should I ever want to finish this 24 minutes video.....

Can we access the Azure file share with actual domain name instead of file.windoews.net suffix