Connect from Azure SQL database to Storage account using Private Endpoint

[Guest Editah]

We have cases where our customers want to access from Azure SQL Database to Azure Storage Account(SA) using Private Endpoint(PE).

 

 

 

For additional information how you can configure PE for your storage account, please visit the following link: Tutorial: Connect to a storage account using an Azure Private Endpoint. The process involves configuring the private endpoint for the storage account to allow secure and private communication between the Azure resources and your storage account.

 

 

 

I would like to clarify that the use of a private endpoint is a connection from a VNET to a resource. However, Azure SQL DB is not VNET integrated and, as a result, it is not possible to access from Azure SQL Database to a storage account via a private endpoint.

 

 

 

The PE can still exist for other resources that can connect to the SA using PE, as example Azure SQL MI or Virtual Machines, but Azure SQL DB can't use it.

 

 

 

Our customers need to at least use the Selected Networks(public, but restricted), and use the Trusted option, specify the trusted server, ensure the server's managed identity has RBAC to it, and use managed identity (not SAS) for the Database credential.

 

Continue reading...