PrivateLink

With so-called PrivateLink DNS entries, you can use Azure PaaS services as if they were in your own Virtual Network in Azure.

A Private Endpoint is created in this network, which receives an IP address within the network. You can then communicate with the service within the network via this endpoint.

Since the endpoint's IP address does not have to be static, communication happens via a DNS name. This is stored in a special DNS zone in Azure.

The following steps are processed sequentially:

1. A user creates a private endpoint for a service in Azure.
2. A policy detects this and creates the corresponding DNS entries in the central DNS zone.

Private KeyVault

The following instructions create a private KeyVault within a Virtual Network in Azure.

1. Log in to the Portal.
2. Use the interface to create a new KeyVault. Click into the global search field, enter Key Vaults, and select the Key Vaults service.
3. Click on Create.
4. Enter the details for the KeyVault.
5. Under the Networking tab, modify the following settings:
   • Disable the checkbox Enable Public Access.
   • Click the button Create a private endpoint.
   • Select the Virtual Network in which the private endpoint should be created.
   • Disable the box Integrate with private DNS Zone.
6. Click on Review + create and then on Create.

This Key Vault will have a private IP address in the address range of the Virtual Network after creation. You can check this via DNS using the terminal.

dig [Name of the KeyVault].vault.azure.net