- When an externally facing Azure PaaS service is accessed from a resource in a VNet the traffic stays on the Azure network
- The PaaS service still has an external facing endpoint that some companies do not want even with firewall/authentication lockdown
- Private Link enables PaaS services to have a private endpoint for a service instance created in a virtual network that is an avatar for that specific service instance
- Can also project custom services that are behind a standard load balancer using a Private Link Service
- Resources in the VNet can interact via the private endpoint directly to the service using the most efficient path
- Because it is instance specific helps stop data exfiltration
- Removes the need to peer [[VNET]]s which can be important where VNets may have overlapping IP ranges
- Mostly used in place of Service Endpoints
references:
Subscribe to NordLetter
A weekly newsletter on living in Finland.