How to make Azure Communication Service Communicate with an azure service that is in private network?

Question

Hello,

I would like to know if there is a possibility to configure private endpoint with Azure Communication Service?

Or is there any other way for Azure Communication Service to contact (via webhook) a server that is in an azure private network?
If it is not possible, what would be the best approach for you to try to keep our server that handle ACS events as private as possible? Would it be possible to allowlist ips (corresponding to our ACS) in our server?

Thank you,

Have a good day!

Romain

Answer 1

Hi Mateo, Romain ,
Welcome to the Microsoft Q&A Platform!
ACS does not natively support private endpoints.

• Expose the private service to the internet but restrict access to ACS IP ranges.
• Configure firewall/NSG rules to allow ACS IP ranges only.
• Use HTTPS to encrypt communication.
• Use an Azure Application Gateway with WAF to route and secure ACS traffic to the private service.
• Deploy Application Gateway in a subnet connected to your private network.
• Configure rules to allow ACS traffic only.
• Host Azure API Management in a VNet to act as a secure intermediary between ACS and the private service.
• Configure an API in APIM to forward requests to the private service.
• Leverage Azure Relay for secure communication between ACS and the private service without exposing it to the internet.
• Set up an Azure Relay namespace.
• Configure Hybrid Connection to route ACS requests to the private service.
• Deploy an Azure App Service or Azure Function with Private Link. This service can securely forward ACS traffic to the private network.
• Enable Private Link for the fronting service.
• Expose the fronting service to ACS and allowlist ACS IP ranges.
  ref:https://learn.microsoft.com/en-us/azure/virtual-network/service-tags-overview
  If the answer is helpful, please click Accept Answer and kindly upvote it so that other people who faces similar issue may get benefitted from it.