Exercise: Restrict network access to PaaS resources with virtual network service endpoints using the Azure portal

  • 20 minutes

Lab scenario

Virtual network service endpoints enable you to limit network access to Azure service resources in a subnet. You can also remove internet access to the resources. Service endpoints provide direct connection from your virtual network to supported Azure services, letting you use your virtual network's private address space to access the Azure services. Traffic destined to Azure resources through service endpoints always stays on the Microsoft Azure backbone network.

Architecture diagram

Diagram of a virtual network service endpoint architecture.

Objectives

  • Task 1: Create a virtual network.
  • Task 2: Enable a service endpoint.
  • Task 3: Restrict network access for a subnet.
  • Task 4: Add other outbound rules.
  • Task 5: Allow access for RDP connections.
  • Task 6: Restrict network access to a resource.
  • Task 7: Create a file share in the storage account.
  • Task 8: Restrict network access to a subnet.
  • Task 9: Create virtual machines.
    • Use a template to create the virtual machines. You can review the lab template.
    • Use Azure PowerShell to deploy the template.
  • Task 10: Confirm access to storage account.

Note

Click on the thumbnail image to start the lab simulation. When you're done, be sure to return to this page so you can continue learning.

Note

You may find slight differences between the interactive simulation and the hosted lab, but the core concepts and ideas being demonstrated are the same.

Screenshot of the simulation page.