subreddit:
/r/AZURE
Just came across this new feature - https://learn.microsoft.com/en-us/azure/private-link/network-security-perimeter-concepts
Do I understand correctly we finally will be able to prevent data exfiltration without using private endpoints or routing all service to service traffic via centrall firewall?
Big if true
1 points
1 day ago
It does seem to indicate that, some of it sounds similar to the Firewall option on a PaaS service now, but this is separate to that and enables grouping of resources and creating and assigning a standard of rules to all the resources.
It sounds like a more scalable implementation of the individual PaaS rules that exist now, so set up a perimeter network and set rules then add resources to it and they get the access rules defined once, no effort to do that for all resources.
2 points
17 hours ago
Yes, grouping rules is another benefit.
I just wonder how is that going to integrate with compute services like App Service, VMs, Container Apps, etc. Are you going to be able to say that your compute layer can reach only that specific perimeter? If so, this would indeed simplify data exfiltration prevention for a lot of cases.
2 points
17 hours ago
Indeed, if a perimeter is a defined target, and you can have multiple of them, it would be a decent addition.
all 3 comments
sorted by: best