Azure Monitor Private Link

Overview

  • Connect privately to Azure Monitor without opening up any public network access
  • Ensure your monitoring data is only accessed through authorized private networks
  • Prevent data exfiltration from your private networks by defining specific Azure Monitor resources that connect through your private endpoint
  • Keep all traffic inside the Microsoft Azure backbone network

Feature Assessment

  • Connect activity log to a log analytics workspace for injection test
  • Teams SSO bot web app is linked to an application insight
  • Azure Window Sever 2019 Virtual Machine for private link validation from Azure portal
    (To save cost, I provisioned spot instance Standard_A2_V2 SKU VM, which is listed as 1/6 of the regular price, even though the actual charged price is around $0.08/hour, but it still saves a lot)
> api.loganalytics.io
Server: UnKnown
Address: 168.63.129.16
Non-authoritative answer:
Name: azmon-prod-eus-0-ingress-draft.eastus.cloudapp.azure.com
Address: 20.49.109.80
Aliases: api.loganalytics.io
api.monitor.azure.com
api.privatelink.monitor.azure.com
draftprodoms.trafficmanager.net

Conclusion

Appendix

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Cloud Journey

Cloud Journey

All blogs are strictly personal and do not reflect the views of my employer, focus on cloud networking, cloud security, web and API security.