{"id":2556,"date":"2022-02-20T15:09:43","date_gmt":"2022-02-20T15:09:43","guid":{"rendered":"https:\/\/exceedthecloud.com\/?p=2556"},"modified":"2022-02-21T09:17:41","modified_gmt":"2022-02-21T09:17:41","slug":"restrict-network-access-to-paas-resources-with-virtual-network-service-endpoints","status":"publish","type":"post","link":"https:\/\/exceedthecloud.com\/?p=2556","title":{"rendered":"Restrict network access to PaaS resources with virtual network service endpoints"},"content":{"rendered":"\n<p>Virtual network service endpoints enable you to limit network access to some Azure service resources to a virtual network subnet. You can also remove internet access to the resources. Service endpoints provide direct connection from your virtual network to supported Azure services, allowing you to use your virtual network\u2019s private address space to access the Azure services. Traffic destined to Azure resources through service endpoints always stays on the Microsoft Azure backbone network.<\/p>\n\n\n\n<p>In this lab, you will:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Task 1: Create a virtual network<\/li><li>Task 2: Enable a service endpoint<\/li><li>Task 3: Restrict network access for a subnet<\/li><li>Task 4: Add additional outbound rules<\/li><li>Task 5: Allow access for RDP connections<\/li><li>Task 6: Restrict network access to a resource<\/li><li>Task 7: Create a file share in the storage account<\/li><li>Task 8: Restrict network access to a subnet<\/li><li>Task 9: Create virtual machines<\/li><li>Task 10: Confirm access to storage account<\/li><\/ul>\n\n\n\n<p>Prerequisites for this labs :&nbsp;<a href=\"https:\/\/azure.microsoft.com\/en-us\/free\/\" target=\"_blank\" rel=\"noreferrer noopener\">Azure Account<\/a>&nbsp;\/&nbsp;<a href=\"https:\/\/github.com\/marcelin-ndjila\/Practical-Labs-Series\/blob\/master\/Azurelabs09.zip\" target=\"_blank\" rel=\"noreferrer noopener\">Download Labs Files here<\/a><\/p>\n\n\n\n<p><strong>Task 1: Create a virtual network<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\" type=\"1\"><li>Login to the Azure Portal.<\/li><li>On the Azure Portal home page, search for virtual network and then select <strong>Virtual network<\/strong> from the results.<\/li><li>Select <strong>+<\/strong> <strong>Create<\/strong>.<\/li><li>Enter, or select, the following information:<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-table\"><table><thead><tr><td><strong>Setting<\/strong><\/td><td><strong>Value<\/strong><\/td><\/tr><\/thead><tbody><tr><td>Subscription<\/td><td>Select your subscription<\/td><\/tr><tr><td>Resource group<\/td><td>(New) Exceedlabs20022022-RG<\/td><\/tr><tr><td>Name<\/td><td>CoreServicesVNet<\/td><\/tr><tr><td>Location<\/td><td>Select <strong>East US<\/strong><\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"912\" height=\"486\" src=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/picture1-10.png\" alt=\"\" class=\"wp-image-2557\" srcset=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/picture1-10.png 912w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/picture1-10-300x160.png 300w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/picture1-10-768x409.png 768w\" sizes=\"auto, (max-width: 912px) 100vw, 912px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\" type=\"1\"><li>Select the <strong>IP Addresses<\/strong> tab and enter the following values (select <strong>default<\/strong> to change the subnet name):<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-table\"><table><thead><tr><td><strong>Setting<\/strong><\/td><td><strong>Value<\/strong><\/td><\/tr><\/thead><tbody><tr><td>Address space<\/td><td>10.0.0.0\/16<\/td><\/tr><tr><td>Subnet Name<\/td><td>Public<\/td><\/tr><tr><td>Subnet Address range<\/td><td>10.0.0.0\/24<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"914\" height=\"477\" src=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/picture2-10.png\" alt=\"\" class=\"wp-image-2558\" srcset=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/picture2-10.png 914w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/picture2-10-300x157.png 300w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/picture2-10-768x401.png 768w\" sizes=\"auto, (max-width: 914px) 100vw, 914px\" \/><\/figure>\n\n\n\n<p>Select the <strong>Security<\/strong> tab and enter the following values:<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table><thead><tr><td><strong>Setting<\/strong><\/td><td><strong>Value<\/strong><\/td><\/tr><\/thead><tbody><tr><td>BastionHost<\/td><td>Disabled<\/td><\/tr><tr><td>DDoS protection<\/td><td>Disabled<\/td><\/tr><tr><td>Firewall<\/td><td>Disabled<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"879\" height=\"485\" src=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/picture3-10.png\" alt=\"\" class=\"wp-image-2559\" srcset=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/picture3-10.png 879w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/picture3-10-300x166.png 300w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/picture3-10-768x424.png 768w\" sizes=\"auto, (max-width: 879px) 100vw, 879px\" \/><\/figure>\n\n\n\n<p>Click <strong>Review + Create<\/strong>. Once the resource is validated select <strong>Create<\/strong>.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"841\" height=\"484\" src=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/picture4-10.png\" alt=\"\" class=\"wp-image-2560\" srcset=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/picture4-10.png 841w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/picture4-10-300x173.png 300w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/picture4-10-768x442.png 768w\" sizes=\"auto, (max-width: 841px) 100vw, 841px\" \/><\/figure>\n\n\n\n<p><strong>Task 2: Enable a service endpoint<\/strong><\/p>\n\n\n\n<p>Service endpoints are enabled per service, per subnet. Create a subnet and enable a service endpoint for the subnet.<\/p>\n\n\n\n<ul class=\"wp-block-list\" type=\"1\"><li>In the <strong>Search resources, services, and docs<\/strong> box at the top of the portal, enter CoreServicesVNet. When CoreServicesVNet appears in the search results, select it.<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"362\" src=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/picture5-10-1024x362.png\" alt=\"\" class=\"wp-image-2561\" srcset=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/picture5-10-1024x362.png 1024w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/picture5-10-300x106.png 300w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/picture5-10-768x272.png 768w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/picture5-10.png 1286w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\" type=\"1\"><li>Add a subnet to the virtual network. Under <strong>Settings<\/strong>, select <strong>Subnets<\/strong>, and then select <strong>+ Subnet<\/strong>, as shown in the following picture:<\/li><li>Under <strong>Add subnet<\/strong>, select or enter the following information:<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-table\"><table><thead><tr><td><strong>Setting<\/strong><\/td><td><strong>Value<\/strong><\/td><\/tr><\/thead><tbody><tr><td>Name<\/td><td>Private<\/td><\/tr><tr><td>Address range<\/td><td>10.0.1.0\/24<\/td><\/tr><tr><td>Service endpoints: Services<\/td><td>Select <strong>Microsoft.Storage<\/strong><\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"788\" src=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/picture6-9-1024x788.png\" alt=\"\" class=\"wp-image-2562\" srcset=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/picture6-9-1024x788.png 1024w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/picture6-9-300x231.png 300w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/picture6-9-768x591.png 768w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/picture6-9.png 1095w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\" type=\"1\"><li>Select <strong>Save<\/strong>.<\/li><\/ul>\n\n\n\n<p>You should now have two subnets configured:<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"790\" height=\"283\" src=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/picture7-9.png\" alt=\"\" class=\"wp-image-2563\" srcset=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/picture7-9.png 790w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/picture7-9-300x107.png 300w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/picture7-9-768x275.png 768w\" sizes=\"auto, (max-width: 790px) 100vw, 790px\" \/><\/figure>\n\n\n\n<p><strong>Task 3: Restrict network access for a subnet<\/strong><\/p>\n\n\n\n<p>By default, all VMs in a subnet can communicate with all resources. You can limit communication to and from all resources in a subnet by creating a network security group and associating it to the subnet.<\/p>\n\n\n\n<ul class=\"wp-block-list\" type=\"1\"><li>In the <strong>Search resources, services, and docs<\/strong> box at the top of the portal, enter <strong>security group<\/strong>. When <strong>Network Security groups<\/strong> appears in the search results, select it.<\/li><li>In Network security groups, select <strong>+ Create<\/strong>.<\/li><li>Enter or select, the following information:<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-table\"><table><thead><tr><td><strong>Setting<\/strong><\/td><td><strong>Value<\/strong><\/td><\/tr><\/thead><tbody><tr><td>Subscription<\/td><td>Select your subscription<\/td><\/tr><tr><td>Resource group<\/td><td>Exceedlabs20022022-RG<\/td><\/tr><tr><td>Name<\/td><td>ExceedlabsPrivateNSG<\/td><\/tr><tr><td>Location<\/td><td>Select <strong>East US<\/strong><\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"973\" height=\"482\" src=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/picture8-8.png\" alt=\"\" class=\"wp-image-2564\" srcset=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/picture8-8.png 973w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/picture8-8-300x149.png 300w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/picture8-8-768x380.png 768w\" sizes=\"auto, (max-width: 973px) 100vw, 973px\" \/><\/figure>\n\n\n\n<p>select <strong>Review + create<\/strong>, then click <strong>Create<\/strong>:<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"778\" height=\"476\" src=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/picture9-8.png\" alt=\"\" class=\"wp-image-2565\" srcset=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/picture9-8.png 778w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/picture9-8-300x184.png 300w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/picture9-8-768x470.png 768w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/picture9-8-80x50.png 80w\" sizes=\"auto, (max-width: 778px) 100vw, 778px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\" type=\"1\"><li>After the ExceedlabsPrivateNSG network security group is created, select <strong>Go to resource<\/strong>.<\/li><li>Under <strong>Settings<\/strong>, select <strong>Outbound security rules<\/strong>.<\/li><li>Select <strong>+ Add<\/strong>.<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"335\" src=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/picture10-6-1024x335.png\" alt=\"\" class=\"wp-image-2566\" srcset=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/picture10-6-1024x335.png 1024w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/picture10-6-300x98.png 300w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/picture10-6-768x251.png 768w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/picture10-6.png 1307w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\" type=\"1\"><li>Create a rule that allows outbound communication to the Azure Storage service. Enter, or select, the following information:<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-table\"><table><thead><tr><td><strong>Setting<\/strong><\/td><td><strong>Value<\/strong><\/td><\/tr><\/thead><tbody><tr><td>Source<\/td><td>Select <strong>VirtualNetwork<\/strong><\/td><\/tr><tr><td>Source port ranges<\/td><td>*<\/td><\/tr><tr><td>Destination<\/td><td>Select <strong>Service Tag<\/strong><\/td><\/tr><tr><td>Destination service tag<\/td><td>Select <strong>Storage<\/strong><\/td><\/tr><tr><td>Service<\/td><td>Custom<\/td><\/tr><tr><td>Destination port ranges<\/td><td>*<\/td><\/tr><tr><td>Protocol<\/td><td>Any<\/td><\/tr><tr><td>Action<\/td><td>Allow<\/td><\/tr><tr><td>Priority<\/td><td>100<\/td><\/tr><tr><td>Name<\/td><td>Allow-Storage-All<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"410\" src=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/picture11-5-1024x410.png\" alt=\"\" class=\"wp-image-2567\" srcset=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/picture11-5-1024x410.png 1024w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/picture11-5-300x120.png 300w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/picture11-5-768x307.png 768w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/picture11-5.png 1297w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>Select <strong>Add<\/strong>:<\/p>\n\n\n\n<p><strong>Task 4: Add additional outbound rules<\/strong><\/p>\n\n\n\n<p>Create another outbound security rule that denies communication to the internet. This rule overrides a default rule in all network security groups that allows outbound internet communication.<\/p>\n\n\n\n<ul class=\"wp-block-list\" type=\"1\"><li>Select <strong>+Add<\/strong> under <strong>Outbound security rules<\/strong>.<\/li><li>Enter, or select, the following information:<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-table\"><table><thead><tr><td><strong>Setting<\/strong><\/td><td><strong>Value<\/strong><\/td><\/tr><\/thead><tbody><tr><td>Source<\/td><td>Select <strong>VirtualNetwork<\/strong><\/td><\/tr><tr><td>Source port ranges<\/td><td>*<\/td><\/tr><tr><td>Destination<\/td><td>Select <strong>Service Tag<\/strong><\/td><\/tr><tr><td>Destination service tag<\/td><td>Select <strong>Internet<\/strong><\/td><\/tr><tr><td>Service<\/td><td>Custom<\/td><\/tr><tr><td>Destination port ranges<\/td><td>*<\/td><\/tr><tr><td>Protocol<\/td><td>Any<\/td><\/tr><tr><td>Action<\/td><td>Deny<\/td><\/tr><tr><td>Priority<\/td><td>110<\/td><\/tr><tr><td>Name<\/td><td>Deny-Internet-All<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"416\" src=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/picture12-4-1024x416.png\" alt=\"\" class=\"wp-image-2568\" srcset=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/picture12-4-1024x416.png 1024w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/picture12-4-300x122.png 300w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/picture12-4-768x312.png 768w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/picture12-4.png 1295w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>Select <strong>Add<\/strong>.<\/p>\n\n\n\n<p><strong>Task 5: Allow access for RDP connections<\/strong><\/p>\n\n\n\n<p>Create an inbound security rule that allows Remote Desktop Protocol (RDP) traffic to the subnet from anywhere. The rule overrides a default security rule that denies all inbound traffic from the internet. Remote desktop connections are allowed to the subnet so that connectivity can be tested in a later step.<\/p>\n\n\n\n<p>On ExceedlabsPrivateNSG Outbound security rules, under <strong>Settings<\/strong>, select <strong>Inbound security rules<\/strong>.<\/p>\n\n\n\n<ul class=\"wp-block-list\" type=\"1\" start=\"2\"><li>Select <strong>+ Add<\/strong>.<\/li><li>In Add inbound security rule, enter the following values::<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-table\"><table><thead><tr><td><strong>Setting<\/strong><\/td><td><strong>Value<\/strong><\/td><\/tr><\/thead><tbody><tr><td>Source<\/td><td>Any<\/td><\/tr><tr><td>Source port ranges<\/td><td>*<\/td><\/tr><tr><td>Destination<\/td><td>Select <strong>VirtualNetwork<\/strong><\/td><\/tr><tr><td>Service<\/td><td>Custom<\/td><\/tr><tr><td>Destination port ranges<\/td><td>3389<\/td><\/tr><tr><td>Protocol<\/td><td>Any<\/td><\/tr><tr><td>Action<\/td><td>Allow<\/td><\/tr><tr><td>Priority<\/td><td>120<\/td><\/tr><tr><td>Name<\/td><td>Allow-RDP-All<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"409\" src=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/picture13-2-1024x409.png\" alt=\"\" class=\"wp-image-2569\" srcset=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/picture13-2-1024x409.png 1024w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/picture13-2-300x120.png 300w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/picture13-2-768x307.png 768w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/picture13-2.png 1294w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\" type=\"1\"><li>And then select <strong>Add<\/strong>.<\/li><\/ul>\n\n\n\n<p><strong>Warning<\/strong>: RDP port 3389 is exposed to the Internet. This is only recommended for testing. For production environments, we recommend using a VPN or private connection.<\/p>\n\n\n\n<ul class=\"wp-block-list\" type=\"1\"><li>Under <strong>Settings<\/strong>, select <strong>Subnets<\/strong>.<\/li><li>Select <strong>+ Associate.<\/strong><\/li><li>Under <strong>Associate subnet<\/strong>, select <strong>Virtual network<\/strong> and then select <strong>CoreServicesVNet<\/strong> under <strong>Choose a virtual network<\/strong>.<\/li><li>Under <strong>Choose subnet<\/strong>, select <strong>Private<\/strong>, and then select <strong>OK<\/strong>.<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"406\" src=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/picture14-2-1024x406.png\" alt=\"\" class=\"wp-image-2570\" srcset=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/picture14-2-1024x406.png 1024w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/picture14-2-300x119.png 300w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/picture14-2-768x304.png 768w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/picture14-2.png 1303w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p><strong>Task 6: Restrict network access to a resource<\/strong><\/p>\n\n\n\n<p>The steps necessary to restrict network access to resources created through Azure services enabled for service endpoints varies across services. See the documentation for individual services for specific steps for each service. The remainder of this lab includes steps to restrict network access for an Azure Storage account, as an example.<\/p>\n\n\n\n<ul class=\"wp-block-list\" type=\"1\"><li>In the Azure portal, select Storage accounts.<\/li><li>Select +Create.<\/li><li>Enter, or select, the following information and accept the remaining defaults:<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-table\"><table><thead><tr><td><strong>Setting<\/strong><\/td><td><strong>Value<\/strong><\/td><\/tr><\/thead><tbody><tr><td>Subscription<\/td><td>Select your subscription<\/td><\/tr><tr><td>Resource group<\/td><td>Exceedlabs20022022-RG<\/td><\/tr><tr><td>Name<\/td><td>Enter exceedlabsstoragenm (where xx are your initials to make it unique)<\/td><\/tr><tr><td>Performance<\/td><td>Standard StorageV2 (general purpose v2)<\/td><\/tr><tr><td>Location<\/td><td>Select East US<\/td><\/tr><tr><td>Replication<\/td><td>Locally-redundant storage (LRS)<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"846\" height=\"468\" src=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/picture15-2.png\" alt=\"\" class=\"wp-image-2571\" srcset=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/picture15-2.png 846w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/picture15-2-300x166.png 300w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/picture15-2-768x425.png 768w\" sizes=\"auto, (max-width: 846px) 100vw, 846px\" \/><\/figure>\n\n\n\n<p>select <strong>Review + create<\/strong>, then click <strong>Create<\/strong>.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"857\" height=\"466\" src=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/picture16-2.png\" alt=\"\" class=\"wp-image-2572\" srcset=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/picture16-2.png 857w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/picture16-2-300x163.png 300w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/picture16-2-768x418.png 768w\" sizes=\"auto, (max-width: 857px) 100vw, 857px\" \/><\/figure>\n\n\n\n<p><strong>Task 7: Create a file share in the storage account<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\" type=\"1\"><li>After the storage account is created, enter the name of the storage account in the <strong>Search resources, services, and docs<\/strong> box, at the top of the portal. When the name of your storage account appears in the search results, select it.<\/li><li>Select <strong>File shares<\/strong>, as shown in the following picture:<\/li><li>Select <strong>+ File share<\/strong>.<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"383\" src=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/picture17-2-1024x383.png\" alt=\"\" class=\"wp-image-2573\" srcset=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/picture17-2-1024x383.png 1024w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/picture17-2-300x112.png 300w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/picture17-2-768x287.png 768w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/picture17-2.png 1287w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>Enter marketing under <strong>Name<\/strong>, and then select <strong>Create<\/strong>.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"408\" src=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/picture18-2-1024x408.png\" alt=\"\" class=\"wp-image-2574\" srcset=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/picture18-2-1024x408.png 1024w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/picture18-2-300x119.png 300w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/picture18-2-768x306.png 768w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/picture18-2.png 1294w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p><strong>Task 8: Restrict network access to a subnet<\/strong><\/p>\n\n\n\n<p>By default, storage accounts accept network connections from clients in any network, including the internet. Deny network access from the internet, and all other subnets in all virtual networks, except for the Private subnet in the CoreServicesVNet virtual network.<\/p>\n\n\n\n<ul class=\"wp-block-list\" type=\"1\"><li>Under <strong>Security + networking<\/strong> for the storage account, select <strong>Networking<\/strong>.<\/li><li>Select <strong>Selected networks<\/strong>.<\/li><li>Select <strong>+Add existing virtual network<\/strong>.<\/li><li>Under <strong>Add networks<\/strong>, select the following values:<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-table\"><table><thead><tr><td><strong>Setting<\/strong><\/td><td><strong>Value<\/strong><\/td><\/tr><\/thead><tbody><tr><td>Subscription<\/td><td>Select your subscription.<\/td><\/tr><tr><td>Virtual networks<\/td><td>Select CoreServicesVNet<strong>.<\/strong><\/td><\/tr><tr><td>Subnets<\/td><td>Select <strong>Private<\/strong>.<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"420\" src=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/picture19-2-1024x420.png\" alt=\"\" class=\"wp-image-2575\" srcset=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/picture19-2-1024x420.png 1024w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/picture19-2-300x123.png 300w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/picture19-2-768x315.png 768w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/picture19-2.png 1299w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>Select <strong>Add<\/strong>.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"409\" src=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/picture20-2-1024x409.png\" alt=\"\" class=\"wp-image-2576\" srcset=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/picture20-2-1024x409.png 1024w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/picture20-2-300x120.png 300w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/picture20-2-768x307.png 768w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/picture20-2.png 1290w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\" type=\"1\"><li>Select <strong>Save<\/strong>.<\/li><li>Under <strong>Security and Networking<\/strong> for the storage account, select <strong>Access keys<\/strong>.<\/li><li>Select <strong>Show Keys<\/strong>. Note the <strong>Key<\/strong> value, as you\u2019ll have to manually enter it in a later step when mapping the file share to a drive letter in a VM.<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"476\" src=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/picture21-2-1024x476.png\" alt=\"\" class=\"wp-image-2577\" srcset=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/picture21-2-1024x476.png 1024w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/picture21-2-300x140.png 300w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/picture21-2-768x357.png 768w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/picture21-2.png 1094w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p><strong>Task 9: Create virtual machines<\/strong><\/p>\n\n\n\n<p>To test network access to a storage account, deploy a VM to each subnet.<\/p>\n\n\n\n<ul class=\"wp-block-list\" type=\"1\"><li>In the Azure portal, open the <strong>PowerShell<\/strong> session within the <strong>Cloud Shell<\/strong> pane.<\/li><li>In the toolbar of the Cloud Shell pane, select the Upload\/Download files icon, in the drop-down menu, select Upload and upload the following files <strong>VMs.json<\/strong> and <strong>VMs.parameters.json<\/strong> into the Cloud Shell home directory from the source folder <strong>F:\\Allfiles\\Labs\\M07<\/strong>.<\/li><li>Deploy the following ARM templates to create the VMs needed for this lab:<\/li><\/ul>\n\n\n\n<p>code<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>$RGName = \"Exceedlabs20022022-RG\"\n   \nNew-AzResourceGroupDeployment -ResourceGroupName $RGName -TemplateFile VMs.json -TemplateParameterFile VMs.parameters.json\n<\/code><\/pre>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"309\" src=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/picture22-2-1024x309.png\" alt=\"\" class=\"wp-image-2578\" srcset=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/picture22-2-1024x309.png 1024w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/picture22-2-300x91.png 300w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/picture22-2-768x232.png 768w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/picture22-2.png 1350w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>When the deployment is complete, go to the Azure portal home page, and then select <strong>Virtual Machines<\/strong>.<\/p>\n\n\n\n<p><strong>Task 10: Confirm access to storage account<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\" type=\"1\"><li>Once the ExceedlabsPrivate VM finishes creating, open the blade for the VM by selecting Go to resource. Select the Connect button, then select RDP.<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"420\" src=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/picture23-2-1024x420.png\" alt=\"\" class=\"wp-image-2579\" srcset=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/picture23-2-1024x420.png 1024w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/picture23-2-300x123.png 300w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/picture23-2-768x315.png 768w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/picture23-2.png 1300w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\" type=\"1\"><li>After selecting the Connect button and RDP, select the Download RDP File button. A Remote Desktop Protocol (.rdp) file is created and downloaded to your computer.<\/li><li>Open the downloaded rdp file. If prompted, select Connect. Enter the user name and password you specified when creating the VM. You may need to select More choices, then Use a different account, to specify the credentials you entered when you created the VM.<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"537\" height=\"286\" src=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/picture24-2.png\" alt=\"\" class=\"wp-image-2580\" srcset=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/picture24-2.png 537w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/picture24-2-300x160.png 300w\" sizes=\"auto, (max-width: 537px) 100vw, 537px\" \/><\/figure>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"452\" height=\"309\" src=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/picture25-2.png\" alt=\"\" class=\"wp-image-2581\" srcset=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/picture25-2.png 452w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/picture25-2-300x205.png 300w\" sizes=\"auto, (max-width: 452px) 100vw, 452px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\" type=\"1\"><li>Select <strong>OK<\/strong>.<\/li><li>You may receive a certificate warning during the sign-in process. If you receive the warning, select Yes or Continue to proceed with the connection.<\/li><li>On the ExceedlabsPrivate VM, map the Azure file share to drive Z using PowerShell. Before running the commands that follow, replace , (i.e. exceedlabsstoragenm) and my-file-share (i.e marketing) with values you supplied and retrieved in the Create a storage account task.<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>$connectTestResult = Test-NetConnection -ComputerName exceedlabsstoragenm.file.core.windows.net -Port 445\nif ($connectTestResult.TcpTestSucceeded) {\n    # Save the password so the drive will persist on reboot\n    cmd.exe \/C \"cmdkey \/add:`\"exceedlabsstoragenm.file.core.windows.net`\" \/user:`\"localhost\\exceedlabsstoragenm`\" \/pass:`\"<mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-white-color\">daGYbO8F394VABIvr2qJDcdP56KD6eExXBtKdUwcAd2EXU7XTqTg0EJPC3zwbTCdLCyW3W9l0HBs+ASte3qarA==`\"\"<\/mark>\n    # Mount the drive\n    New-PSDrive -Name Z -PSProvider FileSystem -Root \"\\\\exceedlabsstoragenm.file.core.windows.net\\marketing\" -Persist\n} else {\n    Write-Error -Message \"Unable to reach the Azure storage account via port 445. Check to make sure your organization or ISP is not blocking port 445, or use Azure P2S VPN, Azure S2S VPN, or Express Route to tunnel SMB traffic over a different port.\"\n}\n<\/code><\/pre>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"386\" src=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/picture26-2-1024x386.png\" alt=\"\" class=\"wp-image-2582\" srcset=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/picture26-2-1024x386.png 1024w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/picture26-2-300x113.png 300w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/picture26-2-768x289.png 768w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/picture26-2.png 1096w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"443\" src=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/picture27-2-1024x443.png\" alt=\"\" class=\"wp-image-2583\" srcset=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/picture27-2-1024x443.png 1024w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/picture27-2-300x130.png 300w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/picture27-2-768x332.png 768w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/picture27-2.png 1112w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>code<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>The Azure file share successfully mapped to the Z drive.\n\nConfirm that the VM has no outbound connectivity to the internet from a command prompt:\n\n ping bing.com\n\nYou receive no replies because the network security group associated to the Private subnet does not allow outbound access to the internet.\n<\/code><\/pre>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"318\" src=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/picture28-2-1024x318.png\" alt=\"\" class=\"wp-image-2584\" srcset=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/picture28-2-1024x318.png 1024w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/picture28-2-300x93.png 300w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/picture28-2-768x239.png 768w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/picture28-2.png 1132w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>Close the remote desktop session to the ExceedPrivate VM.<\/p>\n\n\n\n<p>### Confirm access is denied to storage account<\/p>\n\n\n\n<p>Enter ExceedPublic In the **Search resources, services, and docs** box at the top of the portal.<\/p>\n\n\n\n<p>When **ExceedPublic** appears in the search results, select it.<\/p>\n\n\n\n<p>Complete steps 1-6 in the Confirm access to storage account task for the ExceedPublic VM.&nbsp;<\/p>\n\n\n\n<p>&nbsp;&nbsp; \u200eAfter a short wait, you receive a New-PSDrive : Access is denied error. Access is denied because the ExceedlabsPublic VM is deployed in the Public subnet. The Public subnet does not have a service endpoint enabled for Azure Storage. The storage account only allows network access from the Private subnet, not the Public subnet.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"413\" src=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/picture29-2-1024x413.png\" alt=\"\" class=\"wp-image-2585\" srcset=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/picture29-2-1024x413.png 1024w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/picture29-2-300x121.png 300w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/picture29-2-768x309.png 768w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/picture29-2.png 1189w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>Confirm that the public VM does have outbound connectivity to the internet from a command prompt:<\/p>\n\n\n\n<p>&nbsp;ping bing.com&nbsp;&nbsp;&nbsp;<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"371\" src=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/picture30-2-1024x371.png\" alt=\"\" class=\"wp-image-2586\" srcset=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/picture30-2-1024x371.png 1024w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/picture30-2-300x109.png 300w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/picture30-2-768x278.png 768w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/picture30-2.png 1181w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>Close the remote desktop session to the ExceedPublic VM.<\/p>\n\n\n\n<p>From your computer, browse to the Azure portal.<\/p>\n\n\n\n<p>Enter the name of the storage account you created in the **Search resources, services, and docs** box. When the name of your storage account appears in the search results, select it.<\/p>\n\n\n\n<p>Select **File shares** then select the **marketing** file share.<\/p>\n\n\n\n<p>You receive the error shown in the following screenshot:<\/p>\n\n\n\n<p>&nbsp;&nbsp;&nbsp; ![Graphical user interface, text, application, email Description automatically generated](\/AZ-700-Designing-and-Implementing-Microsoft-Azure-Networking-Solutions\/Instructions\/media\/no-access.png)<\/p>\n\n\n\n<p>&nbsp;Access is denied, because your computer is not in the Private subnet of the CoreServicesVNet virtual network.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"389\" src=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/picture31-2-1024x389.png\" alt=\"\" class=\"wp-image-2587\" srcset=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/picture31-2-1024x389.png 1024w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/picture31-2-300x114.png 300w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/picture31-2-768x291.png 768w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/picture31-2.png 1302w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>Congratulations! You have restricted network access to PaaS resources with virtual network service endpoint.<\/p>\n\n\n\n<p><mark class=\"kt-highlight\"><mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-virtue-primary-color\">Reminder: Don&#8217;t forget to delete or shutdown all unused Azure resources after your labs for cost saving<\/mark><\/mark><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Virtual network service endpoints enable you to limit network access to some Azure service resources to a virtual network subnet. You can also remove internet access to the resources. Service endpoints provide direct connection from your virtual network to supported &hellip; <a href=\"https:\/\/exceedthecloud.com\/?p=2556\">Continued<\/a><\/p>\n","protected":false},"author":1,"featured_media":2593,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"kt_blocks_editor_width":"","_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[17,98,4,18,19],"tags":[28,70,58,101,35,31],"class_list":["post-2556","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-networking","category-powershell","category-practical-labs-series","category-security","category-virtual-machines","tag-azure-network","tag-paas","tag-security","tag-service-endpoints","tag-virtual-machines","tag-virtual-network"],"aioseo_notices":[],"jetpack_featured_media_url":"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/istockphoto-1344398876-612x612-1.jpg","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/exceedthecloud.com\/index.php?rest_route=\/wp\/v2\/posts\/2556","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/exceedthecloud.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/exceedthecloud.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/exceedthecloud.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/exceedthecloud.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2556"}],"version-history":[{"count":6,"href":"https:\/\/exceedthecloud.com\/index.php?rest_route=\/wp\/v2\/posts\/2556\/revisions"}],"predecessor-version":[{"id":2597,"href":"https:\/\/exceedthecloud.com\/index.php?rest_route=\/wp\/v2\/posts\/2556\/revisions\/2597"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/exceedthecloud.com\/index.php?rest_route=\/wp\/v2\/media\/2593"}],"wp:attachment":[{"href":"https:\/\/exceedthecloud.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2556"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/exceedthecloud.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2556"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/exceedthecloud.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2556"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}