Allow Network Access Restrictions

[garretwyman]

This is a feature request to setup App Service like access restrictions to the Azure Managed Grafana with options to:

1. Enable from all networks (no restrictions / full public access)
2. Enabled from select virtual networks and IP addresses
3. Disable public access

This is already being done with Azure App Services that looks like this:

This will add more security to the Azure Managed Grafana instance.

[weng5e]

Thanks for your feedback and interest! However, we will not add support for such experiences due to they are previous generations of Azure network isolation solutions. To ensure azure products are providing an uniform experience, there is an Azure wide policy for newer azure products to implement the same set of network features. e.g. "Enabled from select virtual networks" is a feature called service endpoint. Azure private endpoint is a newer generation network solution providing similar features as the previous generation product of service endpoint. Azure Managed Grafana has private endpoint support.

[garretwyman]

@weng5e Thanks for the reply. The big difference I see between "service endpoint" and "private endpoint" is in order to access the private endpoint from VPN/On-prem it would require some sort of VPN/Express route, where service endpoint is still accessed publicly, but allows restrictions to that public endpoint. We don't have an express route, so the private IP is not accessible.