Closed SilvanBuehler closed 1 week ago
@SilvanBuehler Thanks for your feedback! We will investigate and update as appropriate.
@SilvanBuehler - do you have a resource management private link? Did you associate it with the root management group? Did you try the steps to verify the private DNS zone? https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/create-private-link-access-portal#verify-private-dns-zone
@SilvanBuehler - Have you tried the steps above as mentioned by @tfitzmac ?
@tfitzmac & @MonikaReddy-MSFT Yes, I have a resource management private link associated with the root management group and I have verified the private DNS zone. Deployments through this private link are working, but how can we restrict management access from outside this private link like the documentation suggests? I am still able to manage resources from clients/networks that are not connected to the private link.
Any update? Is the documentation wrong, or did I miss something in my configuration?
We have a new feedback system in place, so we need to close the remaining GitHub issues. I have created an issue in our internal tracking system.
According to this article, it should be possible to restrict azure resource management operation only to the private endpoints. As I understand this, this should be active as soon as the private link exists. But this seems not to be the case. In my test environment I configured a private link with a private endpoint. However, I am still able to manage all resources (including create/delete) without access to this private endpoint but over the public internet. Our goal is, to restrict access to azure resource management operations only to private connections (VPN/ExpressRoute). How can we achieve this? Are we missing a setting?
Document Details
⚠ Do not edit this section. It is required for learn.microsoft.com ➟ GitHub issue linking.