How To Secure Our Azure Web App Services Using A Private Endpoints

Introduction

Azure Private Links works with Site-to-Site VPN, Point-to-Site VPN, and the Express Route to provide private and secure access to Azure PaaS services over Azure Private Endpoints. The Azure PAAS Services include a read-only network interface service called Azure Private Endpoint. It allows you to add deployed sites to your virtual network and restrict network access to them.

Key Benefits

  • Blocking access to the internet in general.
  • Accessible from within the company's on-premises network
  • From outside the business network, access is possible through an authorized VPN client.

Step 1

We've already set up Azure Web App service (battitraining) and Virtual Network (Article-VNet) in the Azure portal.

How To Secure Our Azure Web App Services Using A Private Endpoints

Step 2

Go to the Web App and copy the URL of the application from the Overview page.

How To Secure Our Azure Web App Services Using A Private Endpoints

Step 3

Open a browser, paste the URL, and hit enter, we will receive the landing page, so can observe that the URL is working publicly in the browser. Now we can see what the resolving IP is, so open the Command prompt and execute the "nslookup" command to see the resolved IP and make sure it's the Public IP address.

How To Secure Our Azure Web App Services Using A Private Endpoints

Step 4

Now go to your Azure portal and access the App service; within the App service, check whether the Private endpoint is available by selecting Networking from the Settings menu. Now that we've discovered that the Private endpoint isn't working, we'll need to upgrade our app service.

How To Secure Our Azure Web App Services Using A Private Endpoints

Step 5

In the App Service select Scale-up (App Service plan) under the Settings, and then Select Premium Plan (in this demo, we will choose P1V2), and then click Apply.

How To Secure Our Azure Web App Services Using A Private Endpoints

Step 6

Now we can verify that the Private endpoint service is available for this App service. Now it’s available.

How To Secure Our Azure Web App Services Using A Private Endpoints

Step 7

Now click VNet integration under the Outbound Traffic.

How To Secure Our Azure Web App Services Using A Private Endpoints

Step 8

In the VNet Integration select + Add VNet.

How To Secure Our Azure Web App Services Using A Private Endpoints

Step 9

Select your Virtual Network under the Virtual Network, select the empty Subnet, and click Ok.

How To Secure Our Azure Web App Services Using A Private Endpoints

Step 10

Now we can verify that our Application is integrated with the Virtual Network.

How To Secure Our Azure Web App Services Using A Private Endpoints

Step 11

To configure private endpoints, click Networking under the settings and then click Private endpoints.

How To Secure Our Azure Web App Services Using A Private Endpoints

Step 12

In the Private endpoint, connections click the +Add button, on the Add Private Endpoint popup, enter the name for the Private endpoint, choose the Virtual network, select the empty subnet, and then click Ok.

How To Secure Our Azure Web App Services Using A Private Endpoints

Step 13

Now when we open the Private DNS zone, we can see our web app's private IP is 10.100.0.4.

How To Secure Our Azure Web App Services Using A Private Endpoints

Step 14

Go to the Web App and copy the URL of the application, paste the URL, now we will receive an Error 403 – Forbidden page.

How To Secure Our Azure Web App Services Using A Private Endpoints

Step 15

In this scenario, we have one Virtual Machine connected to our Virtual Network, so when we paste the URL, we receive the landing page, and if we check the nslookup, it is shown the private link and the private address.

How To Secure Our Azure Web App Services Using A Private Endpoints

Summary

In this article we learned how to configure a Private endpoint in Azure; if you have any queries, please leave a comment in the comment box.