![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(160, 60%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPA%3C/text%3E%3C/svg%3E)
Azure Private Link
An Azure service that provides private connectivity from a virtual network to Azure platform as a service, customer-owned, or Microsoft partner services.
470 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(44.800000000000004, 78%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESG%3C/text%3E%3C/svg%3E)
Hi Patrik,
This response may vary depening on your environment , so Microsoft Entra Private Access is designed to provide secure access to private apps across hybrid and multicloud environments, both on-premises and in the cloud. At first intance It's supported as an example:
Azure web app aplication with public access disable and private endpoint enable to vnet.
+-------------------+ +-------------------+ +-------------------+
| User Device | | Entra Private | | Virtual Network |
| | | Access | | |
| +-------------+ | | +-------------+ | | +-------------+ |
| | Browser | | | |Glob Sec Acc | | | | Web App | |
| | | | | |Remote Net | | | | | |
| +-------------+ | | +-------------+ | | +-------------+ |
| | | | | |
| | | | | |
| +-------------+ | | +-------------+ | | +-------------+ |
| |Secure Tunnel| |<----->| |Secure Tunnel| |<----->| | Private IP | |
| | (Encrypted) | | | | (Encrypted) | | | | Address (PE)| |
| +-------------+ | | +-------------+ | | +-------------+ |
| | | | | |
+-------------------+ +-------------------+ +-------------------+
To configure this Microsoft Entra Private Access you need to go to Entra Portal and Global Secure Access, Here you can add a virtual network as remote network.
Global Secure Access (preview) supports two connectivity options: installing a client on end-user device and configuring a remote network, for example a branch location with a physical router. Remote network connectivity streamlines how your end-users and guests connect from a remote network without needing to install the Global Secure Access Client. https://learn.microsoft.com/en-us/entra/global-secure-access/concept-remote-network-connectivity
Also here there is the documentation to add a virtual network as remote network on Entra Global secure access: https://learn.microsoft.com/en-us/entra/global-secure-access/how-to-simulate-remote-network
Addiional references:
- https://learn.microsoft.com/en-us/entra/global-secure-access/concept-private-access
- https://learn.microsoft.com/en-us/azure/private-link/private-link-overview
- https://www.youtube.com/watch?v=RsxxsEzQhrM
- https://learn.microsoft.com/en-us/entra/global-secure-access/
I hope this information help you, if you have an specific scenarie to discuss let me know. Cheers, Luis