Private Link
Private access to services hosted on the Azure platform, keeping your data on the Microsoft network.
Connect and deliver services privately on Azure
Azure Private Link provides private connectivity from a virtual network to Azure platform as a service (PaaS), customer-owned, or Microsoft partner services. It simplifies the network architecture and secures the connection between endpoints in Azure by eliminating data exposure to the public internet.
Private connectivity to services on Azure—traffic remains on the Microsoft network, with no public internet access
Integration with on-premises and peered networks
Protection against data exfiltration for Azure resources
Services delivered directly to your customers’ virtual networks
How it works
Use Private Link to bring services delivered on Azure into your private virtual network by mapping it to a private endpoint. Or privately deliver your own services in your customers’ virtual networks. All traffic to the service can be routed through the private endpoint, so no gateways, NAT devices, ExpressRoute or VPN connections, or public IP addresses are needed. Private Link keeps traffic on the Microsoft global network.
Protect Azure services against data exfiltration
Use Private Link to map private endpoints to Azure PaaS resources. In the event of a security incident within your network, only the mapped resource would be accessible, eliminating the threat of data exfiltration.
Get access from on-premises and peered networks
Access private endpoints over private peering or VPN tunnels from on-premises or peered virtual networks. Microsoft hosts the traffic, so you don’t need to set up public peering or use the internet to migrate your workloads to the cloud.
Simplify the way you consume services on Azure
Privately consume Azure PaaS, Microsoft partner, and your own services in your virtual networks on Azure. Private Link works across Microsoft Entra ID (formerly Azure Active Directory) tenants to help unify your experience across services. Send, approve, or reject requests directly, without permissions or role-based access controls.
Achieve enhanced security and compliance
Private Link carries traffic privately—your data isn’t on the internet. Service is mapped to Azure virtual networks through a private endpoint, which reduces your exposure to threats and helps you meet compliance standards.
Connect to services around the world
Connect privately to services running in other Azure regions. Private Link is global and has no regional restrictions.
Comprehensive security and compliance, built in
-
Microsoft invests more than $1 billion annually on cybersecurity research and development.
-
We employ more than 3,500 security experts who are dedicated to data security and privacy.
Private Link offers simplified pricing
Pay only for private endpoint resource hours and the data processed through your private endpoint.
Get started with an Azure free account
1
2
After your credit, move to pay as you go to keep building with the same free services. Pay only if you use more than your free monthly amounts.
3
Developer resources
Documentation
Read the documentation to get up and running with Private Link.
Quickstarts and samples
Create a Private Link service or a private endpoint and view Azure portal, PowerShell, and CLI samples.
Frequently asked questions about Private Link
-
See the availability by regions page.
-
We guarantee that Private Link will be available at least 99.99% of the time. To learn more, please visit the SLA page.
-
Support is available through the Azure portal.
-
Standard pricing will occur for Private Link, independent of charges for ExpressRoute or VPN gateway.
