Private Link support for Azure Automation is now generally available
Published date: December 11, 2020
You can now use Azure Private Link to securely connect virtual networks to Azure Automation using private endpoints. Private Link brings Automation service inside the customer’s private VNet. Automation account resources then can be accessed using the private IP address just like any other resource in your VNet. This ensures network isolation & fine-grained access to Automation account and the sub-resources defined under Automation by authorized private network without having to expose the service to public internet.
With Azure Automation Private Link, you can:
- Privately access services inAzure Automation by Connecting your virtual network to Automation service in Azure without a public IP address.
- Prevent data exfiltration from your private networks by defining your Azure Automation resource that connects through your private endpoint mapping a specific Automation resource\sub-resource to private IP address.
- Securely connect your private on-premises network to Azure Automation using ExpressRoute Private Peering and Private Link since Automation resources are mapped to private IP addresses in the customer’s VNet.
- Keep all traffic inside the Microsoft Azure backbone network.
Highlighting a few unique use cases supported by Private Link in Azure Automation:
- Invoke a Webhook by doing a POST on the webhook wherein the webhook invocation endpoint would be mapped to a private IP address in your VNet.
- Use State Configuration (Agent Service) on the machine registered with DSC service and uses the endpoint mapped to a Private IP to pull DSC configuration.
- Execute Runbook on a Hybrid worker connected to Azure VNet without the need to open an outbound connection to the Internet.
- Use Update Management to connect to Automation & Log Analytics workspace in a secure manner for patching your machines.
Learn more about how to use Private Link to securely connect networks to Automation.