Blog

Lesson Learned #238: Configuring Private Endpoint Connections in Azure SQL Managed Instance

Today, I worked on a service request that our customer had some doubts about how to Configure Private Endpoint Connections in Azure SQL Managed instance (In Preview). Our customer reported us that the IP resolution of Azure SQL Managed Instance always points to the normal one instead of resolving the private endpoint IP. Following, I would like to share my lessons learned how to fix it. 

 

We are going to configure two main components:

 

Private Endpoint Connection in Azure SQL Managed Instance.
Private DNS Zone.

Step #1: Configuring Private Endpoint Connection

 

The process is prety much the same process that we are using for Azure SQL Database but, in this case, for Azure SQL Managed Instance the Integrated Private DNS Zone needs to be configured in another way, for this reason is disabled nowdays. Let’s create the Private Endpoint using the portal.

 

First, we are going to specify the basic details of the Private Endpoint.

 

 

In terms of Resource, we need to configure only the name of the Azure SQL Managed Instance.

For Virtual Network, we need to choose the Virtual Network and Subnet of the client (Virtual Machines, for example) that are going to connect to the Private Endpoint.

 

Finally, as you could see the DNS configuration is disabled for Managed Instance and we are going to configure later.

 

Step #2: Private DNS Zone

 

Here is the main different, Private DNS Zone in Azure SQL Database will be privatelink.database.windows.net but Azure SQL Managed Instance we need to use privatelink.{dnszone}.database.windows.net. If we try to associate privatelink.database.windows.net to Azure SQL Managed Instance you are not going to have any issue in the definition but in terms of resolution won’t work. Please, see the following URL
For example, my manage instance name is: mymanagedinstance.a34e740a3aca.database.windows.net

mymanagedinstance is the name of the instance.
a34e740a3aca is the DNS Zone
database.windows.net is the rest of FQDN (domain).

For this reason, we are going to create a new Private DNS Zone, with the name of, privatelink.{dnszone}.database.windows.net

 

 

After it, going back to Private Ednpoint definition, we need to add the configuration using the new Private DNS Zone in Private Endpoint connection, specifying the privatelink.{dnszone}.database.windows.net

 

 

Finally, modify the Private DNS Zone and add a virtual network link with the VNET/Subnet where client (Virtual Machines for example, will use this private endpoint to connect to your Azure SQL Managed Instance. 

 

 

 

Step #3: Testing the resolution.

 

Once we have configured, basically, we need to connect to our Virtual Machine, run the following command to review if the resolution is working well:

ipconfig /flushdns to renew the DNS.
ping or nslookup with the name of your manage instance and you could obtain the name of the private endpoint instead of the normal one. 

 

Enjoy!

 

 

 

 

 

 

 

No Comments

Leave a Reply

Kusto Emulator Installation VideoDiscover XDR integrations and services in the New Microsoft 365 Defender Partner Catalog

Contact Us

We are always here to help. Please reach out to us and we'll get back to you as soon as possible.

Address:

Maruti Court, Ground Floor
Mvuli Road, Nairobi, Kenya

Phone:

+254716973110

Hours:

Mon-Fri 8am – 5pm
Sat 9am – 1am
Sun & Holidays Closed




    Generated by Feedzy