Both service endpoint and private endpoint (private link) provides access to azure platform services to your resources in Azure. However, the way the resource is accessed differs based on which service you are using.
Service Endpoints is a way to integrate a PaaS resources into your Virtual Network and allow you to communicate to them via the Azure Backbone Network. With Service Endpoints, your resource still technically has a Public IP address
Private Endpoints is also a way to integrate a PaaS resource into your Virtual Network, however it will allocated a Private IP address, effectively bringing the service into your VNet.
With service endpoints, PaaS resources can connect to On-premise resources via a VPN or Express Route. One really important thing to note is that you cannot communicate from On-premise to Azure PaaS resources using an Express Route Private Peering (only Microsoft/Public Peering allows this) using this method. To solve this problem you can make use of Private Endpoints, that gives your PaaS resource a private IP address from within your CIDR range. Now the on-prem resources can talk to the PaaS resource withing the peered VNETs.
Comments