Key Vault Public Access

[dddang]

Currently I have my backup repositories encrypted with a key vault that is publicly exposed. Is there a way to disable the public exposure? I have disabled the public access & white listed the public IP of the Azure Veaam appliance & that did not work. I also created a private endpoint, that did not work either. Backups fail whenever I disable the public access on the key vault.

[nielsengelen]

Hi,

Let me verify what can be done here and get back once I have an answer.

[nielsengelen]

Hi,

Hereby feedback which should work. Can you try this and let me know if it works for you?

You can configure to deny public access in the key networking settings and then use a private endpoint using the vnet of Veeam Backup for Microsoft Azure and add it to a private DNS zone.

The Veeam Backup for Microsoft Azure vnet then must be associated with the DNS zone. This way the key vault will accept communication only via the private IP address and only from vnets associated with the zone.