...
The Network Segmentation boundaries will be established via the deployment of Azure AI Search in a private Virtual Network (VNet) and so, in a specific subnet : Configure Virtual Networks for Azure AI services - Azure AI services | Microsoft Learn
Configuration of Firewalls and Virtual Networks :
No direct connectivity between Azure AI Search and On-
...
Premises Server will be needed. The unique direct connectivity will be implemented between Azure Ai Search and Azure App Service.
The inbound connection should be established through a private endpoint because of the network isolation we want and no Internet traffic will be allowed : Security overview - Azure AI Search | Microsoft Learn
...
The outbound connection should be established as the following :
Connection as a trusted service for the Storage Account : Connect as trusted service - Azure AI Search | Microsoft Learn
...
We need to create an outbound connection through a firewall. Here’s the steps to follow : Connect through firewalls - Azure AI Search | Microsoft Learn
...
| Note |
|---|
Private Endpoints for Azure AI Search allow a client on a virtual network to securely access data in a search index over a Private Link. The private endpoint uses an IP address from the virtual network address space for your search service. Network traffic between the client and the search service traverses over the virtual network and a private link on the Microsoft backbone network, eliminating exposure from the public internet. |
Private endpoints for your search service enable you to:
Block all connections on the public endpoint for your search service.
Increase security for the virtual network, by enabling you to block exfiltration of data from the virtual network.
Securely connect to your search service from on-premises networks that connect to the virtual network using VPN or ExpressRoutes with private-peering.