1- In Azure, most of services are deployed in a virtual network by default.
2- VNet Integration for Services
Here, it’s about connectivity from our virutal network to these Azure Services (Azure SQL, etc.). And, there is no access to our VNet from these services.
To make these Azure services have access to our VNet, we need VNet Integration :
Provides outbound access to a VNet
Supported by standard or premium tiers
Supports function apps
Does not support NetBios or SMB
Does not provide inbound app access
To create VNet integration with On-Premises Infra, we can use Hybrid Connections in Azure : It enables your app to access a single TCP endpoint per hybrid connection.
3- Resource Firewalls
Many networked Azure services provide access control through a resource firewall. When we turn on the resource firewall on the services, it will generate a default deny rule.
Or, we can allow access from public IP addresses : for example, an IP address from on-premises infra (1.2.3.4).
How to manage access for VNet :
