Update: Microsoft will be moving away from UserVoice sites on a product-by-product basis throughout the 2021 calendar year. We will leverage 1st party solutions for customer feedback. Learn more here.

AdminAzure Event Grid (Product Manager, Microsoft Azure)

My feedback

  1. 56 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  Azure Event Grid » Event Handlers  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    AdminAzure Event Grid (Product Manager, Microsoft Azure) commented  · 

    I understand your requirements for communicating via the private IP address space to an endpoint that receives events. We are sympathetic to your needs and to this requirement.

    Please note that there is an approach that can achieve basically the same level of security robustness and that is documented here: https://docs.microsoft.com/en-us/azure/event-grid/consume-private-endpoints. You may be asking why the proposed approach uses the public IP space for a part of the solution which is not what you want. Security-wise this approach should be just as strong as private links, for example. If you want to know why private links do not solve your problem, please read on. We are working on another potential approach (not private links and no VNET injection) to address this requirement besides the current solution described in the link above. However, we still do not have a date for it. Stay tuned and thanks for the feedback.

    Clarifying private links and VNET injection

    This kind of request is often described in terms of using private links (private IP endpoints) to communicate and hence avoid leaking any information to the public internet. I want to clarify that private links support was designed for clients connecting to a service…and only in that direction. Private links do not apply and was not designed for those situations in which the service connects (sends events) to your endpoint, which is what Event Grid does. You can publish events to Event Grid using private links (a client connects to a service scenario), but private links do not apply when Event Grid sends events because your app/solution does not connect as a client to Event Grid. It is the other way around.
    Now, sometimes users want a solution referred as “VNET injection” where a service is deployed to your VNET. That is not on the roadmap and it is unlikely that we will be doing that.

    Thanks again for your feedback!

  2. 1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Azure Event Grid » Event Handlers  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    AdminAzure Event Grid (Product Manager, Microsoft Azure) commented  · 

    Thanks for your feedback. What identity provider you would like to be supported?

  3. 2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Azure Event Grid » Event Handlers  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    AdminAzure Event Grid (Product Manager, Microsoft Azure) commented  · 

    Thank you for your feedback. We will consider your input for improving our messages.

    Reference: Case #120081024004462

  4. 7 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  (General Feedback) » azure.microsoft.com  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    AdminAzure Event Grid (Product Manager, Microsoft Azure) commented  · 

    Thanks for the feedback.

    If you require strict network isolation where traffic from Event Grid to another service (destination of events) using private IPs, then you do need the support of private links for subscribers.

    In the workaround described above (using either EH, Storage Queues, or Service Bus) the traffic goes to the public internet, but identities are known. Hence, it is more secured but it is not network isolated.

    Would you please clarify your specific requirements? Please also rename your title (if that possible?). Referring to VNET is ambiguous. A VNET has an private IP space and a public IP space. Saying that a "....VNET integration" is required does not clarify your requirements. Furthermore, please remove the reference to "Topic" in the title as it is clear that you need outbound (event subscription) support for private endpoint. Topics are a publisher (the other end) concern. Reading the title, I can say "Yes, EG supports Topic VNET integration through public IP space and Private IP space". :)

    I hope this helps!

  5. 7 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Azure Event Grid  ·  Flag idea as inappropriate…  ·  Admin →
    AdminAzure Event Grid (Product Manager, Microsoft Azure) shared this idea  · 

Feedback and Knowledge Base