At Microsoft Ignite this week, it was revealed new functionality to Virtual Network to protect SQL and Storage accounts endpoints from the internet or restrict access to parts of your Virtual Network.

This feature is in preview currently and only available in certain regions:

  • Azure Storage: WestCentralUS, WestUS2, EastUS, WestUS, AustraliaEast, and AustraliaSouthEast
  • Azure SQL Database: WestCentralUS, WestUS2, and EastUS.

To enable service endpoints within your ARM templates, simply add the serviceEndpoints resource under Subnets

Once your Virtual Network is ready, you can create/modify the storage account or SQL database to take advantage of this new feature.