Connect Azure Data Factory with Private Endpoint to Storage Account with another Private Endpoint in the same VNet

Question

Here is what I have:

• 1 VNet with Subnet1 and Subnet2.
• 1 Storage Account with Private Endpoint in Subnet1
• 1 Azure Data Factory with Private Endpoint in Subnet2
• Public network access disabled for both of them.

I am trying to read and write a blob in the Storage Account using a Data Factory pipeline (Copy Data). With the above setup, the Pipleline times-out, which I believe is because it is unable to resolve the Private IP for Storage Account.

What step(s) am I missing to correctly use the Private Endpoints in my setup above to be able to R/W blob via Data Factory?

Note: If I create Managed Private Endpoint in the Data Factory to connect to the Storage Account, the pipeline works and is able to read/write blobs. Ref: https://learn.microsoft.com/en-us/azure/data-factory/managed-virtual-network-private-endpoint

Are Managed Private Endpoints the only way to connect to the Storage Account? If not, how do I configure the normal Private Endpoints?

Answer 1

Apart from managed private endpoints option there is another way to access Blob inside a VNET from ADF. You can add Managed Identity ID of Datafactory in Blob Account > Access Control (IAM) and grant the ID "Storage Blob Data Contributor" role.