Azure Local | HomeLab setup – Private Endpoints

ByAlex ter Neuzen 01/01/202630/12/2025

Reading Time: 2 minutes

As organizations adopt hybrid cloud architectures, many expect Azure Local (formerly Azure Stack HCI with Azure Arc–enabled infrastructure) to mirror the full breadth of Azure networking capabilities. One of the most common points of confusion arises around Azure Private Endpoints. Although Private Link is a cornerstone of secure connectivity within Azure, Microsoft’s documentation makes it clear that Azure Local does not support Private Endpoints.

Azure Private Endpoints are built entirely on Azure’s internal networking fabric. They rely on Azure virtual networks, Azure-managed network interfaces, and routing through the Azure backbone. When a private endpoint is created, Azure injects a private IP into a VNet and binds it to a PaaS service. All traffic then flows privately within Azure’s controlled environment. This model is inseparable from Azure’s own infrastructure.

Azure Local operates in a fundamentally different context.

It runs inside an organization’s datacenter, on its own physical network, and connects to Azure exclusively through outbound HTTPS. It does not host Azure VNets, Azure NICs, or any of the routing constructs required for Private Link. Even the Azure Arc gateway—designed to centralize and reduce outbound connectivity—functions as a forward proxy, not as a Private Link endpoint. It still communicates with Azure’s public service endpoints rather than private ones.

This separation means Azure Local cannot participate in Azure’s private routing fabric. Its security model is built instead on outbound-only communication, certificate-based authentication, and tightly controlled firewall rules. While this approach differs from Private Link, it is purpose-built for hybrid environments where Azure services must be reachable securely without extending Azure’s internal network into on-premises infrastructure.

Azure Local and Azure Private Endpoints therefore represent two parallel connectivity models, each optimized for its own environment. Azure Local emphasizes secure outbound communication from on-premises systems, while Private Link provides private, in-Azure connectivity for cloud-native workloads. Understanding this distinction helps organizations design hybrid architectures that align with the capabilities and intent of each platform.

Alex ter Neuzen

IT Professional on a journey to discover the cloud platforms and become certified and an expert.
A Blog that follows the journey to get to the Cloud.

Powershell | MCT | Azure Certified | MCSA | Microsoft 365

Azure | Azure Virtual Desktop | Cloud | Intune | PowerShell

Azure Virtual Desktop | Intune – Set Timezone
ByAlex ter Neuzen 28/05/202428/05/2024

Reading Time: 2 minutesSetting the correct timezone and formatting of time using Intune for Azure Virtual Desktop session hosts.

Read More Azure Virtual Desktop | Intune – Set Timezone
Azure | Azure Virtual Desktop | Identity | Security

Azure | Secure Azure Virtual Desktop with MFA
ByAlex ter Neuzen 18/04/202326/06/2024

Reading Time: 4 minutesLearn how to secure your Azure Virtual Desktop with conditional access and Azure MFA. Protect your organization from potential security attacks. Take steps now to create a powerful remote work environment for your users.

Read More Azure | Secure Azure Virtual Desktop with MFA
Azure Image Builder | Azure Virtual Desktop | Cloud | Code | Infrastructure | PowerShell

Azure Virtual Desktop | Image Builder part II
ByAlex ter Neuzen 28/05/202428/05/2024

Reading Time: 2 minutesThe second part of Azure Image Builder and how to setup a correct build for a GoldenImage. Preparations in Azure are needed.

Read More Azure Virtual Desktop | Image Builder part II
Azure Image Builder | Azure Virtual Desktop | Cloud | Code | Infrastructure | PowerShell

Azure Virtual Desktop | Image Builder part III
ByAlex ter Neuzen 28/05/202428/05/2024

Reading Time: 3 minutesUsing the first and the second post, concludes how this all comes together with the ImageBuilder and its process. Finish the ImageBuild template and start building a GoldenImage

Read More Azure Virtual Desktop | Image Builder part III
Azure | Azure Image Builder | Azure Virtual Desktop | Cloud

Azure Virtual Desktop | Schedule Image Builds
ByAlex ter Neuzen 28/05/202428/05/2024

Reading Time: 2 minutesIn previous posts we have seen how to create a vanilla image build. It’s recommended to keep your image as vanilla as possible. That means there are no unneeded applications installed in the image. The goal of this is, that when updates or patches for Microsoft Windows are needed, you rebuild the image to deploy…

Read More Azure Virtual Desktop | Schedule Image Builds
Azure | Cloud | Code | M365 | Microsoft Teams | Power Automate

Microsoft Teams | Create Channel from Microsoft Teams Form
ByAlex ter Neuzen 25/07/202325/07/2023

Reading Time: 7 minutesAs an admin you want control over the creation of Teams channels or folder structures. Not every user is capable to provision channels the correct way. Disable the default for users to create but provide them a solution to create channels through a form. Use Azure Functions and Microsoft Teams Forms for the self-service.

Read More Microsoft Teams | Create Channel from Microsoft Teams Form

Azure Local | HomeLab setup – Private Endpoints

Azure Virtual Desktop | Intune – Set Timezone

Azure | Secure Azure Virtual Desktop with MFA

Azure Virtual Desktop | Image Builder part II

Azure Virtual Desktop | Image Builder part III

Microsoft Teams | Create Channel from Microsoft Teams Form

Who we are

Comments

Media

Cookies

Embedded content from other websites

Who we share your data with

How long we retain your data

What rights you have over your data

Where we send your data

Share and Enjoy !

Similar Posts

Share

Copy short link