Azure Maps Adds Support to Private Endpoints (Preview)

Handling location data requires careful attention to security. Today, we’re excited to introduce the Public Preview of private endpoint support for Azure Maps. This feature enhances network isolation and safeguards data privacy for your location-based applications. By using Azure Private Link, your applications can securely connect to Azure Maps through a private IP within your virtual network. This keeps your traffic on Microsoft’s own backbone network rather than on the public internet. As a result, your exposure to external threats is limited, and you can adhere to strict security and compliance standards.

The introduction of Azure Maps Private Endpoints establishes a secure link between your Azure VNet and Azure Maps via a private endpoint. Let’s look at the key benefits:

• Network Isolation: Your API requests are never visible on the public internet. All traffic moves securely within Azure’s private network.

• Compliance Support: Any sensitive spatial data utilized by your application remains within private channels, ensuring adherence to privacy regulations and reducing external exposure.

To create a private endpoint, use the command below, specifying your Maps account resource ID along with the mapsAccount sub-resource, virtual network, and subnet. Azure will automatically generate a Private DNS zone for privatelink.account.maps.azure.com and include the necessary DNS records.

az network private-endpoint create \
  --name  \
  --resource-group  \
  --vnet-name  \
  --subnet  \
  --private-connection-resource-id "/subscriptions//resourceGroups//providers/Microsoft.Maps/accounts/" \
  --group-id mapsAccount \
  --connection-name 

For successful access to the private endpoint, configure your applications to use the Azure Maps account-specific endpoint with the following pattern:

https://{maps-account-client-id}.{location}.account.maps.azure.com

For instance, if your Maps account client ID is abc123 and you’re in the East US region, your new Azure Maps endpoint would be https://abc123.eastus.account.maps.azure.com, instead of https://atlas.microsoft.com.

With Azure Maps private endpoint support, teams can create secure, compliant geospatial solutions. Whether you’re managing Protected Health Information (PHI) in healthcare, streamlining logistics, or conducting sensitive analyses in financial sectors, Azure Maps API traffic remains protected within Azure’s robust backbone—helping you meet your privacy, regulatory, and security objectives.

Developers can continue using their existing integration patterns by simply switching the endpoint to the private DNS name; network and security administrators benefit from easy VNet integration and precise access controls; and business leaders can harness location intelligence without jeopardizing data safety or hindering development pace.

Azure Maps is now equipped to handle your most sensitive, compliance-focused tasks: securely, efficiently, and with complete network isolation.

FAQs

• What is a private endpoint in Azure Maps?

  A private endpoint allows your applications to securely connect to Azure Maps over a private network, ensuring that API calls do not go through the public internet.

• How do I set up a private endpoint?

  You can set up a private endpoint using the provided Azure CLI command, specifying your resource details.

• What are the benefits of using a private endpoint?

  Utilising a private endpoint enhances security by isolating API calls from public exposure, thereby supporting compliance and reducing the risk of data breaches.