![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(262.40000000000003, 85%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELS%3C/text%3E%3C/svg%3E)
Azure App Configuration
An Azure service that provides hosted, universal storage for Azure app configurations.
Hi Low Soon Chew,
you have done everything correctly for securing the data plane, but you have locked yourself out of the azure portal's configuration explorer.
the 'configuration explorer' in the azure portal is a web interface that runs on your local machine. when you set up the private endpoint and disable public access, you are blocking all connections to your app configuration store that do not come from within your virtual network. your local machine is not on that virtual network, so the portal cannot connect to the store to display the data.
the setting 'enable azure resource manager private network access' only affects management operations via the arm api, not the data plane access through the portal.
to access the configuration explorer from the portal, you have a couple of options.
the most straightforward way is to use an azure virtual machine that is inside the same virtual network as your private endpoint. remote desktop into that vm, open a web browser there, and then go to the azure portal. from within that vm, you will be able to access the configuration explorer because the traffic is originating from inside the vnet.
another option is to set up an azure vpn gateway point to site vpn. this would allow you to connect your local machine to the azure virtual network. once connected, your local machine would have a route to the private endpoint and you could use the configuration explorer from the portal on your own pc.
this is a common pattern for any azure service that uses private endpoints. the portal is an external tool, so it gets blocked when public access is turned off. you always need a machine inside the network to manage it, or you need to vpn in.
you have not broken anything. to use the configuration explorer, you need to access it from a virtual machine that is inside your azure virtual network.
regards,
Alex
and "yes" if you would follow me at Q&A - personaly thx.
P.S. If my answer help to you, please Accept my answer