01 Run apim update command (Windows/macOS/Linux) using the name of the Azure API Management service instance that you want to configure and its associated resource group as the identifier parameters to disable public network access for the selected service instance by setting the --public-network-access parameter to false. The changes can take from 15 to 45 minutes to apply. Once the public network access is disabled, the private endpoint is the exclusive access method:
az apim update
--name cc-main-api-service-instance
--resource-group cloud-shell-storage-westeurope
--public-network-access false
02 The command output should return the new configuration details for the service instance:
{
"additionalLocations": null,
"apiVersionConstraint": {
"minApiVersion": null
},
"certificates": null,
"createdAtUtc": "2023-11-11T09:05:29.087014+00:00",
"customProperties": {
"Microsoft.WindowsAzure.ApiManagement.Gateway.Protocols.Server.Http2": "true",
"Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Ssl30": "false",
"Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Tls10": "false",
"Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Tls11": "false",
"Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Tls13": "False",
"Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TripleDes168": "false",
"Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Ssl30": "false",
"Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Tls10": "false",
"Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Tls11": "false",
"Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Tls13": "False"
},
"developerPortalUrl": "https://cc-main-api-service-instance.developer.azure-api.net",
"disableGateway": false,
"enableClientCertificate": null,
"gatewayRegionalUrl": "https://cc-main-api-service-instance-westeurope-01.regional.azure-api.net",
"gatewayUrl": "https://cc-main-api-service-instance.azure-api.net",
"hostnameConfigurations": [
{
"certificate": null,
"certificatePassword": null,
"certificateSource": "BuiltIn",
"certificateStatus": null,
"defaultSslBinding": true,
"encodedCertificate": null,
"hostName": "cc-main-api-service-instance.azure-api.net",
"identityClientId": null,
"keyVaultId": null,
"negotiateClientCertificate": false,
"type": "Proxy"
}
],
"id": "/subscriptions/abcd1234-abcd-1234-abcd-1234abcd1234/resourceGroups/cloud-shell-storage-westeurope/providers/Microsoft.ApiManagement/service/cc-main-api-service-instance",
"identity": null,
"location": "West Europe",
"managementApiUrl": "https://cc-main-api-service-instance.management.azure-api.net",
"name": "cc-main-api-service-instance",
"natGatewayState": "Unsupported",
"notificationSenderEmail": "apimgmt-noreply@mail.windowsazure.com",
"outboundPublicIpAddresses": [
"xxx.xxx.xxx.xxx"
],
"platformVersion": "stv2",
"portalUrl": "https://cc-main-api-service-instance.portal.azure-api.net",
"privateEndpointConnections": [
{
"groupIds": [
"Gateway"
],
"id": "/subscriptions/abcd1234-abcd-1234-abcd-1234abcd1234/resourceGroups/cloud-shell-storage-westeurope/providers/Microsoft.ApiManagement/service/cc-main-api-service-instance/privateEndpointConnections/cc-api-service-private-endpoint",
"name": "cc-api-service-private-endpoint",
"privateEndpoint": {
"id": "/subscriptions/abcd1234-abcd-1234-abcd-1234abcd1234/resourceGroups/cloud-shell-storage-westeurope/providers/Microsoft.Network/privateEndpoints/cc-api-service-private-endpoint",
"resourceGroup": "cloud-shell-storage-westeurope"
},
"privateLinkServiceConnectionState": {
"actionsRequired": null,
"description": "",
"status": "Approved"
},
"provisioningState": "Succeeded",
"resourceGroup": "cloud-shell-storage-westeurope",
"type": "Microsoft.ApiManagement/service/privateEndpointConnections"
}
],
"privateIpAddresses": null,
"provisioningState": "Succeeded",
"publicIpAddressId": null,
"publicIpAddresses": [
"xxx.xxx.xxx.xxx"
],
"publicNetworkAccess": "Disabled",
"publisherEmail": "user@domain.com",
"publisherName": "TrendMicro",
"resourceGroup": "cloud-shell-storage-westeurope",
"restore": null,
"scmUrl": "https://cc-main-api-service-instance.scm.azure-api.net",
"sku": {
"capacity": 1,
"name": "Developer"
},
"systemData": {
"createdAt": "2023-11-11T08:05:29.046481+00:00",
"createdBy": "user@domain.com",
"createdByType": "User",
"lastModifiedAt": "2023-11-11T17:09:51.844507+00:00",
"lastModifiedBy": "user@domain.com",
"lastModifiedByType": "User"
},
"tags": {},
"targetProvisioningState": "",
"type": "Microsoft.ApiManagement/service",
"virtualNetworkConfiguration": null,
"virtualNetworkType": "None",
"zones": null
}
03 Repeat steps no. 1 and 2 for each Azure API Management service that you want to configure, available within the current subscription.
04 Repeat steps no. 1 - 3 for each subscription created in your Microsoft Azure cloud account.