![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(166.4, 66%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAL%3C/text%3E%3C/svg%3E)
Azure Private Link
An Azure service that provides private connectivity from a virtual network to Azure platform as a service, customer-owned, or Microsoft partner services.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(131.20000000000002, 48%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJS%3C/text%3E%3C/svg%3E)
Hello @Ashwin Lakhorkar,
Welcome to Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.
I understand your question regarding whether NSP (Network Security Perimeter) and Service Endpoint whitelisting can work together, and if implementing NSP will affect your current setup in any way.
Can Network Security Perimeter (NSP) and Service Endpoints Coexist?
Yes, NSP and Service Endpoints can be used together, but there are important considerations:
Service Endpoints: Enable traffic from a designated subnet to Azure PaaS services via the Azure backbone network.
Network Security Perimeter (NSP): Provides extra protection by ensuring access to resources is limited to authorized network perimeters, such as specific VNets, Private Endpoints, or trusted Azure services.
If you enable NSP on a resource that is already using Service Endpoints:
The resource will only allow traffic from networks that have been specifically added to the NSP configuration.
If your AKS subnet, which is currently allowed through Service Endpoints, is not part of the NSP trusted perimeter, the traffic will be denied.
Effect on Your Current Setup
If you add the AKS subnet to the NSP trusted list, your Service Endpoint–based access will work as usual.
If you enable NSP without including the AKS subnet, access from AKS will not work since NSP will enforce its perimeter rules.
NSP is not a replacement for Service Endpoints; rather, it adds another layer of network-level validation. Successful access requires both to be properly aligned.
Note: Before enabling NSP, make sure to review all current consumers (such as AKS, VMs, Logic Apps, etc.) and verify that their subnets or private endpoints are included in the NSP setup. Test any changes in a non-production or staging environment first to ensure there’s no service disruption.
Network security perimeter: What is a network security perimeter? - Azure Private Link | Microsoft Learn
Azure service endpoints: Azure virtual network service endpoints | Microsoft Learn
Kindly let us know if the above helps or you need further assistance on this issue.
Please do not forget to "Accept the answer” and “up-vote it” wherever the information provided helps you, this can be beneficial to other community members__.__ It would be greatly appreciated and helpful to others.