Use Event Grid Private Endpoints

July 7, 2025 ยท View on GitHub

SYNOPSIS

Use Private Endpoints to access Event Grid topics and domains.

DESCRIPTION

By default, public network access is enabled for an Event Grid topic or domain. To allow access via private endpoints only, disable public network access.

RECOMMENDATION

Consider using Private Endpoints to access Event Grid topics and domains. To limit access to Event Grid topics and domains, disable public access.

EXAMPLES

Configure with Bicep

To deploy Event Grid Topics that pass this rule:

  • Set the properties.publicNetworkAccess property to Disabled.

For example:

resource eventGrid 'Microsoft.EventGrid/topics@2022-06-15' = {
  name: name
  location: location
  identity: {
    type: 'SystemAssigned'
  }
  properties: {
    disableLocalAuth: true
    publicNetworkAccess: 'Disabled'
    inputSchema: 'CloudEventSchemaV1_0'
  }
}

Configure with Azure template

To deploy Event Grid Topics that pass this rule:

  • Set the properties.publicNetworkAccess property to Disabled.

For example:

{
  "type": "Microsoft.EventGrid/topics",
  "apiVersion": "2022-06-15",
  "name": "[parameters('name')]",
  "location": "[parameters('location')]",
  "identity": {
    "type": "SystemAssigned"
  },
  "properties": {
    "disableLocalAuth": true,
    "publicNetworkAccess": "Disabled",
    "inputSchema": "CloudEventSchemaV1_0"
  }
}