A company needs to ensure that their Azure SQL Database is accessible only from a specific virtual network and deny access from public endpoints. Which feature should they configure?
Service endpoints allow VNet-specific access while denying public endpoints.
Why this answer
Option C is correct because virtual network service endpoints and firewall rules allow restricting access to a specific VNet. Option A is wrong because Private Link provides private connectivity but is more complex. Option B is wrong because Azure SQL Database always has a public endpoint by default; disabling it without Private Link would block all access.
Option D is wrong because IP firewall rules allow public IPs, not VNet-specific.