Azure Monitor Private Links allow customers to connect their VNets to Azure Monitor resources without accessing public networks. Traffic from the VNet uses a private IP from the VNet's pool of IPs to reach only specific Azure Monitor resources, explicitly selected and added to a logical container called Azure Monitor Private Link Scope (AMPLS).
However, the AMPLS had a painful limit of supporting only 50 resources (including both Log Analytics workspaces and Application Insights components). The reason wasn't the AMPLS resource itself, but actually the Private Endpoint object connecting to it. Private Endpoints manage the Private Link traffic sent to Azure Monitor endpoints (such as Log Analytics ingestion endpoint), and each Private Endpoint has a limited number of IPs it can use. As we learned, customers often use a single AMPLS resource, and need it to support much more than 50 resources.
Starting December 1, 2021, new Private Link setups use a mechanism called Endpoint compression, which allows the AMPLS to support up to 300 Log Analytics workspaces and 1000 Application Insights resources! The total number of monitoring resources doesn't matter anymore. Endpoint compression essentially allocates a single private IP address for endpoints of different workspaces, as long as they're on the same region. For example, if you have 10 workspaces on East US, you no longer need to allocate 10 private IPs to reach the ingestion endpoint (one for each workspace), but instead only need 1 private IP address for all. However, if you create an additional workspace in West Europe, it will require an additional private IP to reach its ingestion endpoint since it's on a different zone.
To summarize, "compressing" endpoints per region allows your Private Link setup to support many more resources in your AMPLS while using far less IPs from your network's pool.
Posted at https://bit.ly/3xH7o9a