Azure Private Link

There are two key components of Azure Private Link:

• Private Endpoint is a service that allows virtual network resources to privately connect to other resources as if they were part of the same network, carrying traffic across the Microsoft Azure backbone instead of the internet. It is a network interface connected to your virtual network, assigned with a private IP address. It is used to connect privately and securely to a service powered by Azure Private Link or a Private Link Service that you or a partner might own.
• Private Link Service – your own service, powered by Azure Private Link that runs behind an Azure Standard Load Balancer, enabled for Private Link access. This service can be privately connected with and consumed using Private Endpoints deployed in the consumer’s virtual network.

Private Link has the following benefits

• Secures access to services over the Microsoft backbone
• The service can be used to connect virtual networks with overlapping address spaces
• Allows private access to services running in Azure from on-premise or peered networks
• The service can connect to resources running in other regions offering global reach
• Ability to enable private link access to your services
• Supports various PaaS, partner, and customer-owned services

Azure Private Link enables you to access Azure PaaS Services and Azure hosted customer/partner services over a Private Endpoint in your virtual network. 

Traffic between your virtual network and the service traverses over the Microsoft backbone network, eliminating exposure from the public Internet. 

You can also create your own Private Link Service in your virtual network (VNet) and deliver it privately to your customers. 

• Private Link Docs       - 1:00
• Private Link Center     - 2:48
• Add Private Endpoint   - 3:36
• Build Private Endpoint  - 5:29
• Create Private Link Svc - 7:23 
• Test Private Link Svc   - 10:30
• Test Azure SQL        - 14:36
• Test Azure Storage    - 16:11

Here are some additional resources regarding Azure Private Link

• Tutorial: Connect to a web app using an Azure Private endpoint
• Cloud Network Security 101: Azure Private Link & Private Endpoints (fugue.co)

Clients can connect to the private endpoint from the same VNet, peered VNet in same region or across regions, or via VNet-to-VNet connection across regions. Additionally, clients can connect from on-premises using ExpressRoute, private peering, or VPN tunneling. Below is a simplified diagram showing the common use cases.

Source: Private Link - Azure Database for PostgreSQL - Single server | Microsoft Docs

Azure Private Link enables you to access Azure PaaS Services (for example, Azure Storage and SQL Database) and Azure-hosted customer-owned/partner services over a private endpoint in your virtual network.

Traffic between your virtual network and the service travels the Microsoft backbone network. Exposing your service to the public internet is no longer necessary. You can create your own private link service in your virtual network and deliver it to your customers. Setup and consumption using Azure Private Link is consistent across Azure PaaS, customer-owned, and shared partner services.

Source: What is Azure Private Link? | Microsoft Docs