Once endpoint is configured with an ACL, it also applies to the ACL to the vnet connections.
For example, two VMs within the same subnet and the same cloud service can communicate even if there's no endpoint on any of them. They will continue communicating if you create endpoints with no ACLs.
But once you specify the ACL on, say, VM A, the second VM will not be able to access the endpoint port on VM A, till this endpoint includes the address of the VM B.
That's 100% confirmed for v1 VMs. In fact you can try for yourself.
For example, two VMs within the same subnet and the same cloud service can communicate even if there's no endpoint on any of them. They will continue communicating if you create endpoints with no ACLs.
But once you specify the ACL on, say, VM A, the second VM will not be able to access the endpoint port on VM A, till this endpoint includes the address of the VM B.
That's 100% confirmed for v1 VMs. In fact you can try for yourself.
