diff --git a/ScoutSuite/output/data/html/partials/azure/services.keyvault.subscriptions.id.vaults.html b/ScoutSuite/output/data/html/partials/azure/services.keyvault.subscriptions.id.vaults.html
index 55e5801bf..fc46c6999 100755
--- a/ScoutSuite/output/data/html/partials/azure/services.keyvault.subscriptions.id.vaults.html
+++ b/ScoutSuite/output/data/html/partials/azure/services.keyvault.subscriptions.id.vaults.html
@@ -8,6 +8,7 @@ <h4 class="list-group-item-heading">Information</h4>
         <div class="list-group-item-text item-margin">ID: <span id="keyvault.subscriptions.{{@../key}}.vaults.{{@key}}.id"><samp>{{ id }}</samp></span></div>
         <div class="list-group-item-text item-margin">Location: <span id="keyvault.subscriptions.{{@../key}}.vaults.{{@key}}.location"><samp>{{value_or_none location}}</samp></span></div>
         <div class="list-group-item-text item-margin">Public Access: <span id="keyvault.subscriptions.{{@../key}}.vaults.{{@key}}.public_access_allowed">{{ convert_bool_to_enabled public_access_allowed }}</span></div>
+        <div class="list-group-item-text item-margin">Approved Private Endpoints: <span id="keyvault.subscriptions.{{@../key}}.vaults.{{@key}}.private_endpoint_connections">{{ private_endpoint_connections.length }}</span></div>
         <div class="list-group-item-text item-margin">Vault Recoverable: <span id="keyvault.subscriptions.{{@../key}}.vaults.{{@key}}.recovery_protection_enabled">{{ recovery_protection_enabled }}</span></div>
         <div class="list-group-item-text item-margin">RBAC Permission Model: <span id="keyvault.subscriptions.{{@../key}}.vaults.{{@key}}.rbac_authorization_enabled">{{ convert_bool_to_enabled rbac_authorization_enabled }}</span></div>
         <div class="list-group-item-text item-margin">Tags:
diff --git a/ScoutSuite/providers/azure/resources/keyvault/vaults.py b/ScoutSuite/providers/azure/resources/keyvault/vaults.py
index 4d5005898..543f39f28 100755
--- a/ScoutSuite/providers/azure/resources/keyvault/vaults.py
+++ b/ScoutSuite/providers/azure/resources/keyvault/vaults.py
@@ -34,7 +34,14 @@ def _parse_key_vault(self, raw_vault):
                                              bool(raw_vault.properties.enable_purge_protection)
         vault['public_access_allowed'] = self._is_public_access_allowed(raw_vault)
         vault['rbac_authorization_enabled'] = raw_vault.properties.enable_rbac_authorization
+        vault['private_endpoint_connections'] = self._get_private_endpoint_connections(raw_vault)
         return vault['id'], vault
 
     def _is_public_access_allowed(self, raw_vault):
         return raw_vault.properties.network_acls is None or raw_vault.properties.network_acls.default_action == 'Allow'
+    
+    def _get_private_endpoint_connections(self, raw_vault):
+        private_endpoint_connections = getattr(raw_vault.properties, "private_endpoint_connections", None)
+        if not private_endpoint_connections:
+            return []
+        return [pe.private_endpoint.id for pe in private_endpoint_connections if pe.private_link_service_connection_state.status == 'Approved']
diff --git a/ScoutSuite/providers/azure/rules/findings/keyvault-private-endpoints-not-used.json b/ScoutSuite/providers/azure/rules/findings/keyvault-private-endpoints-not-used.json
new file mode 100644
index 000000000..792340f35
--- /dev/null
+++ b/ScoutSuite/providers/azure/rules/findings/keyvault-private-endpoints-not-used.json
@@ -0,0 +1,27 @@
+{
+    "description": "Key Vaults Not Using Private Endpoint Connections",
+    "rationale": "Private endpoints will keep network requests to Azure Key Vault limited to the endpoints attached to the resources that are whitelisted to communicate with each other. Assigning the Key Vault to a network without an endpoint will allow other resources on that network to view all traffic from the Key Vault to its destination. In spite of the complexity in configuration, this is recommended for high security secrets.",
+    "remediation": "In the Azure console: <ol> <li>Go to <samp>Key Vaults</samp></li> <li>For each key vault, click on the settings menu called <samp>Networking</samp>.</li><li>Go to the tab named <samp>Private Endpoint Connections</samp>.</li> <li>Ensure that a private endpoint entry exists corresponding each Virtual Network that contains resources requiring access to the Key Vault resource.</li> <li>Click <samp>Save</samp> to apply your changes.</li> </ol>",
+    "compliance": [
+        {
+            "name": "CIS Microsoft Azure Foundations",
+            "version": "2.0.0",
+            "reference": "8.7"
+        }
+    ],
+    "references": [
+        "https://learn.microsoft.com/en-us/azure/key-vault/general/private-link-service",
+        "https://learn.microsoft.com/en-gb/security/benchmark/azure/baselines/key-vault-security-baseline?context=%2Fazure%2Fkey-vault%2Fgeneral%2Fcontext%2Fcontext#ns-2-secure-cloud-services-with-network-controls"
+    ],
+    "dashboard_name": "Key Vaults",
+    "path": "keyvault.subscriptions.id.vaults.id",
+    "conditions": [
+        "and",
+        [
+            "keyvault.subscriptions.id.vaults.id.private_endpoint_connections",
+            "empty",
+            ""
+        ]
+    ],
+    "id_suffix": "private_endpoint_connections"
+}
\ No newline at end of file
diff --git a/ScoutSuite/providers/azure/rules/rulesets/default.json b/ScoutSuite/providers/azure/rules/rulesets/default.json
index 464783905..e5873b266 100755
--- a/ScoutSuite/providers/azure/rules/rulesets/default.json
+++ b/ScoutSuite/providers/azure/rules/rulesets/default.json
@@ -91,6 +91,12 @@
                 "level": "warning"
             }
         ],
+        "keyvault-private-endpoints-not-used.json": [
+            {
+                "enabled": true,
+                "level": "warning"
+            }
+        ],
         "keyvault-public-traffic-allowed.json": [
             {
                 "enabled": true,