Azure Private Link Use Case

Question

Hi All,

I would like to ask if it is possible this use case for an Azure Private Link.

My on-premise network is connected to Tenant-A VNET-A via Expressroute. This Tenant-A VNET-A is also connected to Tenant-B VNET-B via Azure Private Link. Is it possible the reach the on-premise network from Tenant-B transiting the Tenant-A by using Azure Private Link?

On-Premise Network --> [ExpressRoute] --> Tenant-A VNET-A --> [Azure Private Link] --> Tenant-B VNET-B

Thank you

Answer 1

Hello @FXE

No, this is not possible using Azure Private Link alone

Azure Private Link is not transitive — it's designed for private, point-to-point connectivity to PaaS services or Private Link services, not for routing traffic through a third party or network.

1. Private Link allows private access to a specific resource, not general VNET peering or routing.
2. The reverse flow (Tenant-B to On-Prem) cannot be routed back through the Private Link and ExpressRoute.

Alternative Solutions

1. Use Azure Virtual WAN for hub-and-spoke architecture. You can connect on-prem, multiple tenants, and route traffic across securely.
2. Direct Connections: If Tenant-B needs access to the on-premises network, it would require a direct connection to the on-premises network, either through its own ExpressRoute or VPN gateway.

In summary, while Azure Private Link provides secure access to Azure services, it does not facilitate transitive routing for on-premises networks across different tenants. Each tenant must establish its own direct connection to the on-premises network.

---

I hope this has been helpful!

If above is unclear and/or you are unsure about something add a comment below.

If the above answer helped, please do not forget to "Accept Answer" as this may help other community members to refer the info if facing a similar issue. Your contribution to the Microsoft Q&A community is highly appreciated.