This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(89.60000000000001, 28.999999999999996%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EIS%3C/text%3E%3C/svg%3E)
In a single subscription, we have setup 3 resource groups (dev, qa and prod). Under each resource group, we have created 3 data factories. This is all setup in a VNET behind firewalls. So, we have created private endpoints for all the data factories.
2 target sub resource types are available while creating a private end point in ADF. One (Data Factory) is for command communications between SHIR and Azure Data factory services and the other (Portal) is for authoring and monitoring the data factory that is in the VNET.
whenever we create a private endpoint for portal, the A record in the DNS zone is getting updated with the new private ip as the FQDN is always same (portal.privatelink.adf.azure.com). So, is it ok to create one private endpoint for all data factories for portal sub type?
For example:
When created private endpoint for portal subtype for ADF1, the A record points to 10.180.10.10
When created private endpoint for portal subtype for ADF2 with in the same subscription and vnet , the A record updates to 10.180.10.11
If I go to adf.azure.com, I see both ADF1 and ADF2.
An Azure service for ingesting, preparing, and transforming data at scale.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(134.4, 9%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKM%3C/text%3E%3C/svg%3E)
Thanks for reaching out and using Microsoft Q&A forum.
We are reaching out to internal team to get confirmation about this requirement and will get back to you as soon as we hear back from the team.
We appreciate your patience.
Answer accepted by question author
As per confirmation from product team, if a user has one VNET for multiple data factories and if you setup private link for one data factory, then other factories will leverage the same private link. which means even other data factories don't want to use it, the traffic goes through private link, not public.
Hope this clarifies. Do let us know if you have further query.
Thank you