Disable network policies for Private Link service source IP
In order to choose a source IP address for your Private Link service, an explicit disable setting
privateLinkServiceNetworkPolicies is required on the subnet. This setting is only applicable for the specific private IP address you chose as the source IP of the Private Link service. For other resources in the subnet, access is controlled based on Network Security Groups (NSG) security rules definition.
When using the portal to create a Private Link service, this setting is automatically disabled as part of the create process. Deployments using any Azure client (PowerShell, CLI or templates), require an extra step to change this property.
You can use the following to enable or disable the setting:
Azure Resource Manager templates
The following examples describe how to enable and disable
privateLinkServiceNetworkPolicies for a virtual network named myVNet with a default subnet of 10.1.0.0/24 hosted in a resource group named myResourceGroup.
- Learn more about Azure Private Endpoint