Disable network policies for Private Link service source IP
In order to choose a source IP address for your Private Link service, an explicit disable setting privateLinkServiceNetworkPolicies is required on the subnet. This setting is only applicable for the specific private IP address you chose as the source IP of the Private Link service. For other resources in the subnet, access is controlled based on Network Security Groups (NSG) security rules definition.
When using the portal to create a Private Link service, this setting is automatically disabled as part of the create process. Deployments using any Azure client (PowerShell, CLI or templates), require an extra step to change this property.
You can use the following to enable or disable the setting:
Azure PowerShell
Azure CLI
Azure Resource Manager templates
The following examples describe how to enable and disable privateLinkServiceNetworkPolicies for a virtual network named myVNet with a default subnet of 10.1.0.0/24 hosted in a resource group named myResourceGroup.
This section describes how to disable subnet private endpoint policies using Azure PowerShell. In the following code, replace "default" with the name of your virtual subnet.
$subnet = 'default'
$net = @{
Name = 'myVNet'
ResourceGroupName = 'myResourceGroup'
}
$vnet = Get-AzVirtualNetwork @net
($vnet | Select -ExpandProperty subnets | Where-Object {$_.Name -eq $subnet}).privateLinkServiceNetworkPolicies = "Disabled"
$vnet | Set-AzVirtualNetwork
Next steps
- Learn more about Azure Private Endpoint
Feedback
Submit and view feedback for