Disable network policies for Private Link service source IP
To choose a source IP address for your Azure Private Link service, the explicit disable setting privateLinkServiceNetworkPolicies is required on the subnet. This setting only applies for the specific private IP address you chose as the source IP of the Private Link service. For other resources in the subnet, access is controlled based on the network security group security rules definition.
When you use the portal to create an instance of the Private Link service, this setting is automatically disabled as part of the creation process. Deployments using any Azure client (PowerShell, Azure CLI, or templates) require an extra step to change this property.
To enable or disable the setting, use one of the following options:
- Azure PowerShell
- Azure CLI
- Azure Resource Manager templates
The following examples describe how to enable and disable privateLinkServiceNetworkPolicies for a virtual network named myVNet with a default subnet of 10.1.0.0/24 hosted in a resource group named myResourceGroup.
This section describes how to disable subnet private endpoint policies by using Azure PowerShell. In the following code, replace default with the name of your virtual subnet.
$subnet = 'default'
$net = @{
Name = 'myVNet'
ResourceGroupName = 'myResourceGroup'
}
$vnet = Get-AzVirtualNetwork @net
($vnet | Select -ExpandProperty subnets | Where-Object {$_.Name -eq $subnet}).privateLinkServiceNetworkPolicies = "Disabled"
$vnet | Set-AzVirtualNetwork
Next steps
- Learn more about Azure private endpoints.
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for