Disable network policies for Private Link service source IP

In order to choose a source IP address for your Private Link service, an explicit disable setting privateLinkServiceNetworkPolicies is required on the subnet. This setting is only applicable for the specific private IP address you chose as the source IP of the Private Link service. For other resources in the subnet, access is controlled based on Network Security Groups (NSG) security rules definition.

When using the portal to create a Private Link service, this setting is automatically disabled as part of the create process. Deployments using any Azure client (PowerShell, CLI or templates), require an extra step to change this property.

You can use the following to enable or disable the setting:

  • Azure PowerShell

  • Azure CLI

  • Azure Resource Manager templates

The following examples describe how to enable and disable privateLinkServiceNetworkPolicies for a virtual network named myVNet with a default subnet of hosted in a resource group named myResourceGroup.

Next steps