Microsoft.Network privateDnsZones/virtualNetworkLinks

Bicep resource definition

The privateDnsZones/virtualNetworkLinks resource type can be deployed to:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Network/privateDnsZones/virtualNetworkLinks resource, add the following Bicep to your template.

resource symbolicname 'Microsoft.Network/privateDnsZones/virtualNetworkLinks@2020-06-01' = {
  name: 'string'
  location: 'string'
  tags: {
    tagName1: 'tagValue1'
    tagName2: 'tagValue2'
  }
  parent: resourceSymbolicName
  etag: 'string'
  properties: {
    registrationEnabled: bool
    virtualNetwork: {
      id: 'string'
    }
  }
}

Property values

Name Description Value
name The resource name

See how to set names and types for child resources in Bicep.
string (required)

Character limit: 1-80

Valid characters:
Alphanumerics, underscores, periods, and hyphens.

Start with alphanumeric. End alphanumeric or underscore.
location The Azure Region where the resource lives string
tags Resource tags. Dictionary of tag names and values. See Tags in templates
parent In Bicep, you can specify the parent resource for a child resource. You only need to add this property when the child resource is declared outside of the parent resource.

For more information, see Child resource outside parent resource.
Symbolic name for resource of type: privateDnsZones
etag The ETag of the virtual network link. string
properties Properties of the virtual network link to the Private DNS zone. VirtualNetworkLinkProperties

VirtualNetworkLinkProperties

Name Description Value
registrationEnabled Is auto-registration of virtual machine records in the virtual network in the Private DNS zone enabled? bool
virtualNetwork The reference of the virtual network. SubResource

SubResource

Name Description Value
id Resource ID. string

Quickstart templates

The following quickstart templates deploy this resource type.

Template Description
min.io Azure Gateway

Deploy to Azure
Fully private min.io Azure Gateway deployment to provide an S3 compliant storage API backed by blob storage
AKS Cluster with a NAT Gateway and an Application Gateway

Deploy to Azure
This sample shows how to a deploy an AKS cluster with NAT Gateway for outbound connections and an Application Gateway for inbound connections.
Azure Cloud Shell - VNet

Deploy to Azure
This template deploys Azure Cloud Shell resources into an Azure virtual network.
Create a Private AKS Cluster

Deploy to Azure
This sample shows how to create a private AKS cluster in a virtual network along with a jumpbox virtual machine.
Create a Private AKS Cluster with a Public DNS Zone

Deploy to Azure
This sample shows how to a deploy a private AKS cluster with a Public DNS Zone.
WebApp consuming a Azure SQL Private Endpoint

Deploy to Azure
This template shows how to create a Web app that consumes a private endpoint pointing to Azure SQL Server
Create API Management in Internal VNet with App Gateway

Deploy to Azure
This template demonstrates how to Create a instance of Azure API Management on a private network protected by Azure Application Gateway.
Create an API Management service with a private endpoint

Deploy to Azure
This template will create an API Management service, a virtual network and a private endpoint exposing the API Management service to the virtual network.
Azure Batch pool without public IP addresses

Deploy to Azure
This template creates Azure Batch simplified node communication pool without public IP addresses.
Azure Databricks All-in-one Templat VNetInjection-Pvtendpt

Deploy to Azure
This template allows you to create a network security group, a virtual network and an Azure Databricks workspace with the virtual network, and Private Endpoint.
Deploy Azure Database for MySQL (flexible) with VNet

Deploy to Azure
This template provides a way to deploy a Flexible server Azure database for MySQL with VNet integration.
Azure Digital Twins with Function and Private Link service

Deploy to Azure
This template creates an Azure Digital Twins service configured with a Virtual Network connected Azure Function that can communicate through a Private Link Endpoint to Digital Twins. It also creates a Private DNS Zone to allow seamless hostname resolution of the Digital Twins Endpoint from the Virtual Network to the Private Endpoint internal subnet IP address. The hostname is stored as a setting to the Azure Function with name 'ADT_ENDPOINT'.
Connect to a Event Hubs namespace via private endpoint

Deploy to Azure
This sample shows how to use configure a virtual network and private DNS zone to access a Event Hubs namespace via a private endpoint.
Connect to a Key Vault via private endpoint

Deploy to Azure
This sample shows how to use configure a virtual network and private DNS zone to access Key Vault via private endpoint.
Azure Machine Learning end-to-end secure setup

Deploy to Azure
This set of Bicep templates demonstrates how to set up Azure Machine Learning end-to-end in a secure set up. This reference implementation includes the Workspace, a compute cluster, compute instance and attached private AKS cluster.
Azure Machine Learning end-to-end secure setup (legacy)

Deploy to Azure
This set of Bicep templates demonstrates how to set up Azure Machine Learning end-to-end in a secure set up. This reference implementation includes the Workspace, a compute cluster, compute instance and attached private AKS cluster.
Create an Azure Machine Learning service workspace (vnet)

Deploy to Azure
This deployment template specifies an Azure Machine Learning workspace, and its associated resources including Azure Key Vault, Azure Storage, Azure Application Insights and Azure Container Registry. This configuration describes the set of resources you require to get started with Azure Machine Learning in a network isolated set up.
Create an Azure Machine Learning service workspace (legacy)

Deploy to Azure
This deployment template specifies an Azure Machine Learning workspace, and its associated resources including Azure Key Vault, Azure Storage, Azure Application Insights and Azure Container Registry. This configuration describes the set of resources you require to get started with Azure Machine Learning in a network isolated set up.
AKS cluster with the Application Gateway Ingress Controller

Deploy to Azure
This sample shows how to deploy an AKS cluster with Application Gateway, Application Gateway Ingress Controller, Azure Container Registry, Log Analytics and Key Vault
Use Azure Firewall as a DNS Proxy in a Hub & Spoke topology

Deploy to Azure
This sample show how to deploy a hub-spoke topology in Azure using the Azure Firewall. The hub virtual network acts as a central point of connectivity to many spoke virtual networks that are connected to hub virtual network via virtual network peering.
Azure private DNS domain hosting example

Deploy to Azure
This template shows how to create a private DNS zone and optionally enable VM registration
Azure Cognitive Search service with private endpoint

Deploy to Azure
This template creates an Azure Cognitive Search service with a private endpoint.
Connect to a Service Bus namespace via private endpoint

Deploy to Azure
This sample shows how to use configure a virtual network and private DNS zone to access a Service Bus namespace via private endpoint.
Private Endpoint example

Deploy to Azure
This template shows how to create a private endpoint pointing to Azure SQL Server
Connect to a storage account from a VM via private endpoint

Deploy to Azure
This sample shows how to use connect a virtual network to access a blob storage account via private endpoint.
Connect to an Azure File Share via a Private Endpoint

Deploy to Azure
This sample shows how to use configure a virtual network and private DNS zone to access an Azure File Share via a private endpoint.
App Service Environment with Azure SQL backend

Deploy to Azure
This template creates an App Service Environment with an Azure SQL backend along with private endpoints along with associated resources typically used in an private/isolated environment.
Create Function App and private endpoint-secured Storage

Deploy to Azure
This template allows you to deploy an Azure Function App that communicates with Azure Storage over private endpoints.
Function App secured by Azure Frontdoor

Deploy to Azure
This template allows you to deploy an azure premium function protected and published by Azure Frontdoor premium. The conenction between Azure Frontdoor and Azure Functions is protected by Azure Private Link.
Web App with Private Endpoint

Deploy to Azure
This template allows you to create a Web App and expose it through Private Endpoint
Application Gateway with internal API Management and Web App

Deploy to Azure
Application Gateway routing Internet traffic to a virtual network (internal mode) API Management instance which services a web API hosted in an Azure Web App.
Create an AppServicePlan and App in an ASEv3

Deploy to Azure
Create an AppServicePlan and App in an ASEv3
SonarQube on Web App with PostgreSQL and VNet integration

Deploy to Azure
This template provides easy to deploy SonarQube to Web App on Linux with PostgreSQL Flexible Server, VNet integration and private DNS.
Web App with VNet Injection and Private Endpoint

Deploy to Azure
This template allows you to create a secure end to end solution with two web apps, front end and back end, front end will consume securely the back through VNet injection and Private Endpoint

ARM template resource definition

The privateDnsZones/virtualNetworkLinks resource type can be deployed to:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Network/privateDnsZones/virtualNetworkLinks resource, add the following JSON to your template.

{
  "type": "Microsoft.Network/privateDnsZones/virtualNetworkLinks",
  "apiVersion": "2020-06-01",
  "name": "string",
  "location": "string",
  "tags": {
    "tagName1": "tagValue1",
    "tagName2": "tagValue2"
  },
  "etag": "string",
  "properties": {
    "registrationEnabled": "bool",
    "virtualNetwork": {
      "id": "string"
    }
  }
}

Property values

Name Description Value
type The resource type 'Microsoft.Network/privateDnsZones/virtualNetworkLinks'
apiVersion The resource api version '2020-06-01'
name The resource name

See how to set names and types for child resources in JSON ARM templates.
string (required)

Character limit: 1-80

Valid characters:
Alphanumerics, underscores, periods, and hyphens.

Start with alphanumeric. End alphanumeric or underscore.
location The Azure Region where the resource lives string
tags Resource tags. Dictionary of tag names and values. See Tags in templates
etag The ETag of the virtual network link. string
properties Properties of the virtual network link to the Private DNS zone. VirtualNetworkLinkProperties

VirtualNetworkLinkProperties

Name Description Value
registrationEnabled Is auto-registration of virtual machine records in the virtual network in the Private DNS zone enabled? bool
virtualNetwork The reference of the virtual network. SubResource

SubResource

Name Description Value
id Resource ID. string

Quickstart templates

The following quickstart templates deploy this resource type.

Template Description
min.io Azure Gateway

Deploy to Azure
Fully private min.io Azure Gateway deployment to provide an S3 compliant storage API backed by blob storage
AKS Cluster with a NAT Gateway and an Application Gateway

Deploy to Azure
This sample shows how to a deploy an AKS cluster with NAT Gateway for outbound connections and an Application Gateway for inbound connections.
Azure Cloud Shell - VNet

Deploy to Azure
This template deploys Azure Cloud Shell resources into an Azure virtual network.
Create a Private AKS Cluster

Deploy to Azure
This sample shows how to create a private AKS cluster in a virtual network along with a jumpbox virtual machine.
Create a Private AKS Cluster with a Public DNS Zone

Deploy to Azure
This sample shows how to a deploy a private AKS cluster with a Public DNS Zone.
WebApp consuming a Azure SQL Private Endpoint

Deploy to Azure
This template shows how to create a Web app that consumes a private endpoint pointing to Azure SQL Server
Create API Management in Internal VNet with App Gateway

Deploy to Azure
This template demonstrates how to Create a instance of Azure API Management on a private network protected by Azure Application Gateway.
Create an API Management service with a private endpoint

Deploy to Azure
This template will create an API Management service, a virtual network and a private endpoint exposing the API Management service to the virtual network.
Azure Batch pool without public IP addresses

Deploy to Azure
This template creates Azure Batch simplified node communication pool without public IP addresses.
Azure Databricks All-in-one Templat VNetInjection-Pvtendpt

Deploy to Azure
This template allows you to create a network security group, a virtual network and an Azure Databricks workspace with the virtual network, and Private Endpoint.
Deploy Azure Database for MySQL (flexible) with VNet

Deploy to Azure
This template provides a way to deploy a Flexible server Azure database for MySQL with VNet integration.
Azure Digital Twins with Function and Private Link service

Deploy to Azure
This template creates an Azure Digital Twins service configured with a Virtual Network connected Azure Function that can communicate through a Private Link Endpoint to Digital Twins. It also creates a Private DNS Zone to allow seamless hostname resolution of the Digital Twins Endpoint from the Virtual Network to the Private Endpoint internal subnet IP address. The hostname is stored as a setting to the Azure Function with name 'ADT_ENDPOINT'.
Connect to a Event Hubs namespace via private endpoint

Deploy to Azure
This sample shows how to use configure a virtual network and private DNS zone to access a Event Hubs namespace via a private endpoint.
Connect to a Key Vault via private endpoint

Deploy to Azure
This sample shows how to use configure a virtual network and private DNS zone to access Key Vault via private endpoint.
Azure Machine Learning end-to-end secure setup

Deploy to Azure
This set of Bicep templates demonstrates how to set up Azure Machine Learning end-to-end in a secure set up. This reference implementation includes the Workspace, a compute cluster, compute instance and attached private AKS cluster.
Azure Machine Learning end-to-end secure setup (legacy)

Deploy to Azure
This set of Bicep templates demonstrates how to set up Azure Machine Learning end-to-end in a secure set up. This reference implementation includes the Workspace, a compute cluster, compute instance and attached private AKS cluster.
Create an Azure Machine Learning service workspace (vnet)

Deploy to Azure
This deployment template specifies an Azure Machine Learning workspace, and its associated resources including Azure Key Vault, Azure Storage, Azure Application Insights and Azure Container Registry. This configuration describes the set of resources you require to get started with Azure Machine Learning in a network isolated set up.
Create an Azure Machine Learning service workspace (legacy)

Deploy to Azure
This deployment template specifies an Azure Machine Learning workspace, and its associated resources including Azure Key Vault, Azure Storage, Azure Application Insights and Azure Container Registry. This configuration describes the set of resources you require to get started with Azure Machine Learning in a network isolated set up.
AKS cluster with the Application Gateway Ingress Controller

Deploy to Azure
This sample shows how to deploy an AKS cluster with Application Gateway, Application Gateway Ingress Controller, Azure Container Registry, Log Analytics and Key Vault
Use Azure Firewall as a DNS Proxy in a Hub & Spoke topology

Deploy to Azure
This sample show how to deploy a hub-spoke topology in Azure using the Azure Firewall. The hub virtual network acts as a central point of connectivity to many spoke virtual networks that are connected to hub virtual network via virtual network peering.
Azure private DNS domain hosting example

Deploy to Azure
This template shows how to create a private DNS zone and optionally enable VM registration
Azure Cognitive Search service with private endpoint

Deploy to Azure
This template creates an Azure Cognitive Search service with a private endpoint.
Connect to a Service Bus namespace via private endpoint

Deploy to Azure
This sample shows how to use configure a virtual network and private DNS zone to access a Service Bus namespace via private endpoint.
Private Endpoint example

Deploy to Azure
This template shows how to create a private endpoint pointing to Azure SQL Server
Connect to a storage account from a VM via private endpoint

Deploy to Azure
This sample shows how to use connect a virtual network to access a blob storage account via private endpoint.
Connect to an Azure File Share via a Private Endpoint

Deploy to Azure
This sample shows how to use configure a virtual network and private DNS zone to access an Azure File Share via a private endpoint.
App Service Environment with Azure SQL backend

Deploy to Azure
This template creates an App Service Environment with an Azure SQL backend along with private endpoints along with associated resources typically used in an private/isolated environment.
Create Function App and private endpoint-secured Storage

Deploy to Azure
This template allows you to deploy an Azure Function App that communicates with Azure Storage over private endpoints.
Function App secured by Azure Frontdoor

Deploy to Azure
This template allows you to deploy an azure premium function protected and published by Azure Frontdoor premium. The conenction between Azure Frontdoor and Azure Functions is protected by Azure Private Link.
Web App with Private Endpoint

Deploy to Azure
This template allows you to create a Web App and expose it through Private Endpoint
Application Gateway with internal API Management and Web App

Deploy to Azure
Application Gateway routing Internet traffic to a virtual network (internal mode) API Management instance which services a web API hosted in an Azure Web App.
Create an AppServicePlan and App in an ASEv3

Deploy to Azure
Create an AppServicePlan and App in an ASEv3
SonarQube on Web App with PostgreSQL and VNet integration

Deploy to Azure
This template provides easy to deploy SonarQube to Web App on Linux with PostgreSQL Flexible Server, VNet integration and private DNS.
Web App with VNet Injection and Private Endpoint

Deploy to Azure
This template allows you to create a secure end to end solution with two web apps, front end and back end, front end will consume securely the back through VNet injection and Private Endpoint

Terraform (AzAPI provider) resource definition

The privateDnsZones/virtualNetworkLinks resource type can be deployed to:

  • Resource groups

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Network/privateDnsZones/virtualNetworkLinks resource, add the following Terraform to your template.

resource "azapi_resource" "symbolicname" {
  type = "Microsoft.Network/privateDnsZones/virtualNetworkLinks@2020-06-01"
  name = "string"
  location = "string"
  parent_id = "string"
  tags = {
    tagName1 = "tagValue1"
    tagName2 = "tagValue2"
  }
  body = jsonencode({
    properties = {
      registrationEnabled = bool
      virtualNetwork = {
        id = "string"
      }
    }
    etag = "string"
  })
}

Property values

Name Description Value
type The resource type "Microsoft.Network/privateDnsZones/virtualNetworkLinks@2020-06-01"
name The resource name string (required)

Character limit: 1-80

Valid characters:
Alphanumerics, underscores, periods, and hyphens.

Start with alphanumeric. End alphanumeric or underscore.
location The Azure Region where the resource lives string
parent_id The ID of the resource that is the parent for this resource. ID for resource of type: privateDnsZones
tags Resource tags. Dictionary of tag names and values.
etag The ETag of the virtual network link. string
properties Properties of the virtual network link to the Private DNS zone. VirtualNetworkLinkProperties

VirtualNetworkLinkProperties

Name Description Value
registrationEnabled Is auto-registration of virtual machine records in the virtual network in the Private DNS zone enabled? bool
virtualNetwork The reference of the virtual network. SubResource

SubResource

Name Description Value
id Resource ID. string