ערוך

שתף באמצעות


Azure Private Endpoint private DNS zone values

It's important to correctly configure your DNS settings to resolve the private endpoint IP address to the fully qualified domain name (FQDN) of the connection string.

Existing Microsoft Azure services might already have a DNS configuration for a public endpoint. This configuration must be overridden to connect using your private endpoint.

The network interface associated with the private endpoint contains the information to configure your DNS. The network interface information includes FQDN and private IP addresses for your private link resource.

You can use the following options to configure your DNS settings for private endpoints:

  • Use the host file (only recommended for testing). You can use the host file on a virtual machine to override the DNS.

  • Use a private DNS zone. You can use private DNS zones to override the DNS resolution for a private endpoint. A private DNS zone can be linked to your virtual network to resolve specific domains.

  • Use Azure Private Resolver (optional). You can use Azure Private Resolver to override the DNS resolution for a private link resource. For more information about Azure Private Resolver, see What is Azure Private Resolver?.

Caution

  • It's not recommended to override a zone that's actively in use to resolve public endpoints. Connections to resources won't be able to resolve correctly without DNS forwarding to the public DNS. To avoid issues, create a different domain name or follow the suggested name for each service listed later in this article.

  • Existing Private DNS Zones linked to a single Azure service should not be associated with two different Azure service Private Endpoints. This will cause a deletion of the initial A-record and result in resolution issue when attempting to access that service from each respective Private Endpoint. Create a DNS zone for each Private Endpoint of like services. Don't place records for multiple services in the same DNS zone.

Azure services DNS zone configuration

Azure creates a canonical name DNS record (CNAME) on the public DNS. The CNAME record redirects the resolution to the private domain name. You can override the resolution with the private IP address of your private endpoints.

Connection URLs for your existing applications don't change. Client DNS requests to a public DNS server resolve to your private endpoints. The process doesn't affect your existing applications.

Important

Azure File Shares must be remounted if connected to the public endpoint.

Caution

  • Private networks already using the private DNS zone for a given type, can only connect to public resources if they don't have any private endpoint connections, otherwise a corresponding DNS configuration is required on the private DNS zone in order to complete the DNS resolution sequence. The corresponding DNS configuration is a manually entered A-record that points to the public IP address of the resource. This procedure isn't recommended as the IP address of the A record won't be automatically updated if the corresponding public IP address changes.

  • Private endpoint private DNS zone configurations will only automatically generate if you use the recommended naming scheme in the following tables.

For Azure services, use the recommended zone names as described in the following tables:

Commercial

AI + Machine Learning

Private link resource type Subresource Private DNS zone name Public DNS zone forwarders
Azure Machine Learning (Microsoft.MachineLearningServices/workspaces) amlworkspace privatelink.api.azureml.ms
privatelink.notebooks.azure.net
api.azureml.ms
notebooks.azure.net
instances.azureml.ms
aznbcontent.net
inference.ml.azure.com
Azure AI services (Microsoft.CognitiveServices/accounts) account privatelink.cognitiveservices.azure.com
privatelink.openai.azure.com
cognitiveservices.azure.com
openai.azure.com
Azure Bot Service (Microsoft.BotService/botServices) Bot privatelink.directline.botframework.com directline.botframework.com
Azure Bot Service (Microsoft.BotService/botServices) Token privatelink.token.botframework.com token.botframework.com

Analytics

Private link resource type Subresource Private DNS zone name Public DNS zone forwarders
Azure Synapse Analytics (Microsoft.Synapse/workspaces) Sql privatelink.sql.azuresynapse.net sql.azuresynapse.net
Azure Synapse Analytics (Microsoft.Synapse/workspaces) SqlOnDemand privatelink.sql.azuresynapse.net sql.azuresynapse.net
Azure Synapse Analytics (Microsoft.Synapse/workspaces) Dev privatelink.dev.azuresynapse.net dev.azuresynapse.net
Azure Synapse Studio (Microsoft.Synapse/privateLinkHubs) Web privatelink.azuresynapse.net azuresynapse.net
Azure Event Hubs (Microsoft.EventHub/namespaces) namespace privatelink.servicebus.windows.net servicebus.windows.net
Azure Service Bus (Microsoft.ServiceBus/namespaces) namespace privatelink.servicebus.windows.net servicebus.windows.net
Azure Data Factory (Microsoft.DataFactory/factories) dataFactory privatelink.datafactory.azure.net datafactory.azure.net
Azure Data Factory (Microsoft.DataFactory/factories) portal privatelink.adf.azure.com adf.azure.com
Azure HDInsight (Microsoft.HDInsight/clusters) gateway
headnode
privatelink.azurehdinsight.net azurehdinsight.net
Azure Data Explorer (Microsoft.Kusto/Clusters) cluster privatelink.{regionName}.kusto.windows.net
privatelink.blob.core.windows.net
privatelink.queue.core.windows.net
privatelink.table.core.windows.net
{regionName}.kusto.windows.net
blob.core.windows.net
queue.core.windows.net
table.core.windows.net
Microsoft Power BI (Microsoft.PowerBI/privateLinkServicesForPowerBI) tenant privatelink.analysis.windows.net
privatelink.pbidedicated.windows.net
privatelink.tip1.powerquery.microsoft.com
analysis.windows.net
pbidedicated.windows.net
tip1.powerquery.microsoft.com
Azure Databricks (Microsoft.Databricks/workspaces) databricks_ui_api
browser_authentication
privatelink.azuredatabricks.net azuredatabricks.net

Compute

Private link resource type Subresource Private DNS zone name Public DNS zone forwarders
Azure Batch (Microsoft.Batch/batchAccounts) batchAccount privatelink.batch.azure.com {regionName}.batch.azure.com
Azure Batch (Microsoft.Batch/batchAccounts) nodeManagement privatelink.batch.azure.com {regionName}.service.batch.azure.com
Azure Virtual Desktop (Microsoft.DesktopVirtualization/workspaces) global privatelink-global.wvd.microsoft.com wvd.microsoft.com
Azure Virtual Desktop (Microsoft.DesktopVirtualization/workspaces) feed privatelink.wvd.microsoft.com wvd.microsoft.com
Azure Virtual Desktop (Microsoft.DesktopVirtualization/hostpools) connection privatelink.wvd.microsoft.com wvd.microsoft.com

Containers

Private link resource type Subresource Private DNS zone name Public DNS zone forwarders
Azure Kubernetes Service - Kubernetes API (Microsoft.ContainerService/managedClusters) management privatelink.{regionName}.azmk8s.io
{subzone}.privatelink.{regionName}.azmk8s.io
{regionName}.azmk8s.io
Azure Container Registry (Microsoft.ContainerRegistry/registries) registry privatelink.azurecr.io
{regionName}.data.privatelink.azurecr.io
azurecr.io
{regionName}.data.azurecr.io

Databases

Private link resource type Subresource Private DNS zone name Public DNS zone forwarders
Azure SQL Database (Microsoft.Sql/servers) sqlServer privatelink.database.windows.net database.windows.net
Azure SQL Managed Instance (Microsoft.Sql/managedInstances) managedInstance privatelink.{dnsPrefix}.database.windows.net {instanceName}.{dnsPrefix}.database.windows.net
Azure Cosmos DB (Microsoft.DocumentDB/databaseAccounts) Sql privatelink.documents.azure.com documents.azure.com
Azure Cosmos DB (Microsoft.DocumentDB/databaseAccounts) MongoDB privatelink.mongo.cosmos.azure.com mongo.cosmos.azure.com
Azure Cosmos DB (Microsoft.DocumentDB/databaseAccounts) Cassandra privatelink.cassandra.cosmos.azure.com cassandra.cosmos.azure.com
Azure Cosmos DB (Microsoft.DocumentDB/databaseAccounts) Gremlin privatelink.gremlin.cosmos.azure.com gremlin.cosmos.azure.com
Azure Cosmos DB (Microsoft.DocumentDB/databaseAccounts) Table privatelink.table.cosmos.azure.com table.cosmos.azure.com
Azure Cosmos DB (Microsoft.DocumentDB/databaseAccounts) Analytical privatelink.analytics.cosmos.azure.com analytics.cosmos.azure.com
Azure Cosmos DB (Microsoft.DBforPostgreSQL/serverGroupsv2) coordinator privatelink.postgres.cosmos.azure.com postgres.cosmos.azure.com
Azure Database for PostgreSQL - Single server (Microsoft.DBforPostgreSQL/servers) postgresqlServer privatelink.postgres.database.azure.com postgres.database.azure.com
Azure Database for PostgreSQL - Flexible server (Microsoft.DBforPostgreSQL/flexibleServers) postgresqlServer privatelink.postgres.database.azure.com postgres.database.azure.com
Azure Database for MySQL - Single Server (Microsoft.DBforMySQL/servers) mysqlServer privatelink.mysql.database.azure.com mysql.database.azure.com
Azure Database for MySQL - Flexible Server (Microsoft.DBforMySQL/flexibleServers) mysqlServer privatelink.mysql.database.azure.com mysql.database.azure.com
Azure Database for MariaDB (Microsoft.DBforMariaDB/servers) mariadbServer privatelink.mariadb.database.azure.com mariadb.database.azure.com
Azure Cache for Redis (Microsoft.Cache/Redis) redisCache privatelink.redis.cache.windows.net redis.cache.windows.net
Azure Cache for Redis Enterprise (Microsoft.Cache/RedisEnterprise) redisEnterprise privatelink.redisenterprise.cache.azure.net redisenterprise.cache.azure.net

Hybrid + multicloud

Private link resource type Subresource Private DNS zone name Public DNS zone forwarders
Azure Arc (Microsoft.HybridCompute/privateLinkScopes) hybridcompute privatelink.his.arc.azure.com
privatelink.guestconfiguration.azure.com
privatelink.dp.kubernetesconfiguration.azure.com
his.arc.azure.com
guestconfiguration.azure.com
dp.kubernetesconfiguration.azure.com

Integration

Private link resource type Subresource Private DNS zone name Public DNS zone forwarders
Azure Service Bus (Microsoft.ServiceBus/namespaces) namespace privatelink.servicebus.windows.net servicebus.windows.net
Azure Event Grid (Microsoft.EventGrid/topics) topic privatelink.eventgrid.azure.net eventgrid.azure.net
Azure Event Grid (Microsoft.EventGrid/domains) domain privatelink.eventgrid.azure.net eventgrid.azure.net
Azure Event Grid (Microsoft.EventGrid/namespaces) topic privatelink.eventgrid.azure.net eventgrid.azure.net
Azure Event Grid (Microsoft.EventGrid/namespaces/topicSpace) topicSpace privatelink.ts.eventgrid.azure.net eventgrid.azure.net
Azure Event Grid (Microsoft.EventGrid/partnerNamespaces) partnernamespace privatelink.eventgrid.azure.net eventgrid.azure.net
Azure API Management (Microsoft.ApiManagement/service) Gateway privatelink.azure-api.net azure-api.net
Azure Health Data Services (Microsoft.HealthcareApis/workspaces) healthcareworkspace privatelink.workspace.azurehealthcareapis.com
privatelink.fhir.azurehealthcareapis.com
privatelink.dicom.azurehealthcareapis.com
workspace.azurehealthcareapis.com
fhir.azurehealthcareapis.com
dicom.azurehealthcareapis.com

Internet of Things (IoT)

Private link resource type Subresource Private DNS zone name Public DNS zone forwarders
Azure IoT Hub (Microsoft.Devices/IotHubs) iotHub privatelink.azure-devices.net
privatelink.servicebus.windows.net1
azure-devices.net
servicebus.windows.net
Azure IoT Hub Device Provisioning Service (Microsoft.Devices/ProvisioningServices) iotDps privatelink.azure-devices-provisioning.net azure-devices-provisioning.net
Device Update for IoT Hubs (Microsoft.DeviceUpdate/accounts) DeviceUpdate privatelink.api.adu.microsoft.com api.adu.microsoft.com
Azure IoT Central (Microsoft.IoTCentral/IoTApps) iotApp privatelink.azureiotcentral.com azureiotcentral.com
Azure Digital Twins (Microsoft.DigitalTwins/digitalTwinsInstances) API privatelink.digitaltwins.azure.net digitaltwins.azure.net

Media

Private link resource type Subresource Private DNS zone name Public DNS zone forwarders
Azure Media Services (Microsoft.Media/mediaservices) keydelivery
liveevent
streamingendpoint
privatelink.media.azure.net media.azure.net

Management and Governance

Private link resource type Subresource Private DNS zone name Public DNS zone forwarders
Azure Automation (Microsoft.Automation/automationAccounts) Webhook
DSCAndHybridWorker
privatelink.azure-automation.net {regionCode}.azure-automation.net
Azure Backup (Microsoft.RecoveryServices/vaults) AzureBackup privatelink.{regionCode}.backup.windowsazure.com {regionCode}.backup.windowsazure.com
Azure Site Recovery (Microsoft.RecoveryServices/vaults) AzureSiteRecovery privatelink.siterecovery.windowsazure.com {regionCode}.siterecovery.windowsazure.com
Azure Monitor (Microsoft.Insights/privateLinkScopes) azuremonitor privatelink.monitor.azure.com
privatelink.oms.opinsights.azure.com
privatelink.ods.opinsights.azure.com
privatelink.agentsvc.azure-automation.net
privatelink.blob.core.windows.net
monitor.azure.com
oms.opinsights.azure.com
ods.opinsights.azure.com
agentsvc.azure-automation.net
blob.core.windows.net
services.visualstudio.com
applicationinsights.azure.com
Microsoft Purview (Microsoft.Purview/accounts) account privatelink.purview.azure.com purview.azure.com
Microsoft Purview (Microsoft.Purview/accounts) portal privatelink.purviewstudio.azure.com purviewstudio.azure.com
Azure Migrate (Microsoft.Migrate/migrateProjects) Default privatelink.prod.migration.windowsazure.com prod.migration.windowsazure.com
Azure Migrate (Microsoft.Migrate/assessmentProjects) Default privatelink.prod.migration.windowsazure.com prod.migration.windowsazure.com
Azure Resource Manager (Microsoft.Authorization/resourceManagementPrivateLinks) ResourceManagement privatelink.azure.com azure.com
Azure Managed Grafana (Microsoft.Dashboard/grafana) grafana privatelink.grafana.azure.com grafana.azure.com

Security

Private link resource type Subresource Private DNS zone name Public DNS zone forwarders
Azure Key Vault (Microsoft.KeyVault/vaults) vault privatelink.vaultcore.azure.net vault.azure.net
vaultcore.azure.net
Azure Key Vault (Microsoft.KeyVault/managedHSMs) managedhsm privatelink.managedhsm.azure.net managedhsm.azure.net
Azure App Configuration (Microsoft.AppConfiguration/configurationStores) configurationStores privatelink.azconfig.io azconfig.io
Azure Attestation (Microsoft.Attestation/attestationProviders) standard privatelink.attest.azure.net attest.azure.net

Storage

Private link resource type Subresource Private DNS zone name Public DNS zone forwarders
Storage account (Microsoft.Storage/storageAccounts) blob
blob_secondary
privatelink.blob.core.windows.net blob.core.windows.net
Storage account (Microsoft.Storage/storageAccounts) table
table_secondary
privatelink.table.core.windows.net table.core.windows.net
Storage account (Microsoft.Storage/storageAccounts) queue
queue_secondary
privatelink.queue.core.windows.net queue.core.windows.net
Storage account (Microsoft.Storage/storageAccounts) file privatelink.file.core.windows.net file.core.windows.net
Storage account (Microsoft.Storage/storageAccounts) web
web_secondary
privatelink.web.core.windows.net web.core.windows.net
Azure Data Lake File System Gen2 (Microsoft.Storage/storageAccounts) dfs
dfs_secondary
privatelink.dfs.core.windows.net dfs.core.windows.net
Azure File Sync (Microsoft.StorageSync/storageSyncServices) afs privatelink.afs.azure.net afs.azure.net
Azure Managed Disks (Microsoft.Compute/diskAccesses) disks privatelink.blob.core.windows.net blob.core.windows.net

Web

Private link resource type Subresource Private DNS zone name Public DNS zone forwarders
Azure Search (Microsoft.Search/searchServices) searchService privatelink.search.windows.net search.windows.net
Azure Relay (Microsoft.Relay/namespaces) namespace privatelink.servicebus.windows.net servicebus.windows.net
Azure Web Apps - Azure Function Apps (Microsoft.Web/sites) sites privatelink.azurewebsites.net
scm.privatelink.azurewebsites.net2</sup
azurewebsites.net
scm.azurewebsites.net
SignalR (Microsoft.SignalRService/SignalR) signalr privatelink.service.signalr.net service.signalr.net
Azure Static Web Apps (Microsoft.Web/staticSites) staticSites privatelink.azurestaticapps.net
privatelink.{partitionId}.azurestaticapps.net
azurestaticapps.net
{partitionId}.azurestaticapps.net
Azure Event Hubs (Microsoft.EventHub/namespaces) namespace privatelink.servicebus.windows.net servicebus.windows.net

1To use with IoT Hub's built-in Event Hub compatible endpoint. To learn more, see private link support for IoT Hub's built-in endpoint

2In scenarios where the Kudu console or Kudu REST API is used, you must create two DNS records pointing to the private endpoint IP in your Azure DNS private zone or custom DNS server. The first record is for your app, and the second record is for the SCM (Source Control Management) of your app.

Note

In the above text, {regionCode} refers to the region code (for example, eus for East US and ne for North Europe). Refer to the following lists for regions codes:

{regionName} refers to the full region name (for example, eastus for East US and northeurope for North Europe). To retrieve a current list of Azure regions and their names and display names, use az account list-locations -o table.

Government

AI + Machine Learning

Private link resource type Subresource Private DNS zone name Public DNS zone forwarders
Azure AI services (Microsoft.CognitiveServices/accounts) account privatelink.cognitiveservices.azure.us cognitiveservices.azure.us
Azure Machine Learning (Microsoft.MachineLearningServices/workspaces) amlworkspace privatelink.api.ml.azure.us
privatelink.notebooks.usgovcloudapi.net
api.ml.azure.us
notebooks.usgovcloudapi.net
instances.azureml.us
aznbcontent.net
inference.ml.azure.us

Analytics

Private link resource type Subresource Private DNS zone name Public DNS zone forwarders
Azure Event Hubs (Microsoft.EventHub/namespaces) namespace privatelink.servicebus.usgovcloudapi.net servicebus.usgovcloudapi.net
Azure Synapse Analytics (Microsoft.Synapse/workspaces) Sql privatelink.sql.azuresynapse.usgovcloudapi.net sql.azuresynapse.usgovcloudapi.net
Azure Synapse Analytics (Microsoft.Synapse/workspaces) SqlOnDemand privatelink.sql.azuresynapse.usgovcloudapi.net {workspaceName}-ondemand.sql.azuresynapse.usgovcloudapi.net
Azure Synapse Analytics (Microsoft.Synapse/workspaces) Dev privatelink.dev.azuresynapse.usgovcloudapi.net dev.azuresynapse.usgovcloudapi.net
Azure Synapse Studio (Microsoft.Synapse/privateLinkHubs) Web privatelink.azuresynapse.usgovcloudapi.net azuresynapse.usgovcloudapi.net
Azure Data Factory (Microsoft.DataFactory/factories) dataFactory privatelink.datafactory.azure.us datafactory.azure.us
Azure Data Factory (Microsoft.DataFactory/factories) portal privatelink.adf.azure.us adf.azure.us
Azure HDInsight (Microsoft.HDInsight) gateway
headnode
privatelink.azurehdinsight.us azurehdinsight.us
Azure Databricks (Microsoft.Databricks/workspaces) databricks_ui_api
browser_authentication
privatelink.databricks.azure.us databricks.azure.us

Compute

Private link resource type Subresource Private DNS zone name Public DNS zone forwarders
Azure Batch (Microsoft.Batch/batchAccounts) batchAccount privatelink.batch.usgovcloudapi.net {regionName}.batch.usgovcloudapi.net
Azure Batch (Microsoft.Batch/batchAccounts) nodeManagement privatelink.batch.usgovcloudapi.net {regionName}.service.batch.usgovcloudapi.net
Azure Virtual Desktop (Microsoft.DesktopVirtualization/workspaces) global privatelink-global.wvd.azure.us wvd.azure.us
Azure Virtual Desktop (Microsoft.DesktopVirtualization/workspaces
Microsoft.DesktopVirtualization/hostpools)
feed
connection
privatelink.wvd.azure.us wvd.azure.us

Containers

Private link resource type Subresource Private DNS zone name Public DNS zone forwarders
Azure Container Registry (Microsoft.ContainerRegistry/registries) registry privatelink.azurecr.us
{regionName}.privatelink.azurecr.us
azurecr.us
{regionName}.azurecr.us

Databases

Private link resource type Subresource Private DNS zone name Public DNS zone forwarders
Azure SQL Database (Microsoft.Sql/servers) sqlServer privatelink.database.usgovcloudapi.net database.usgovcloudapi.net
Azure SQL Managed Instance (Microsoft.Sql/managedInstances) managedInstance privatelink.{dnsPrefix}.database.usgovcloudapi.net {instanceName}.{dnsPrefix}.database.usgovcloudapi.net
Azure Cosmos DB (Microsoft.DocumentDB/databaseAccounts) Sql privatelink.documents.azure.us documents.azure.us
Azure Cosmos DB (Microsoft.DocumentDB/databaseAccounts) MongoDB privatelink.mongo.cosmos.azure.us mongo.cosmos.azure.us
Azure Cosmos DB (Microsoft.DocumentDB/databaseAccounts) Cassandra privatelink.cassandra.cosmos.azure.us cassandra.cosmos.azure.us
Azure Cosmos DB (Microsoft.DocumentDB/databaseAccounts) Gremlin privatelink.gremlin.cosmos.azure.us gremlin.cosmos.azure.us
Azure Cosmos DB (Microsoft.DocumentDB/databaseAccounts) Table privatelink.table.cosmos.azure.us table.cosmos.azure.us
Azure Database for PostgreSQL - Single server (Microsoft.DBforPostgreSQL/servers) postgresqlServer privatelink.postgres.database.usgovcloudapi.net postgres.database.usgovcloudapi.net
Azure Database for PostgreSQL - Flexible server (Microsoft.DBforPostgreSQL/flexibleServers) postgresqlServer privatelink.postgres.database.usgovcloudapi.net postgres.database.usgovcloudapi.net
Azure Database for MySQL - Single Server (Microsoft.DBforMySQL/servers) mysqlServer privatelink.mysql.database.usgovcloudapi.net mysql.database.usgovcloudapi.net
Azure Database for MySQL - Flexible Server (Microsoft.DBforMySQL/flexibleServers) mysqlServer privatelink.mysql.database.usgovcloudapi.net mysql.database.usgovcloudapi.net
Azure Database for MariaDB (Microsoft.DBforMariaDB/servers) mariadbServer privatelink.mariadb.database.usgovcloudapi.net mariadb.database.usgovcloudapi.net
Azure Cache for Redis (Microsoft.Cache/Redis) redisCache privatelink.redis.cache.usgovcloudapi.net redis.cache.usgovcloudapi.net

Hybrid + multicloud

Private link resource type Subresource Private DNS zone name Public DNS zone forwarders

Integration

Private link resource type Subresource Private DNS zone name Public DNS zone forwarders
Azure Service Bus (Microsoft.ServiceBus/namespaces) namespace privatelink.servicebus.usgovcloudapi.net servicebus.usgovcloudapi.net
Azure Event Grid (Microsoft.EventGrid/topics) topic privatelink.eventgrid.azure.us eventgrid.azure.us
Azure Event Grid (Microsoft.EventGrid/domains) domain privatelink.eventgrid.azure.us eventgrid.azure.us
Azure Health Data Services (Microsoft.HealthcareApis/workspaces) healthcareworkspace privatelink.workspace.azurehealthcareapis.us
privatelink.fhir.azurehealthcareapis.us
privatelink.dicom.azurehealthcareapis.us
workspace.azurehealthcareapis.us
fhir.azurehealthcareapis.us
dicom.azurehealthcareapis.us

Internet of Things (IoT)

Private link resource type Subresource Private DNS zone name Public DNS zone forwarders
Azure IoT Hub (Microsoft.Devices/IotHubs) iotHub privatelink.azure-devices.us
privatelink.servicebus.windows.us1
azure-devices.us
servicebus.usgovcloudapi.net
Azure IoT Hub Device Provisioning Service (Microsoft.Devices/ProvisioningServices) iotDps privatelink.azure-devices-provisioning.us azure-devices-provisioning.us

Media

Private link resource type Subresource Private DNS zone name Public DNS zone forwarders

Management and Governance

Private link resource type Subresource Private DNS zone name Public DNS zone forwarders
Azure Automation / (Microsoft.Automation/automationAccounts) Webhook
DSCAndHybridWorker
privatelink.azure-automation.us azure-automation.us
Azure Backup (Microsoft.RecoveryServices/vaults) AzureBackup privatelink.{regionCode}.backup.windowsazure.us {regionCode}.backup.windowsazure.us
Azure Site Recovery (Microsoft.RecoveryServices/vaults) AzureSiteRecovery privatelink.siterecovery.windowsazure.us {regionCode}.siterecovery.windowsazure.us
Azure Monitor (Microsoft.Insights/privateLinkScopes) azuremonitor privatelink.monitor.azure.us
privatelink.adx.monitor.azure.us
privatelink.oms.opinsights.azure.us
privatelink.ods.opinsights.azure.us
privatelink.agentsvc.azure-automation.us
privatelink.blob.core.usgovcloudapi.net
monitor.azure.us
adx.monitor.azure.us
oms.opinsights.azure.us
ods.opinsights.azure.us
agentsvc.azure-automation.us
blob.core.usgovcloudapi.net
Microsoft Purview (Microsoft.Purview) account privatelink.purview.azure.us purview.azure.us
Microsoft Purview (Microsoft.Purview) portal privatelink.purviewstudio.azure.us purview.azure.com
purviewstudio.azure.us

Security

Private link resource type Subresource Private DNS zone name Public DNS zone forwarders
Azure Key Vault (Microsoft.KeyVault/vaults) vault privatelink.vaultcore.usgovcloudapi.net vault.usgovcloudapi.net
vaultcore.usgovcloudapi.net
Azure App Configuration (Microsoft.AppConfiguration/configurationStores) configurationStores privatelink.azconfig.azure.us azconfig.azure.us

Storage

Private link resource type Subresource Private DNS zone name Public DNS zone forwarders
Storage account (Microsoft.Storage/storageAccounts) blob
blob_secondary
privatelink.blob.core.usgovcloudapi.net blob.core.usgovcloudapi.net
Storage account (Microsoft.Storage/storageAccounts) table
table_secondary
privatelink.table.core.usgovcloudapi.net table.core.usgovcloudapi.net
Storage account (Microsoft.Storage/storageAccounts) queue
queue_secondary
privatelink.queue.core.usgovcloudapi.net queue.core.usgovcloudapi.net
Storage account (Microsoft.Storage/storageAccounts) file
file_secondary
privatelink.file.core.usgovcloudapi.net file.core.usgovcloudapi.net
Storage account (Microsoft.Storage/storageAccounts) web
web_secondary
privatelink.web.core.usgovcloudapi.net web.core.usgovcloudapi.net
Azure Data Lake File System Gen2 (Microsoft.Storage/storageAccounts) dfs
dfs_secondary
privatelink.dfs.core.usgovcloudapi.net dfs.core.usgovcloudapi.net

Web

Private link resource type Subresource Private DNS zone name Public DNS zone forwarders
Azure Search (Microsoft.Search/searchServices) searchService privatelink.search.azure.us search.azure.us
Azure Relay (Microsoft.Relay/namespaces) namespace privatelink.servicebus.usgovcloudapi.net servicebus.usgovcloudapi.net
Azure Web Apps (Microsoft.Web/sites) sites privatelink.azurewebsites.us
scm.privatelink.azurewebsites.us2
azurewebsites.us
scm.azurewebsites.us
Azure Event Hubs (Microsoft.EventHub/namespaces) namespace privatelink.servicebus.usgovcloudapi.net servicebus.usgovcloudapi.net

2In scenarios where the Kudu console or Kudu REST API is used, you must create two DNS records pointing to the private endpoint IP in your Azure DNS private zone or custom DNS server. The first record is for your app, and the second record is for the SCM (Source Control Management) of your app.

Note

In the above text, {regionCode} refers to the region code (for example, eus for East US and ne for North Europe). Refer to the following lists for regions codes:

{regionName} refers to the full region name (for example, eastus for East US and northeurope for North Europe). To retrieve a current list of Azure regions and their names and display names, use az account list-locations -o table.

China

AI + Machine Learning

Private link resource type Subresource Private DNS zone name Public DNS zone forwarders
Azure Machine Learning (Microsoft.MachineLearningServices/workspaces) amlworkspace privatelink.api.ml.azure.cn
privatelink.notebooks.chinacloudapi.cn
api.ml.azure.cn
notebooks.chinacloudapi.cn
instances.azureml.cn
aznbcontent.net
inference.ml.azure.cn

Analytics

Private link resource type Subresource Private DNS zone name Public DNS zone forwarders
Azure Data Factory (Microsoft.DataFactory/factories) dataFactory privatelink.datafactory.azure.cn datafactory.azure.cn
Azure Data Factory (Microsoft.DataFactory/factories) portal privatelink.adf.azure.cn adf.azure.cn
Azure HDInsight (Microsoft.HDInsight) gateway
headnode
privatelink.azurehdinsight.cn azurehdinsight.cn
Azure Data Explorer (Microsoft.Kusto/Clusters) cluster privatelink.{regionName}.kusto.windows.cn {regionName}.kusto.windows.cn

Compute

Private link resource type Subresource Private DNS zone name Public DNS zone forwarders
Azure Batch (Microsoft.Batch/batchAccounts) batchAccount privatelink.batch.chinacloudapi.cn {region}.batch.chinacloudapi.cn
Azure Batch (Microsoft.Batch/batchAccounts) nodeManagement privatelink.batch.chinacloudapi.cn {region}.service.batch.chinacloudapi.cn
Azure Virtual Desktop (Microsoft.DesktopVirtualization/workspaces) global privatelink-global.wvd.azure.cn wvd.azure.cn
Azure Virtual Desktop (Microsoft.DesktopVirtualization/workspaces and Microsoft.DesktopVirtualization/hostpools) feed
connection
privatelink.wvd.azure.cn wvd.azure.cn

Containers

Private link resource type Subresource Private DNS zone name Public DNS zone forwarders

Databases

Private link resource type Subresource Private DNS zone name Public DNS zone forwarders
Azure SQL Database (Microsoft.Sql/servers) sqlServer privatelink.database.chinacloudapi.cn database.chinacloudapi.cn
Azure Cosmos DB (Microsoft.DocumentDB/databaseAccounts) Sql privatelink.documents.azure.cn documents.azure.cn
Azure Cosmos DB (Microsoft.DocumentDB/databaseAccounts) MongoDB privatelink.mongo.cosmos.azure.cn mongo.cosmos.azure.cn
Azure Cosmos DB (Microsoft.DocumentDB/databaseAccounts) Cassandra privatelink.cassandra.cosmos.azure.cn cassandra.cosmos.azure.cn
Azure Cosmos DB (Microsoft.DocumentDB/databaseAccounts) Gremlin privatelink.gremlin.cosmos.azure.cn gremlin.cosmos.azure.cn
Azure Cosmos DB (Microsoft.DocumentDB/databaseAccounts) Table privatelink.table.cosmos.azure.cn table.cosmos.azure.cn
Azure Database for PostgreSQL - Single server (Microsoft.DBforPostgreSQL/servers) postgresqlServer privatelink.postgres.database.chinacloudapi.cn postgres.database.chinacloudapi.cn
Azure Database for PostgreSQL - Flexible server (Microsoft.DBforPostgreSQL/flexibleServers) postgresqlServer privatelink.postgres.database.chinacloudapi.cn postgres.database.chinacloudapi.cn
Azure Database for MySQL - Single Server (Microsoft.DBforMySQL/servers) mysqlServer privatelink.mysql.database.chinacloudapi.cn mysql.database.chinacloudapi.cn
Azure Database for MySQL - Flexible Server (Microsoft.DBforMySQL/flexibleServers) mysqlServer privatelink.mysql.database.chinacloudapi.cn mysql.database.chinacloudapi.cn
Azure Database for MariaDB (Microsoft.DBforMariaDB/servers) mariadbServer privatelink.mariadb.database.chinacloudapi.cn mariadb.database.chinacloudapi.cn
Azure Cache for Redis (Microsoft.Cache/Redis) redisCache privatelink.redis.cache.chinacloudapi.cn redis.cache.chinacloudapi.cn

Hybrid + multicloud

Private link resource type Subresource Private DNS zone name Public DNS zone forwarders

Integration

Private link resource type Subresource Private DNS zone name Public DNS zone forwarders
Azure Service Bus (Microsoft.ServiceBus/namespaces) namespace privatelink.servicebus.chinacloudapi.cn servicebus.chinacloudapi.cn

Internet of Things (IoT)

Private link resource type Subresource Private DNS zone name Public DNS zone forwarders
Azure IoT Hub (Microsoft.Devices/IotHubs) iotHub privatelink.azure-devices.cn
privatelink.servicebus.chinacloudapi.cn 1
azure-devices.cn
servicebus.chinacloudapi.cn
Azure IoT Hub Device Provisioning Service (Microsoft.Devices/ProvisioningServices) iotDps privatelink.azure-devices-provisioning.cn azure-devices-provisioning.cn

Media

Private link resource type Subresource Private DNS zone name Public DNS zone forwarders

Management and Governance

Private link resource type Subresource Private DNS zone name Public DNS zone forwarders
Azure Automation / (Microsoft.Automation/automationAccounts) Webhook
DSCAndHybridWorker
privatelink.azure-automation.cn azure-automation.cn

Security

Private link resource type Subresource Private DNS zone name Public DNS zone forwarders
Azure Key Vault (Microsoft.KeyVault/vaults) vault privatelink.vaultcore.azure.cn vaultcore.azure.cn

Storage

Private link resource type Subresource Private DNS zone name Public DNS zone forwarders
Storage account (Microsoft.Storage/storageAccounts) blob
blob_secondary
privatelink.blob.core.chinacloudapi.cn blob.core.chinacloudapi.cn
Storage account (Microsoft.Storage/storageAccounts) table
table_secondary
privatelink.table.core.chinacloudapi.cn table.core.chinacloudapi.cn
Storage account (Microsoft.Storage/storageAccounts) queue
queue_secondary
privatelink.queue.core.chinacloudapi.cn queue.core.chinacloudapi.cn
Storage account (Microsoft.Storage/storageAccounts) file
file_secondary
privatelink.file.core.chinacloudapi.cn file.core.chinacloudapi.cn
Storage account (Microsoft.Storage/storageAccounts) web
web_secondary
privatelink.web.core.chinacloudapi.cn web.core.chinacloudapi.cn
Azure Data Lake File System Gen2 (Microsoft.Storage/storageAccounts) dfs
dfs_secondary
privatelink.dfs.core.chinacloudapi.cn dfs.core.chinacloudapi.cn
Azure File Sync (Microsoft.StorageSync/storageSyncServices) afs privatelink.afs.azure.cn afs.azure.cn

Web

Private link resource type Subresource Private DNS zone name Public DNS zone forwarders
Azure Event Hubs (Microsoft.EventHub/namespaces) namespace privatelink.servicebus.chinacloudapi.cn servicebus.chinacloudapi.cn
Azure Relay (Microsoft.Relay/namespaces) namespace privatelink.servicebus.chinacloudapi.cn servicebus.chinacloudapi.cn
Azure Web Apps (Microsoft.Web/sites) sites privatelink.chinacloudsites.cn chinacloudsites.cn
SignalR (Microsoft.SignalRService/SignalR) signalR privatelink.signalr.azure.cn service.signalr.azure.cn

1To use with IoT Hub's built-in Event Hub compatible endpoint. To learn more, see private link support for IoT Hub's built-in endpoint

Next step

To learn more about DNS integration and scenarios for Azure Private Link, continue to the following article: