Proposed Pull Request Change

📄 Document Links

View on GitHub View on Microsoft Learn

--- title: 'Disable network policies for Azure Private Link service source IP address' description: Learn how to disable network policies for Azure Private Link. services: private-link author: abell ms.service: azure-private-link ms.topic: how-to ms.date: 03/25/2025 ms.author: abell ms.custom: template-how-to ms.devlang: azurecli # Customer intent: "As a network administrator, I want to disable network policies on the Azure Private Link service for a specific subnet, so that I can ensure proper access control while maintaining network security for other resources." --- # Disable network policies for Private Link service source IP When configuring Azure Private Link service, the explicit setting `privateLinkServiceNetworkPolicies` must be disabled on the subnet. This setting only affects the Private Link service. For other resources in the subnet, access is controlled based on the network security group security rules definition. When you use the portal to create an instance of the Private Link service, this setting is automatically disabled as part of the creation process. Deployments using any Azure client (PowerShell, Azure CLI, or templates) require an extra step to change this property. To enable or disable the setting, use one of the following options: * Azure PowerShell * Azure CLI * Azure Resource Manager templates The following examples describe how to enable and disable `privateLinkServiceNetworkPolicies` for a virtual network named `myVNet` with a `default` subnet of `10.1.0.0/24` hosted in a resource group named `myResourceGroup`. # [**PowerShell**](#tab/private-link-network-policy-powershell) This section describes how to disable subnet private endpoint policies by using Azure PowerShell. In the following code, replace `default` with the name of your virtual subnet. ```azurepowershell $subnet = 'default' $net = @{ Name = 'myVNet' ResourceGroupName = 'myResourceGroup' } $vnet = Get-AzVirtualNetwork @net ($vnet | Select -ExpandProperty subnets | Where-Object {$_.Name -eq $subnet}).privateLinkServiceNetworkPolicies = "Disabled" $vnet | Set-AzVirtualNetwork ``` # [**CLI**](#tab/private-link-network-policy-cli) This section describes how to disable subnet private endpoint policies by using the Azure CLI. ```azurecli az network vnet subnet update \ --name default \ --vnet-name MyVnet \ --resource-group myResourceGroup \ --disable-private-link-service-network-policies yes ``` # [**JSON**](#tab/private-link-network-policy-json) This section describes how to disable subnet private endpoint policies by using Azure Resource Manager templates. ```json { "name": "myVNet", "type": "Microsoft.Network/virtualNetworks", "apiVersion": "2019-04-01", "location": "WestUS", "properties": { "addressSpace": { "addressPrefixes": [ "10.1.0.0/16" ] }, "subnets": [ { "name": "default", "properties": { "addressPrefix": "10.1.0.0/24", "privateLinkServiceNetworkPolicies": "Disabled" } } ] } } ``` --- ## Next steps - Learn more about [Azure private endpoints](private-endpoint-overview.md).