Skip to content

disable-private-link-service-network-policy.md

Latest commit

 

History

History
92 lines (70 loc) · 3.23 KB

disable-private-link-service-network-policy.md

File metadata and controls

92 lines (70 loc) · 3.23 KB
title Disable network policies for Azure Private Link service source IP address
description Learn how to disable network policies for Azure Private Link.
author asudbring
ms.service azure-private-link
ms.topic how-to
ms.date 03/30/2026
ms.author allensu
ms.custom template-how-to
ms.devlang azurecli

Disable network policies for Private Link service source IP

When configuring Azure Private Link service, the explicit setting privateLinkServiceNetworkPolicies must be disabled on the subnet. This setting only affects the Private Link service. For other resources in the subnet, access is controlled based on the network security group security rules definition.

When you use the portal to create an instance of the Private Link service, this setting is automatically disabled as part of the creation process. Deployments using any Azure client (PowerShell, Azure CLI, or templates) require an extra step to change this property.

To enable or disable the setting, use one of the following options:

  • Azure PowerShell
  • Azure CLI
  • Azure Resource Manager templates

The following examples describe how to enable and disable privateLinkServiceNetworkPolicies for a virtual network named myVNet with a default subnet of 10.1.0.0/24 hosted in a resource group named myResourceGroup.

PowerShell

This section describes how to disable subnet private endpoint policies by using Azure PowerShell. In the following code, replace default with the name of your virtual subnet.

$subnet = 'default'

$net = @{
    Name = 'myVNet'
    ResourceGroupName = 'myResourceGroup'
}
$vnet = Get-AzVirtualNetwork @net

($vnet | Select -ExpandProperty subnets | Where-Object {$_.Name -eq $subnet}).privateLinkServiceNetworkPolicies = "Disabled"

$vnet | Set-AzVirtualNetwork

CLI

This section describes how to disable subnet private endpoint policies by using the Azure CLI.

az network vnet subnet update \
    --name default \
    --vnet-name MyVnet \
    --resource-group myResourceGroup \
    --private-link-service-network-policies Disabled

JSON

This section describes how to disable subnet private endpoint policies by using Azure Resource Manager templates.

{ 
    "name": "myVNet", 
    "type": "Microsoft.Network/virtualNetworks", 
    "apiVersion": "2024-05-01", 
    "location": "WestUS", 
    "properties": { 
        "addressSpace": { 
            "addressPrefixes": [ 
                "10.1.0.0/16" 
             ] 
        }, 
        "subnets": [ 
               { 
                 "name": "default", 
                 "properties": { 
                        "addressPrefix": "10.1.0.0/24", 
                        "privateLinkServiceNetworkPolicies": "Disabled" 
                    } 
                } 
        ] 
    } 
}

Next steps