Merge pull request #237201 from EdB-MSFT/update-private-link

prmerger-automator[bot] · web-flow · commit 0a013c1fbde3 · 2023-05-07T13:31:25.000Z
additions for Prometheus GA
diff --git a/articles/azure-monitor/logs/private-link-design.md b/articles/azure-monitor/logs/private-link-design.md
@@ -1,9 +1,11 @@
 ---
 title: Design your Azure Private Link setup
-description: This article shows how to design your Azure Private Link setup.
+description: This article shows how to design your Azure Private Link setup
+ms.author: guywild
+author: guywi-ms
 ms.reviewer: noakuper
 ms.topic: conceptual
-ms.date: 12/14/2022
+ms.date: 05/07/2023
 ---
 
 # Design your Azure Private Link setup
@@ -176,6 +178,10 @@ We've identified the following products and experiences query workspaces through
 > * VM Insights
 > * Container Insights
 
+## Managed Prometheus considerations
+* Private Link ingestion settings are made using AMPLS and settings on the Data Collection Endpoints (DCEs) that reference the Azure Monitor workspace used to store your Prometheus metrics.
+* Private Link query settings are made directly on the Azure Monitor workspace used to store your Prometheus metrics and aren't handled via AMPLS.
+
 ## Requirements
 
 Note the following requirements.
diff --git a/articles/azure-monitor/logs/private-link-security.md b/articles/azure-monitor/logs/private-link-security.md
@@ -54,7 +54,9 @@ When you configure Private Link even for a single resource, traffic to the follo
 > [!IMPORTANT]
 > Creating a private link affects traffic to *all* monitoring resources, not only resources in your AMPLS. Effectively, it will cause all query requests and ingestion to Application Insights components to go through private IPs. It doesn't mean the private link validation applies to all these requests.</br>
 >
->Resources not added to the AMPLS can only be reached if the AMPLS access mode is Open and the target resource accepts traffic from public networks. When you use the private IP, *private link validations don't apply to resources not in the AMPLS*. To learn more, see [Private Link access modes](#private-link-access-modes-private-only-vs-open).
+> Resources not added to the AMPLS can only be reached if the AMPLS access mode is Open and the target resource accepts traffic from public networks. When you use the private IP, *private link validations don't apply to resources not in the AMPLS*. To learn more, see [Private Link access modes](#private-link-access-modes-private-only-vs-open).
+>
+> Private Link settings for Managed Prometheus and ingesting data into your Azure Monitor workspace are configured on the Data Collection Endpoints for the referenced resource. Settings for querying your Azure Monitor workspace over Private Link are made directly on the Azure Monitor workspace and are not handled via AMPLS.
 
 ### Resource-specific endpoints
 Log Analytics endpoints are workspace specific, except for the query endpoint discussed earlier. As a result, adding a specific Log Analytics workspace to the AMPLS will send ingestion requests to this workspace over the private link. Ingestion to other workspaces will continue to use the public endpoints.
