Merge pull request #115698 from dlepow/acrlink

[ACR] public-network-enabled

Author: GitHubber17

articles/container-registry/TOC.yml

@@ -91,7 +91,7 @@
       items:
       - name: Restrict access using private endpoint
         href: container-registry-private-link.md
-      - name: Configure service firewall rules
+      - name: Configure public registry access
         href: container-registry-access-selected-networks.md
       - name: Restrict access using service endpoint (preview)
         href: container-registry-vnet.md

articles/container-registry/container-registry-access-selected-networks.md

@@ -1,8 +1,8 @@
 ---
-title: Configure service firewall rules
+title: Configure public registry access
 description: Configure IP rules to enable access to an Azure container registry from selected public IP addresses or address ranges.
 ms.topic: article
-ms.date: 05/04/2020
+ms.date: 05/19/2020
 ---
 
 # Configure public IP network rules
@@ -54,24 +54,46 @@ az acr network-rule add \
 
 ## Disable public network access
 
-To limit traffic to virtual networks using [Private Link](container-registry-private-link.md), disable the public endpoint on the registry. Disabling the public endpoint overrides all firewall configurations.
+Optionally, disable the public endpoint on the registry. Disabling the public endpoint overrides all firewall configurations. For example, you might want to disable public access to a registry secured in a virtual network using [Private Link](container-registry-private-link.md).
 
-### Disable public access - Portal
+### Disable public access - CLI
+
+To disable public access using the Azure CLI, run [az acr update][az-acr-update] and set `--public-network-enabled` to `false`. 
+
+> [!NOTE]
+> The `public-network-enabled` argument requires Azure CLI 2.6.0 or later. 
+
+```azurecli
+az acr update --name myContainerRegistry --public-network-enabled false
+```
+
+### Disable public access - portal
 
 1. In the portal, navigate to your container registry and select **Settings > Networking**.
-1. On the **Public access** tab, in **Allow public access**, select **Disabled**. Then select **Save**.
+1. On the **Public access** tab, in **Allow public network access**, select **Disabled**. Then select **Save**.
 
 ![Disable public access][acr-access-disabled]
 
-## Restore default registry access
 
-To restore the registry to allow access by default, update the default action. 
+## Restore public network access
+
+To re-enable the public endpoint, update the networking settings to allow public access. Enabling the public endpoint overrides all firewall configurations. 
+
+### Restore public access - CLI
+
+Run [az acr update][az-acr-update] and set `--public-network-enabled` to `true`. 
+
+> [!NOTE]
+> The `public-network-enabled` argument requires Azure CLI 2.6.0 or later. 
+
+```azurecli
+az acr update --name myContainerRegistry --public-network-enabled true
+```
 
-### Restore default registry access - portal
+### Restore public access - portal
 
 1. In the portal, navigate to your container registry and select **Settings > Networking**.
-1. Under **Firewall**, select each address range, and then select the Delete icon.
-1. On the **Public access** tab, in **Allow public access**, select **All networks**. Then select **Save**.
+1. On the **Public access** tab, in **Allow public network access**, select **All networks**. Then select **Save**.
 
 ![Public access from all networks][acr-access-all-networks]
 

articles/container-registry/container-registry-private-link.md

@@ -2,7 +2,7 @@
 title: Set up private link
 description: Set up a private endpoint on a container registry and enable access over a private link in a local virtual network
 ms.topic: article
-ms.date: 05/07/2020
+ms.date: 05/19/2020
 ---
 
 # Configure Azure Private Link for an Azure container registry 
@@ -19,7 +19,7 @@ This feature is available in the **Premium** container registry service tier. Fo
 
 ## Prerequisites
 
-* To use the Azure CLI steps in this article, Azure CLI version 2.2.0 or later is recommended. If you need to install or upgrade, see [Install Azure CLI][azure-cli]. Or run in [Azure Cloud Shell](../cloud-shell/quickstart.md).
+* To use the Azure CLI steps in this article, Azure CLI version 2.6.0 or later is recommended. If you need to install or upgrade, see [Install Azure CLI][azure-cli]. Or run in [Azure Cloud Shell](../cloud-shell/quickstart.md).
 * If you don't already have a container registry, create one (Premium tier required) and [import](container-registry-import-images.md) a sample image such as `hello-world` from Docker Hub. For example, use the [Azure portal][quickstart-portal] or the [Azure CLI][quickstart-cli] to create a registry.
 * To configure registry access using a private link in a different Azure subscription, you need to register the resource provider for Azure Container Registry in that subscription. For example:
 
@@ -277,7 +277,21 @@ Your private link is now configured and ready for use.
 
 ## Disable public access
 
-For many scenarios, disable registry access from public networks. This configuration prevents clients outside the virtual network from reaching the registry endpoints. To disable public access using the portal:
+For many scenarios, disable registry access from public networks. This configuration prevents clients outside the virtual network from reaching the registry endpoints. 
+
+### Disable public access - CLI
+
+To disable public access using the Azure CLI, run [az acr update][az-acr-update] and set `--public-network-enabled` to `false`. 
+
+> [!NOTE]
+> The `public-network-enabled` argument requires Azure CLI 2.6.0 or later. 
+
+```azurecli
+az acr update --name $REGISTRY_NAME --public-network-enabled false
+```
+
+
+### Disable public access - portal
 
 1. In the portal, navigate to your container registry and select **Settings > Networking**.
 1. On the **Public access** tab, in **Allow public access**, select **Disabled**. Then select **Save**.