Merge pull request #226031 from asudbring/privatelink-disable-policy

v-ccolin · web-flow · commit 5ddc32ad0d31 · 2023-02-02T08:18:40.000Z
Updated page, added tabs, and fixed up code for Disable network policy for Private Link Service
diff --git a/articles/private-link/disable-private-link-service-network-policy.md b/articles/private-link/disable-private-link-service-network-policy.md
@@ -2,10 +2,10 @@
 title: 'Disable network policies for Azure Private Link service source IP address '
 description: Learn how to disable network policies for Azure private Link
 services: private-link
-author: malopMSFT
+author: asudbring
 ms.service: private-link
 ms.topic: how-to
-ms.date: 09/16/2019
+ms.date: 02/02/2023
 ms.author: allensu 
 ms.custom: devx-track-azurepowershell, devx-track-azurecli 
 ms.devlang: azurecli
@@ -15,52 +15,68 @@ ms.devlang: azurecli
 
 In order to choose a source IP address for your Private Link service, an explicit disable setting `privateLinkServiceNetworkPolicies` is required on the subnet. This setting is only applicable for the specific private IP address you chose as the source IP of the Private Link service. For other resources in the subnet, access is controlled based on Network Security Groups (NSG) security rules definition. 
  
-When using the portal to create a Private Link service, this setting is automatically disabled as part of the create process. Deployments using any Azure client (PowerShell, CLI or templates), require an additional step to change this property. You can disable the policy using the cloud shell from the Azure portal, or local installations of Azure PowerShell, Azure CLI, or use Azure Resource Manager templates.  
+When using the portal to create a Private Link service, this setting is automatically disabled as part of the create process. Deployments using any Azure client (PowerShell, CLI or templates), require an extra step to change this property.
  
-Follow the steps below to disable private link service network policies for a virtual network named *myVirtualNetwork* with a *default* subnet hosted in a resource group named *myResourceGroup*. 
+You can use the following to enable or disable the setting:
 
-## Using Azure PowerShell
-This section describes how to disable subnet private endpoint policies using Azure PowerShell.
-In the code, replace "default" with the name of the virtual subnet.
+* Azure PowerShell
 
-```azurepowershell
-$virtualSubnetName = "default"
-$virtualNetwork= Get-AzVirtualNetwork `
-  -Name "myVirtualNetwork" ` 
-  -ResourceGroupName "myResourceGroup"
-   
-($virtualNetwork | Select -ExpandProperty subnets | Where-Object  {$_.Name -eq $virtualSubnetName} ).privateLinkServiceNetworkPolicies = "Disabled"  
+* Azure CLI
+
+* Azure Resource Manager templates
  
-$virtualNetwork | Set-AzVirtualNetwork 
+The following examples describe how to enable and disable `privateLinkServiceNetworkPolicies` for a virtual network named **myVNet** with a **default** subnet of **10.1.0.0/24** hosted in a resource group named **myResourceGroup**.
+
+# [**PowerShell**](#tab/private-link-network-policy-powershell)
+
+This section describes how to disable subnet private endpoint policies using Azure PowerShell. In the following code, replace "default" with the name of your virtual subnet.
+
+```azurepowershell
+$subnet = 'default'
+
+$net = @{
+    Name = 'myVNet'
+    ResourceGroupName = 'myResourceGroup'
+}
+$vnet = Get-AzVirtualNetwork @net
+
+($vnet | Select -ExpandProperty subnets | Where-Object {$_.Name -eq $subnet}).privateLinkServiceNetworkPolicies = "Disabled"
+
+$vnet | Set-AzVirtualNetwork
 ```
-## Using Azure CLI
+
+# [**CLI**](#tab/private-link-network-policy-cli)
+
 This section describes how to disable subnet private endpoint policies using Azure CLI.
+
 ```azurecli
 az network vnet subnet update \ 
-  --name default \ 
-  --resource-group myResourceGroup \ 
-  --vnet-name myVirtualNetwork \ 
-  --disable-private-link-service-network-policies true 
+    --name default \ 
+    --resource-group myResourceGroup \ 
+    --vnet-name myVNet \ 
+    --disable-private-link-service-network-policies true 
 ```
-## Using a template
+
+# [**JSON**](#tab/private-link-network-policy-json)
+
 This section describes how to disable subnet private endpoint policies using Azure Resource Manager Template.
 ```json
 { 
-    "name": "myVirtualNetwork", 
+    "name": "myVNet", 
     "type": "Microsoft.Network/virtualNetworks", 
     "apiVersion": "2019-04-01", 
     "location": "WestUS", 
     "properties": { 
         "addressSpace": { 
             "addressPrefixes": [ 
-                "10.0.0.0/16" 
+                "10.1.0.0/16" 
              ] 
         }, 
         "subnets": [ 
                { 
                  "name": "default", 
                  "properties": { 
-                        "addressPrefix": "10.0.0.0/24", 
+                        "addressPrefix": "10.1.0.0/24", 
                         "privateLinkServiceNetworkPolicies": "Disabled" 
                     } 
                 } 
@@ -69,6 +85,10 @@ This section describes how to disable subnet private endpoint policies using Azu
 } 
  
 ```
+
+---
+
 ## Next steps
+
 - Learn more about [Azure Private Endpoint](private-endpoint-overview.md)
  
