MicrosoftDocs
diff --git a/‎articles/azure-subscription-service-limits.md
Lines changed: 5 additions & 1 deletion b/‎articles/azure-subscription-service-limits.md
Lines changed: 5 additions & 1 deletion
diff --git a/‎articles/index.md
Lines changed: 25 additions & 0 deletions b/‎articles/index.md
Lines changed: 25 additions & 0 deletions
diff --git a/‎articles/media/index/private-link.svg
Lines changed: 25 additions & 0 deletions b/‎articles/media/index/private-link.svg
Lines changed: 25 additions & 0 deletions
diff --git a/‎articles/private-link/create-private-endpoint-cli.md
Lines changed: 181 additions & 0 deletions b/‎articles/private-link/create-private-endpoint-cli.md
Lines changed: 181 additions & 0 deletions
@@ -84,8 +84,9 @@ In the following list of limits, a new table reflects any differences in limits
   * [Azure Firewall](#azure-firewall-limits)
   * [ExpressRoute](#expressroute-limits)
   * [Load Balancer](#load-balancer)
-  * [Public IP address](#publicip-address)
   * [Network Watcher](#network-watcher-limits)
+  * [Public IP address](#publicip-address)
+  * [Private Link](#private-link-limits)
   * [Traffic Manager](#traffic-manager-limits)
   * [Virtual Network](#networking-limits)
 * [Notification Hubs](#notification-hubs-limits)
@@ -164,6 +165,9 @@ The following table applies to v1, v2, Standard, and WAF SKUs unless otherwise s
 #### Network Watcher limits
 [!INCLUDE [network-watcher-limits](../includes/network-watcher-limits.md)]
 
+#### Private Link limits
+[!INCLUDE [private-link-limits](../includes/private-link-limits.md)]
+
 #### Traffic Manager limits
 [!INCLUDE [traffic-manager-limits](../includes/traffic-manager-limits.md)]
 
 
@@ -1655,6 +1655,12 @@ featureFlags:
                                                 <p>Azure Bastion</p>
                                             </a>
                                         </li>
+                                        <li>
+                                            <a href="https://go.microsoft.com/fwlink/?linkid=2097091">
+                                                <img src="media/index/private-link.svg" alt="" />
+                                                <p>Azure Private Link</p>
+                                            </a>
+                                        </li>
                                     </ul>
                                     <h3>Security</h3>
                                     <ul>
@@ -5550,6 +5556,25 @@ featureFlags:
                                     </div>
                                 </a>
                             </li>
+                            <li>
+                                <a href="https://go.microsoft.com/fwlink/?linkid=2097091">
+                                    <div class="cardSize">
+                                        <div class="cardPadding">
+                                            <div class="card">
+                                                <div class="cardImageOuter">
+                                                    <div class="cardImage">
+                                                        <img src="media/index/private-link.svg" alt="" />
+                                                    </div>
+                                                </div>
+                                                <div class="cardText">
+                                                    <h3>Azure Private Link</h3>
+                                                    <p>Privately access services hosted on the Azure platform, keeping your data within the Microsoft network</p>
+                                                </div>
+                                            </div>
+                                        </div>
+                                    </div>
+                                </a>
+                            </li>
                         </ul>
                     </li>
                     <li>
 
@@ -0,0 +1,181 @@
+---
+title: 'Create an Azure private endpoint using Azure CLI| Microsoft Docs'
+description: Learn about Azure private endpoint
+services: virtual-network
+author: KumudD
+ms.service: virtual-network
+ms.topic: article
+ms.date: 09/16/2019
+ms.author: kumud
+
+---
+# Create a private endpoint using Azure CLI
+Private Endpoint is the fundamental building block for Private Link in Azure. It enables Azure resources, like virtual machines (VMs), to communicate privately with Private Link Resources. In this Quickstart, you will learn how to create a VM on a virtual network, a SQL Database Server with a Private Endpoint using Azure CLI. Then, you can access the VM to and securely access the private link resource (a private Azure SQL Database server in this example). 
+
+[!INCLUDE [cloud-shell-try-it.md](../../includes/cloud-shell-try-it.md)]
+
+If you decide to install and use Azure CLI locally instead, this quickstart requires you to use Azure CLI version 2.0.28 or later. To find your installed version, run `az --version`. See [Install Azure CLI](/cli/azure/install-azure-cli) for install or upgrade info.
+
+## Create a resource group
+
+Before you can create any resource, you have to create a resource group to host the Virtual Network. Create a resource group with [az group create](/cli/azure/group). This example creates a resource group named *myResourceGroup* in the *westcentralus* location:
+
+```azurecli-interactive
+az group create --name myResourceGroup --location westcentralus
+```
+
+## Create a Virtual Network
+Create a Virtual Network with [az network vnet create](/cli/azure/network/vnet). This example creates a default Virtual Network named *myVirtualNetwork* with one subnet named *mySubnet*:
+
+```azurecli-interactive
+az network vnet create \
+ --name myVirtualNetwork \
+ --resource-group myResourceGroup \
+ --subnet-name mySubnet
+```
+## Disable subnet private endpoint policies 
+Azure deploys resources to a subnet within a virtual network, so you need to create or update the subnet to disable private endpoint network policies. Update a subnet configuration named *mySubnet** with [az network vnet subnet update](https://docs.microsoft.com/cli/azure/network/vnet/subnet?view=azure-cli-latest#az-network-vnet-subnet-update):
+
+```azurecli-interactive
+az network vnet subnet update \
+ --name mySubnet \
+ --resource-group myResourceGroup \
+ --vnet-name myVirtualNetwork \
+ --disable-private-endpoint-network-policies true
+```
+## Create the VM 
+Create a VM with az vm create. When prompted, provide a password to be used as the sign-in credentials for the VM. This example creates a VM named *myVm*: 
+```azurecli-interactive
+az vm create \
+  --resource-group myResourceGroup \
+  --name myVm \
+  --image Win2019Datacenter
+```
+ Note the public IP address of the VM. You will use this address to connect to the VM from the internet in the next step.
+
+## Create a SQL Database Server 
+Create a SQL Database Server with the az sql server create command. Remember that the name of your SQL Server must be unique across Azure, so replace the placeholder value in brackets with your own unique value: 
+
+```azurecli-interactive
+# Create a logical server in the resource group 
+az sql server create \ 
+    --name "myserver"\ 
+    --resource-group myResourceGroup \ 
+    --location WestUS \ 
+    --admin-user "sqladmin" \ 
+    --admin-password "CHANGE_PASSWORD_1" 
+ 
+# Create a database in the server with zone redundancy as false 
+az sql db create \ 
+    --resource-group myResourceGroup  \ 
+    --server myserver \ 
+    --name mySampleDatabase \ 
+    --sample-name AdventureWorksLT \ 
+    --edition GeneralPurpose \ 
+    --family Gen4 \ 
+    --capacity 1 
+```
+
+Note the SQL Server ID is similar to ```/subscriptions/subscriptionId/resourceGroups/myResourceGroup/providers/Microsoft.Sql/servers/myserver.``` 
+You will use the SQL Server ID in the next step. 
+
+## Create the Private Endpoint 
+Create a private endpoint for the SQL Database server in your Virtual Network: 
+```azurecli-interactive
+az network private-endpoint create \  
+    --name myPrivateEndpoint \  
+    --resource-group myResourceGroup \  
+    --vnet-name myVirtualNetwork  \  
+    --subnet mySubnet \  
+    --private-connection-resource-id "<SQL Server ID>" \  
+    --group-ids sqlServer \  
+    --connection-name myConnection  
+ ```
+## Configure the Private DNS Zone 
+Create a Private DNS Zone for SQL Database server domain and create an association link with the Virtual Network. 
+```azurecli-interactive
+az network private-dns zone create --resource-group myResourceGroup \ 
+   --name  "privatelink.database.windows.net" 
+az network private-dns link vnet create --resource-group myResourceGroup \ 
+   --zone-name  "privatelink.database.windows.net"\ 
+   --name MyDNSLink \ 
+   --virtual-network myVirtualNetwork \ 
+   --registration-enabled false 
+
+#Query for the network interface ID  
+az network private-endpoint show --name myPrivateEndpoint --resource-group myResourceGroup --query 'networkInterfaces[0].id'
+ 
+ 
+az resource show --ids $networkInterfaceId --api-version 2019-04-01 -o json 
+# Copy the content for privateIPAddress and FQDN matching the SQL server name 
+ 
+ 
+#Create DNS records 
+az network private-dns record-set a create --name myserver --zone-name privatelink.database.windows.net --resource-group myResourceGroup  
+az network private-dns record-set a add-record --record-set-name myserver --zone-name privatelink.database.windows.net --resource-group myResourceGroup -a <Private IP Address>
+```
+
+## Connect to a VM from the internet
+
+Connect to the VM *myVm* from the internet as follows:
+
+1. In the portal's search bar, enter *myVm*.
+
+1. Select the **Connect** button. After selecting the **Connect** button, **Connect to virtual machine** opens.
+
+1. Select **Download RDP File**. Azure creates a Remote Desktop Protocol (*.rdp*) file and downloads it to your computer.
+
+1. Open the downloaded.rdp* file.
+
+    1. If prompted, select **Connect**.
+
+    1. Enter the username and password you specified when creating the VM.
+
+        > [!NOTE]
+        > You may need to select **More choices** > **Use a different account**, to specify the credentials you entered when you created the VM.
+
+1. Select **OK**.
+
+1. You may receive a certificate warning during the sign-in process. If you receive a certificate warning, select **Yes** or **Continue**.
+
+1. Once the VM desktop appears, minimize it to go back to your local desktop.  
+
+## Access DQL Database Server privately from the VM
+
+In this section, you will connect to the SQL Database Server from the VM using the Private Endpoint.
+
+ 1. In the Remote Desktop of *myVM*, open PowerShell.
+ 2. Enter nslookup myserver.database.windows.net 
+      You'll receive a message similar to this: 
+
+```
+      Server:  UnKnown 
+      Address:  168.63.129.16 
+      Non-authoritative answer: 
+      Name:    myserver.privatelink.database.windows.net 
+      Address:  10.0.0.5 
+      Aliases:  myserver.database.windows.net 
+```
+ 3. Install SQL Server Management Studio 
+ 4. In Connect to server, enter or select this information: 
+ Server type: Select Database Engine.
+ Server name: Select myserver.database.windows.net
+ Username: Enter a username provided during creation.
+ Password: Enter a password provided during creation.
+ Remember password: Select Yes.
+ 
+ 5. Select **Connect**.
+ 6. Browse **Databases** from left menu.
+ 7. (Optionally) Create or query information from *mydatabase*
+ 8. Close the remote desktop connection to *myVm*.
+
+## Clean up resources 
+When no longer needed, you can use az group delete to remove the resource group and all the resources it has: 
+
+```azurecli-interactive
+az group delete --name myResourceGroup --yes 
+```
+
+## Next steps
+- Learn more about [Azure Private Link](private-link-overview.md)
+