Merge pull request #226887 from Danzhang-msft/patch-8

Update how-to-connect-to-workspace-from-restricted-network.md

Author: prmerger-automator[bot]

articles/synapse-analytics/security/how-to-connect-to-workspace-from-restricted-network.md

@@ -6,7 +6,7 @@ ms.author: danzhang
 ms.service: synapse-analytics 
 ms.topic: how-to
 ms.subservice: security 
-ms.date: 02/15/2022
+ms.date: 02/09/2023
 ms.reviewer: sngun
 ---
 
@@ -111,6 +111,24 @@ After you create this endpoint, the approval state shows a status of **Pending**
 
 Now, all set. You can access your Azure Synapse Analytics Studio workspace resource.
 
+## Step 6: Allow URL through firewall
+
+Following URLs must be accessible from client browser after enabling Azure Synapse private link hub. 
+
+Required for auth: 
+ - `login.microsoftonline.com`
+ - `aadcdn.msauth.net`
+ - `msauth.net`
+ - `msftauth.net`
+ - `graph.microsoft.com`
+ - `login.live.com`, though this may be different based on account type.
+ 
+Required for workspace/pool management: 
+ - `management.azure.com`
+ - `{workspaceName}.[dev|sql].azuresynapse.net`
+ - `{workspaceName}-ondemand.sql.azuresynapse.net`
+
+
 ## Appendix: DNS registration for private endpoint
 
 If the "Integrate with private DNS zone" is not enabled during the private endpoint creation as screenshot below, you must create the "**Private DNS zone**" for each of your private endpoints.

articles/synapse-analytics/security/synapse-private-link-hubs.md

@@ -22,7 +22,9 @@ There are two steps to connect to Synapse Studio using private links. First, you
 ## Azure Private Links Hubs and Azure Synapse Studio
 You can use a single Azure Synapse private link hub resource to privately connect to all your Azure Synapse Analytics workspaces using Azure Synapse Studio. The workspaces do not have to be in the same region as the Azure Synapse Private link hub. The Azure Synapse Private link hub resource can also be used for connections to Synapse workspaces in different subscriptions or Azure AD tenants.
 
-You can create your private link hub by searching for *Synapse private link hubs* in the Azure portal and selecting **Azure Synapse Analytics (private link hubs)** from Services. Follow the steps in the guide for how to [connect to workspace resources from a restricted network](./how-to-connect-to-workspace-from-restricted-network.md) for details.
+You can create your private link hub by searching for *Synapse private link hubs* in the Azure portal and selecting **Azure Synapse Analytics (private link hubs)** from Services. Follow the steps in the guide for how to [connect to workspace resources from a restricted network](./how-to-connect-to-workspace-from-restricted-network.md) for details. Certain URLs must be accessible from the client browser after enabling Azure Synapse private link hub. For more information, see [Connect to workspace resources from a restricted network](how-to-connect-to-workspace-from-restricted-network.md).
+
+
 
 >[!NOTE]
 >Private link hubs are intended for securely loading the static content Synapse Studio over private links. You must create **separate, private endpoints** to the  resources you wish to connect to within the workspace, such as provisioned/dedicated SQL pools, or Spark pools.