Merge pull request #203805 from tejaswikolli-web/14731990

userstory-14731990

Author: PRMerger16

articles/container-registry/container-registry-private-link.md

@@ -2,7 +2,8 @@
 title: Set up private endpoint with private link
 description: Set up a private endpoint on a container registry and enable access over a private link in a local virtual network. Private link access is a feature of the Premium service tier.
 ms.topic: article
-ms.date: 10/26/2021
+ms.date: 7/26/2022
+ms.author: tejaswikolli
 ---
 
 # Connect privately to an Azure container registry using Azure Private Link
@@ -318,7 +319,6 @@ For many scenarios, disable registry access from public networks. This configura
 
 ### Disable public access - CLI
 
-
 > [!NOTE]
 >If the public access is disabled, the `az acr build` commands will no longer work.
 
@@ -338,6 +338,16 @@ Consider the following options to execute the `az acr build` successfully.
 2. If agent pool is not available in the region, add the regional [Azure Container Registry Service Tag IPv4](../virtual-network/service-tags-overview.md#use-the-service-tag-discovery-api) to the [firewall access rules.](./container-registry-firewall-access-rules.md#allow-access-by-ip-address-range)
 3. Create an ACR task with a managed identity, and enable trusted services to [access network restricted ACR.](./allow-access-trusted-services.md#example-acr-tasks)
 
+## Disable access to a container registry using a service endpoint 
+
+> [!IMPORTANT]
+> The container registry does not support enabling both private link and service endpoint features configured from a virtual network.
+
+Once the registry has public access disabled and private link configured, you can disable the service endpoint access to a container registry from a virtual network by [removing virtual network rules.](container-registry-vnet.md#remove-network-rules)
+
+* Run [`az acr network-rule list`](/cli/azure/acr/network-rule#az-acr-network-rule-list) command to list the existing network rules.
+* Run [`az acr network-rule remove`](/cli/azure/acr/network-rule#az-acr-network-rule-remove) command to remove the network rule. 
+
 ## Validate private link connection
 
 You should validate that the resources within the subnet of the private endpoint connect to your registry over a private IP address, and have the correct private DNS zone integration.

articles/container-registry/container-registry-vnet.md

@@ -3,6 +3,7 @@ title: Restrict access using a service endpoint
 description: Restrict access to an Azure container registry using a service endpoint in an Azure virtual network. Service endpoint access is a feature of the Premium service tier.
 ms.topic: article
 ms.date: 05/04/2020
+ms.author: tejaswikolli
 ---
 
 # Restrict access to a container registry using a service endpoint in an Azure virtual network
@@ -15,6 +16,7 @@ Each registry supports a maximum of 100 virtual network rules.
 
 > [!IMPORTANT]
 > Azure Container Registry now supports [Azure Private Link](container-registry-private-link.md), enabling private endpoints from a virtual network to be placed on a registry. Private endpoints are accessible from within the virtual network, using private IP addresses. We recommend using private endpoints instead of service endpoints in most network scenarios.
+> The container registry does not support enabling both private link and service endpoint features configured from a virtual network. So, we recommend running the list and removing the [network rules](container-registry-vnet.md#remove-network-rules) as required. 
 
 Configuring a registry service endpoint is available in the **Premium** container registry service tier. For information about registry service tiers and limits, see [Azure Container Registry service tiers](container-registry-skus.md).