github 94707 clarification.

Author: tejaswikolli-web

includes/container-registry-scanning-limitation.md

@@ -15,5 +15,6 @@ ms.custom: include file
 > Some functionality may be unavailable or require more configuration in a container registry that restricts access to private endpoints, selected subnets, or IP addresses.
 >
 > * When public network access to a registry is disabled, registry access by certain [trusted services](../articles/container-registry/allow-access-trusted-services.md) including Azure Security Center requires enabling a network setting to bypass the network rules.
-> * Instances of certain Azure services including Azure DevOps Services are currently unable to access the container registry.
+> * Once the public network access is disabled, Instances of certain Azure services including Azure DevOps Services are currently unable to access the container registry. 
+> * Private endpoints are not currently supported with self-hosted agents on Azure DevOps, including standalone VMs, VMSS or function apps in user VNETs. Managed agents cannot be linked to a user VNET, therefore they cannot access a registry over the private endpoint.  
 > * If the registry has an approved private endpoint and public network access is disabled, repositories and tags can't be listed outside the virtual network using the Azure portal, Azure CLI, or other tools.