Merge pull request #264576 from tejaswikolli-web/publicupdate

prmerger-automator[bot] · web-flow · commit 9a5165f27d0b · 2024-02-08T21:02:42.000Z
update on public IP's
diff --git a/articles/container-registry/container-registry-private-link.md b/articles/container-registry/container-registry-private-link.md
@@ -336,13 +336,15 @@ az acr update --name $REGISTRY_NAME --public-network-enabled false
 
 ## Execute the `az acr build` with private endpoint and private registry
 
-Consider the following options to execute the `az acr build` successfully.
 > [!NOTE]
 > Once you disable public network [access here](#disable-public-access), then `az acr build` commands will no longer work.
+> Unless you are utilizing dedicated agent pools, it's typically require the public IP's. Tasks reserve a set of public IPs in each region for outbound requests. If needed, we have the option to add these IPs to our firewall's allowed list for seamless communication.`az acr build` command uses the same set of IPs as the tasks.
+
+Consider the following options to execute the `az acr build` successfully.
 
-1. Assign a [dedicated agent pool.](./tasks-agent-pools.md) 
-2. If agent pool is not available in the region, add the regional [Azure Container Registry Service Tag IPv4](../virtual-network/service-tags-overview.md#use-the-service-tag-discovery-api) to the [firewall access rules.](./container-registry-firewall-access-rules.md#allow-access-by-ip-address-range)
-3. Create an ACR task with a managed identity, and enable trusted services to [access network restricted ACR.](./allow-access-trusted-services.md#example-acr-tasks)
+* Assign a [dedicated agent pool.](./tasks-agent-pools.md) 
+* If agent pool is not available in the region, add the regional [Azure Container Registry Service Tag IPv4](../virtual-network/service-tags-overview.md#use-the-service-tag-discovery-api) to the [firewall access rules.](./container-registry-firewall-access-rules.md#allow-access-by-ip-address-range). Tasks reserve a set of public IPs in each region (a.k.a. AzureContainerRegistry Service Tag) for outbound requests. You can choose to add the IPs in the firewall allowed list.
+* Create an ACR task with a managed identity, and enable trusted services to [access network restricted ACR.](./allow-access-trusted-services.md#example-acr-tasks)
 
 ## Disable access to a container registry using a service endpoint 
 
