Marvin Buss

We are tracking this and will add support once this supports production workloads. For now, it will not be added. Docs are available here: https://docs.microsoft.com/en-us/azure/private-link/disable-private-endpoint-network-policy

@renepajta That is the reason why this PR was not merged. We probably have to work on some automation for this rather soon.

Thanks @baatch and @devlace. We are currently monitoring feedback and evaluate whether we should add this to the core setup. We will keep this issue open to track feedback.

Hi @MiguelElGallo, We already have a template that is referenced here: https://github.com/Azure/data-management-zone/blob/main/docs/guidance/DataManagementAnalytics-ConnectToEnvironmentsPrivately.md The question is whether we should add Bastion to the default Data Landing Zone deployment.

Hi @MiguelElGallo, Have you changed anything on the network/firewall setup? We have whitelisted `*azure.com` in the firewall in order to allow you browsing to the [Azure Portal](https://portal.azure.com/). What URL are...

`dl2202-dev-product-synapse001.privatelink.dev.azuresynapse.net` is just the API endpoint. You won't be able to do a "GET" on this endpoint. The URL should look like this: `https://web.azuresynapse.net/en-us/home?...`

Can you run nslookup for the Synapse endpoints and check whether it resolves to the public IP or the private IP of the private endpoint? e.g. `nslookup dl2202-dev-product-synapse001.privatelink.dev.azuresynapse.net` This will...

To which vnet are the Private DNS Zones linked? Is there a DNS forwarder/Azure Firewall hosted in that vnet?

That is fine. Question is: Does your platform team provide any Private DNS Zones that you can use or do you have to create your own ones? Can you please...

Thanks for the feedback @MiguelElGallo. General guidance is to create a central DNS infrastructure for private endpoints inside an organizational tenant. Otherwise you or your organization will run into a...