{"id":"1f9b971f-9425-469c-88a8-511bad1bd5c0","shortId":"aDCHXG","kind":"skill","title":"azure-private-link","tagline":"Expert knowledge for Azure Private Link development including best practices, decision making, architecture & design patterns, limits & quotas, security, and configuration. Use when configuring Private Endpoints, DNS/Private Resolver, High Scale limits, NSP migrations, or Azure F","description":"# Azure Private Link Skill\n\nThis skill provides expert guidance for Azure Private Link. Covers best practices, decision making, architecture & design patterns, limits & quotas, security, and configuration. It combines local quick-reference content with remote documentation fetching capabilities.\n\n## How to Use This Skill\n\n> **IMPORTANT for Agent**: Use the **Category Index** below to locate relevant sections. For categories with line ranges (e.g., `L35-L120`), use `read_file` with the specified lines. For categories with file links (e.g., `[security.md](security.md)`), use `read_file` on the linked reference file\n\n> **IMPORTANT for Agent**: If `metadata.generated_at` is more than 3 months old, suggest the user pull the latest version from the repository. If `mcp_microsoftdocs` tools are not available, suggest the user install it: [Installation Guide](https://github.com/MicrosoftDocs/mcp/blob/main/README.md)\n\nThis skill requires **network access** to fetch documentation content:\n- **Preferred**: Use `mcp_microsoftdocs:microsoft_docs_fetch` with query string `from=learn-agent-skill`. Returns Markdown.\n- **Fallback**: Use `fetch_webpage` with query string `from=learn-agent-skill&accept=text/markdown`. Returns Markdown.\n\n## Category Index\n\n| Category | Lines | Description |\n|----------|-------|-------------|\n| Best Practices | L34-L38 | DNS design and configuration guidance for private endpoints, including zone setup, name resolution patterns, split-horizon DNS, and avoiding common DNS misconfigurations with Private Link |\n| Decision Making | L39-L44 | Guidance on planning/migrating to Network Security Perimeter and designing Azure Private Link architectures optimized for security, segmentation, and cost. |\n| Architecture & Design Patterns | L45-L49 | Designing DNS architectures for Private Endpoints using Azure Private Resolver, including name resolution patterns, forwarding rules, and integration with on-premises or hybrid networks |\n| Limits & Quotas | L50-L55 | Info on Private Link service availability per resource type and how to raise per‑VNet Private Endpoint limits using High Scale configuration |\n| Security | L56-L62 | RBAC setup for Private Link/Endpoint and Network Security Perimeter operations, plus inspecting and controlling Private Endpoint traffic with Azure Firewall. |\n| Configuration | L63-L74 | Configuring Private Link/endpoint behavior: subnet and service policies, DNS names, SNAT bypass, NSPs, diagnostics, monitoring data, and endpoint property management. |\n\n### Best Practices\n| Topic | URL |\n|-------|-----|\n| Apply DNS integration best practices for Azure Private Endpoints | https://learn.microsoft.com/en-us/azure/private-link/private-endpoint-dns-integration |\n\n### Decision Making\n| Topic | URL |\n|-------|-----|\n| Plan and transition Azure resources to Network Security Perimeter | https://learn.microsoft.com/en-us/azure/private-link/network-security-perimeter-transition |\n| Optimize Azure Private Link design for cost and security | https://learn.microsoft.com/en-us/azure/private-link/private-link-cost-optimization |\n\n### Architecture & Design Patterns\n| Topic | URL |\n|-------|-----|\n| Design DNS infrastructure for Private Endpoints with Azure Private Resolver | https://learn.microsoft.com/en-us/azure/private-link/tutorial-dns-on-premises-private-resolver |\n\n### Limits & Quotas\n| Topic | URL |\n|-------|-----|\n| Check Azure Private Link service availability by resource | https://learn.microsoft.com/en-us/azure/private-link/availability |\n| Increase Azure Private Endpoint per‑VNet limits with High Scale | https://learn.microsoft.com/en-us/azure/private-link/increase-private-endpoint-vnet-limits |\n\n### Security\n| Topic | URL |\n|-------|-----|\n| Configure RBAC permissions for Azure Network Security Perimeter operations | https://learn.microsoft.com/en-us/azure/private-link/network-security-perimeter-role-based-access-control-requirements |\n| Assign Azure RBAC roles for Private Endpoint and Private Link deployment | https://learn.microsoft.com/en-us/azure/private-link/rbac-permissions |\n| Inspect and control Private Endpoint traffic using Azure Firewall | https://learn.microsoft.com/en-us/azure/private-link/tutorial-inspect-traffic-azure-firewall |\n\n### Configuration\n| Topic | URL |\n|-------|-----|\n| Configure Private Link service Direct Connect destinations | https://learn.microsoft.com/en-us/azure/private-link/configure-private-link-service-direct-connect |\n| Create and manage network security perimeters with Azure CLI | https://learn.microsoft.com/en-us/azure/private-link/create-network-security-perimeter-cli |\n| Configure subnet network policies for private endpoints | https://learn.microsoft.com/en-us/azure/private-link/disable-private-endpoint-network-policy |\n| Configure privateLinkServiceNetworkPolicies for Private Link | https://learn.microsoft.com/en-us/azure/private-link/disable-private-link-service-network-policy |\n| Configure and manage Azure Private Endpoint properties | https://learn.microsoft.com/en-us/azure/private-link/manage-private-endpoint |\n| Reference for Azure Private Link monitoring data | https://learn.microsoft.com/en-us/azure/private-link/monitor-private-link-reference |\n| Enable and store Network Security Perimeter diagnostic logs | https://learn.microsoft.com/en-us/azure/private-link/network-security-perimeter-diagnostic-logs |\n| Configure private DNS zone names for Azure Private Endpoints | https://learn.microsoft.com/en-us/azure/private-link/private-endpoint-dns |\n| Configure SNAT bypass tags for Private Endpoint traffic via NVA | https://learn.microsoft.com/en-us/azure/private-link/private-link-disable-snat |","tags":["azure","private","link","agent","skills","microsoftdocs","agent-skills","agentic-skills","agentskill","ai-agents","ai-coding","azure-functions"],"capabilities":["skill","source-microsoftdocs","skill-azure-private-link","topic-agent","topic-agent-skills","topic-agentic-skills","topic-agentskill","topic-ai-agents","topic-ai-coding","topic-azure","topic-azure-functions","topic-azure-kubernetes-service","topic-azure-openai","topic-azure-sql-database","topic-azure-storage"],"categories":["Agent-Skills"],"synonyms":[],"warnings":[],"endpointUrl":"https://skills.sh/MicrosoftDocs/Agent-Skills/azure-private-link","protocol":"skill","transport":"skills-sh","auth":{"type":"none","details":{"cli":"npx skills add MicrosoftDocs/Agent-Skills","source_repo":"https://github.com/MicrosoftDocs/Agent-Skills","install_from":"skills.sh"}},"qualityScore":"0.698","qualityRationale":"deterministic score 0.70 from registry signals: · indexed on github topic:agent-skills · 497 github stars · SKILL.md body (5,660 chars)","verified":false,"liveness":"unknown","lastLivenessCheck":null,"agentReviews":{"count":0,"score_avg":null,"cost_usd_avg":null,"success_rate":null,"latency_p50_ms":null,"narrative_summary":null,"summary_updated_at":null},"enrichmentModel":"deterministic:skill-github:v1","enrichmentVersion":1,"enrichedAt":"2026-04-22T00:53:35.956Z","embedding":null,"createdAt":"2026-04-18T21:59:50.393Z","updatedAt":"2026-04-22T00:53:35.956Z","lastSeenAt":"2026-04-22T00:53:35.956Z","tsv":"'/en-us/azure/private-link/availability':450 '/en-us/azure/private-link/configure-private-link-service-direct-connect':517 '/en-us/azure/private-link/create-network-security-perimeter-cli':529 '/en-us/azure/private-link/disable-private-endpoint-network-policy':539 '/en-us/azure/private-link/disable-private-link-service-network-policy':547 '/en-us/azure/private-link/increase-private-endpoint-vnet-limits':463 '/en-us/azure/private-link/manage-private-endpoint':557 '/en-us/azure/private-link/monitor-private-link-reference':567 '/en-us/azure/private-link/network-security-perimeter-diagnostic-logs':578 '/en-us/azure/private-link/network-security-perimeter-role-based-access-control-requirements':478 '/en-us/azure/private-link/network-security-perimeter-transition':405 '/en-us/azure/private-link/private-endpoint-dns':590 '/en-us/azure/private-link/private-endpoint-dns-integration':389 '/en-us/azure/private-link/private-link-cost-optimization':417 '/en-us/azure/private-link/private-link-disable-snat':603 '/en-us/azure/private-link/rbac-permissions':492 '/en-us/azure/private-link/tutorial-dns-on-premises-private-resolver':435 '/en-us/azure/private-link/tutorial-inspect-traffic-azure-firewall':504 '/microsoftdocs/mcp/blob/main/readme.md)':165 '3':136 'accept':204 'access':170 'agent':85,129,188,202 'appli':378 'architectur':17,58,261,268,276,418 'assign':479 'avail':155,309,445 'avoid':237 'azur':2,8,38,40,50,258,281,348,384,397,407,430,441,452,471,480,500,525,551,560,585 'azure-private-link':1 'behavior':357 'best':13,54,213,374,381 'bypass':365,593 'capabl':77 'categori':88,96,112,208,210 'check':440 'cli':526 'combin':67 'common':238 'configur':24,27,65,221,325,350,354,467,505,508,530,540,548,579,591 'connect':513 'content':72,174 'control':343,495 'cost':267,412 'cover':53 'creat':518 'data':369,564 'decis':15,56,244,390 'deploy':489 'descript':212 'design':18,59,219,257,269,274,410,419,423 'destin':514 'develop':11 'diagnost':367,574 'direct':512 'dns':218,235,239,275,362,379,424,581 'dns/private':30 'doc':180 'document':75,173 'e.g':100,116 'enabl':568 'endpoint':29,225,279,320,345,371,386,428,454,485,497,536,553,587,597 'expert':5,47 'f':39 'fallback':192 'fetch':76,172,181,194 'file':106,114,121,126 'firewal':349,501 'forward':288 'github.com':164 'github.com/microsoftdocs/mcp/blob/main/readme.md)':163 'guid':162 'guidanc':48,222,249 'high':32,323,459 'horizon':234 'hybrid':297 'import':83,127 'includ':12,226,284 'increas':451 'index':89,209 'info':304 'infrastructur':425 'inspect':341,493 'instal':159,161 'integr':291,380 'knowledg':6 'l120':103 'l34':216 'l34-l38':215 'l35':102 'l35-l120':101 'l38':217 'l39':247 'l39-l44':246 'l44':248 'l45':272 'l45-l49':271 'l49':273 'l50':302 'l50-l55':301 'l55':303 'l56':328 'l56-l62':327 'l62':329 'l63':352 'l63-l74':351 'l74':353 'latest':144 'learn':187,201 'learn-agent-skil':186,200 'learn.microsoft.com':388,404,416,434,449,462,477,491,503,516,528,538,546,556,566,577,589,602 'learn.microsoft.com/en-us/azure/private-link/availability':448 'learn.microsoft.com/en-us/azure/private-link/configure-private-link-service-direct-connect':515 'learn.microsoft.com/en-us/azure/private-link/create-network-security-perimeter-cli':527 'learn.microsoft.com/en-us/azure/private-link/disable-private-endpoint-network-policy':537 'learn.microsoft.com/en-us/azure/private-link/disable-private-link-service-network-policy':545 'learn.microsoft.com/en-us/azure/private-link/increase-private-endpoint-vnet-limits':461 'learn.microsoft.com/en-us/azure/private-link/manage-private-endpoint':555 'learn.microsoft.com/en-us/azure/private-link/monitor-private-link-reference':565 'learn.microsoft.com/en-us/azure/private-link/network-security-perimeter-diagnostic-logs':576 'learn.microsoft.com/en-us/azure/private-link/network-security-perimeter-role-based-access-control-requirements':476 'learn.microsoft.com/en-us/azure/private-link/network-security-perimeter-transition':403 'learn.microsoft.com/en-us/azure/private-link/private-endpoint-dns':588 'learn.microsoft.com/en-us/azure/private-link/private-endpoint-dns-integration':387 'learn.microsoft.com/en-us/azure/private-link/private-link-cost-optimization':415 'learn.microsoft.com/en-us/azure/private-link/private-link-disable-snat':601 'learn.microsoft.com/en-us/azure/private-link/rbac-permissions':490 'learn.microsoft.com/en-us/azure/private-link/tutorial-dns-on-premises-private-resolver':433 'learn.microsoft.com/en-us/azure/private-link/tutorial-inspect-traffic-azure-firewall':502 'limit':20,34,61,299,321,436,457 'line':98,110,211 'link':4,10,42,52,115,124,243,260,307,409,443,488,510,544,562 'link/endpoint':334,356 'local':68 'locat':92 'log':575 'make':16,57,245,391 'manag':373,520,550 'markdown':191,207 'mcp':150,177 'metadata.generated':131 'microsoft':179 'microsoftdoc':151,178 'migrat':36 'misconfigur':240 'monitor':368,563 'month':137 'name':229,285,363,583 'network':169,253,298,336,400,472,521,532,571 'nsp':35 'nsps':366 'nva':600 'old':138 'on-premis':293 'oper':339,475 'optim':262,406 'pattern':19,60,231,270,287,420 'per':310,317,455 'perimet':255,338,402,474,523,573 'permiss':469 'plan':394 'planning/migrating':251 'plus':340 'polici':361,533 'practic':14,55,214,375,382 'prefer':175 'premis':295 'privat':3,9,28,41,51,224,242,259,278,282,306,319,333,344,355,385,408,427,431,442,453,484,487,496,509,535,543,552,561,580,586,596 'privatelinkservicenetworkpolici':541 'properti':372,554 'provid':46 'pull':142 'queri':183,197 'quick':70 'quick-refer':69 'quota':21,62,300,437 'rais':316 'rang':99 'rbac':330,468,481 'read':105,120 'refer':71,125,558 'relev':93 'remot':74 'repositori':148 'requir':168 'resolut':230,286 'resolv':31,283,432 'resourc':311,398,447 'return':190,206 'role':482 'rule':289 'scale':33,324,460 'section':94 'secur':22,63,254,264,326,337,401,414,464,473,522,572 'security.md':117,118 'segment':265 'servic':308,360,444,511 'setup':228,331 'skill':43,45,82,167,189,203 'skill-azure-private-link' 'snat':364,592 'source-microsoftdocs' 'specifi':109 'split':233 'split-horizon':232 'store':570 'string':184,198 'subnet':358,531 'suggest':139,156 'tag':594 'text/markdown':205 'tool':152 'topic':376,392,421,438,465,506 'topic-agent' 'topic-agent-skills' 'topic-agentic-skills' 'topic-agentskill' 'topic-ai-agents' 'topic-ai-coding' 'topic-azure' 'topic-azure-functions' 'topic-azure-kubernetes-service' 'topic-azure-openai' 'topic-azure-sql-database' 'topic-azure-storage' 'traffic':346,498,598 'transit':396 'type':312 'url':377,393,422,439,466,507 'use':25,80,86,104,119,176,193,280,322,499 'user':141,158 'version':145 'via':599 'vnet':318,456 'webpag':195 'zone':227,582","prices":[{"id":"9ff6975e-79e9-45be-9ebb-8adc51f13754","listingId":"1f9b971f-9425-469c-88a8-511bad1bd5c0","amountUsd":"0","unit":"free","nativeCurrency":null,"nativeAmount":null,"chain":null,"payTo":null,"paymentMethod":"skill-free","isPrimary":true,"details":{"org":"MicrosoftDocs","category":"Agent-Skills","install_from":"skills.sh"},"createdAt":"2026-04-18T21:59:50.393Z"}],"sources":[{"listingId":"1f9b971f-9425-469c-88a8-511bad1bd5c0","source":"github","sourceId":"MicrosoftDocs/Agent-Skills/azure-private-link","sourceUrl":"https://github.com/MicrosoftDocs/Agent-Skills/tree/main/skills/azure-private-link","isPrimary":false,"firstSeenAt":"2026-04-18T21:59:50.393Z","lastSeenAt":"2026-04-22T00:53:35.956Z"}],"details":{"listingId":"1f9b971f-9425-469c-88a8-511bad1bd5c0","quickStartSnippet":null,"exampleRequest":null,"exampleResponse":null,"schema":null,"openapiUrl":null,"agentsTxtUrl":null,"citations":[],"useCases":[],"bestFor":[],"notFor":[],"kindDetails":{"org":"MicrosoftDocs","slug":"azure-private-link","github":{"repo":"MicrosoftDocs/Agent-Skills","stars":497,"topics":["agent","agent-skills","agentic-skills","agentskill","ai","ai-agents","ai-coding","azure","azure-functions","azure-kubernetes-service","azure-openai","azure-sql-database","azure-storage","azure-virtual-machine","claude-code","github-copilot","microsoft-learn","openai-codex","skills"],"license":"cc-by-4.0","html_url":"https://github.com/MicrosoftDocs/Agent-Skills","pushed_at":"2026-04-19T02:43:40Z","description":"Curated Agent Skills for Microsoft & Azure – giving AI coding assistants structured, real-time expertise from Microsoft Learn docs.","skill_md_sha":"79df5e2def557974a7008f77650165a001e782ba","skill_md_path":"skills/azure-private-link/SKILL.md","default_branch":"main","skill_tree_url":"https://github.com/MicrosoftDocs/Agent-Skills/tree/main/skills/azure-private-link"},"layout":"multi","source":"github","category":"Agent-Skills","frontmatter":{"name":"azure-private-link","description":"Expert knowledge for Azure Private Link development including best practices, decision making, architecture & design patterns, limits & quotas, security, and configuration. Use when configuring Private Endpoints, DNS/Private Resolver, High Scale limits, NSP migrations, or Azure Firewall traffic control, and other Azure Private Link related development tasks. Not for Azure Virtual Network (use azure-virtual-network), Azure VPN Gateway (use azure-vpn-gateway), Azure ExpressRoute (use azure-expressroute), Azure Virtual WAN (use azure-virtual-wan).","compatibility":"Requires network access. Uses mcp_microsoftdocs:microsoft_docs_fetch or fetch_webpage to retrieve documentation."},"skills_sh_url":"https://skills.sh/MicrosoftDocs/Agent-Skills/azure-private-link"},"updatedAt":"2026-04-22T00:53:35.956Z"}}