{"id":"1f9b971f-9425-469c-88a8-511bad1bd5c0","shortId":"aDCHXG","kind":"skill","title":"azure-private-link","tagline":"Expert knowledge for Azure Private Link development including best practices, decision making, architecture & design patterns, limits & quotas, security, and configuration. Use when configuring Private Endpoints, DNS/Private Resolver, High Scale limits, Azure Firewall inspection,","description":"# Azure Private Link Skill\n\nThis skill provides expert guidance for Azure Private Link. Covers best practices, decision making, architecture & design patterns, limits & quotas, security, and configuration. It combines local quick-reference content with remote documentation fetching capabilities.\n\n## How to Use This Skill\n\n> **IMPORTANT for Agent**: Use the **Category Index** below to locate relevant sections. For categories with line ranges (e.g., `L35-L120`), use `read_file` with the specified lines. For categories with file links (e.g., `[security.md](security.md)`), use `read_file` on the linked reference file\n\n> **IMPORTANT for Agent**: If `metadata.generated_at` is more than 3 months old, suggest the user pull the latest version from the repository. If `mcp_microsoftdocs` tools are not available, suggest the user install it: [Installation Guide](https://github.com/MicrosoftDocs/mcp/blob/main/README.md)\n\nThis skill requires **network access** to fetch documentation content:\n- **Preferred**: Use `mcp_microsoftdocs:microsoft_docs_fetch` with query string `from=learn-agent-skill`. Returns Markdown.\n- **Fallback**: Use `fetch_webpage` with query string `from=learn-agent-skill&accept=text/markdown`. Returns Markdown.\n\n## Category Index\n\n| Category | Lines | Description |\n|----------|-------|-------------|\n| Best Practices | L34-L38 | DNS design and configuration guidance for private endpoints, including zone setup, name resolution patterns, split-horizon DNS, and avoiding common DNS misconfigurations with Private Link |\n| Decision Making | L39-L44 | Guidance on choosing perimeter access modes and designing Azure Private Link setups, focusing on security tradeoffs, cost optimization, and migration/transition considerations. |\n| Architecture & Design Patterns | L45-L49 | Designing DNS architectures for Private Endpoints using Azure Private Resolver, including name resolution patterns, forwarding rules, and integration with on-premises or hybrid networks |\n| Limits & Quotas | L50-L55 | Info on Private Link service availability per resource type and how to raise per‑VNet Private Endpoint limits using High Scale configuration |\n| Security | L56-L62 | RBAC setup for Private Link/Endpoint and Network Security Perimeter operations, plus inspecting and controlling Private Endpoint traffic with Azure Firewall. |\n| Configuration | L63-L74 | Configuring and managing Private Endpoints/Link services, DNS, SNAT, NSGs, network security perimeters, and monitoring/logging settings for Azure Private Link traffic. |\n\n### Best Practices\n| Topic | URL |\n|-------|-----|\n| Apply DNS integration best practices for Azure Private Endpoints | https://learn.microsoft.com/en-us/azure/private-link/private-endpoint-dns-integration |\n\n### Decision Making\n| Topic | URL |\n|-------|-----|\n| Choose and transition Azure network security perimeter access modes | https://learn.microsoft.com/en-us/azure/private-link/network-security-perimeter-transition |\n| Optimize Azure Private Link design for cost and security | https://learn.microsoft.com/en-us/azure/private-link/private-link-cost-optimization |\n\n### Architecture & Design Patterns\n| Topic | URL |\n|-------|-----|\n| Design DNS infrastructure for Private Endpoints with Azure Private Resolver | https://learn.microsoft.com/en-us/azure/private-link/tutorial-dns-on-premises-private-resolver |\n\n### Limits & Quotas\n| Topic | URL |\n|-------|-----|\n| Check Azure Private Link service availability by resource | https://learn.microsoft.com/en-us/azure/private-link/availability |\n| Increase Azure Private Endpoint per‑VNet limits with High Scale | https://learn.microsoft.com/en-us/azure/private-link/increase-private-endpoint-vnet-limits |\n\n### Security\n| Topic | URL |\n|-------|-----|\n| Configure RBAC permissions for Azure Network Security Perimeter operations | https://learn.microsoft.com/en-us/azure/private-link/network-security-perimeter-role-based-access-control-requirements |\n| Assign Azure RBAC roles for Private Endpoint and Private Link deployment | https://learn.microsoft.com/en-us/azure/private-link/rbac-permissions |\n| Inspect and control Private Endpoint traffic using Azure Firewall | https://learn.microsoft.com/en-us/azure/private-link/tutorial-inspect-traffic-azure-firewall |\n\n### Configuration\n| Topic | URL |\n|-------|-----|\n| Configure Private Link service Direct Connect destinations | https://learn.microsoft.com/en-us/azure/private-link/configure-private-link-service-direct-connect |\n| Create and manage network security perimeters with Azure CLI | https://learn.microsoft.com/en-us/azure/private-link/create-network-security-perimeter-cli |\n| Configure subnet network policies for private endpoints | https://learn.microsoft.com/en-us/azure/private-link/disable-private-endpoint-network-policy |\n| Configure privateLinkServiceNetworkPolicies for Private Link | https://learn.microsoft.com/en-us/azure/private-link/disable-private-link-service-network-policy |\n| Configure and manage Azure Private Endpoint properties | https://learn.microsoft.com/en-us/azure/private-link/manage-private-endpoint |\n| Reference for Azure Private Link monitoring data | https://learn.microsoft.com/en-us/azure/private-link/monitor-private-link-reference |\n| Enable and store Network Security Perimeter diagnostic logs | https://learn.microsoft.com/en-us/azure/private-link/network-security-perimeter-diagnostic-logs |\n| Configure private DNS zone records for Azure Private Endpoints | https://learn.microsoft.com/en-us/azure/private-link/private-endpoint-dns |\n| Configure SNAT bypass tags for Private Endpoint traffic via NVA | https://learn.microsoft.com/en-us/azure/private-link/private-link-disable-snat |","tags":["azure","private","link","agent","skills","microsoftdocs","agent-skills","agentic-skills","agentskill","ai-agents","ai-coding","azure-functions"],"capabilities":["skill","source-microsoftdocs","skill-azure-private-link","topic-agent","topic-agent-skills","topic-agentic-skills","topic-agentskill","topic-ai-agents","topic-ai-coding","topic-azure","topic-azure-functions","topic-azure-kubernetes-service","topic-azure-openai","topic-azure-sql-database","topic-azure-storage"],"categories":["Agent-Skills"],"synonyms":[],"warnings":[],"endpointUrl":"https://skills.sh/MicrosoftDocs/Agent-Skills/azure-private-link","protocol":"skill","transport":"skills-sh","auth":{"type":"none","details":{"cli":"npx skills add MicrosoftDocs/Agent-Skills","source_repo":"https://github.com/MicrosoftDocs/Agent-Skills","install_from":"skills.sh"}},"qualityScore":"0.700","qualityRationale":"deterministic score 0.70 from registry signals: · indexed on github topic:agent-skills · 549 github stars · SKILL.md body (5,686 chars)","verified":false,"liveness":"unknown","lastLivenessCheck":null,"agentReviews":{"count":0,"score_avg":null,"cost_usd_avg":null,"success_rate":null,"latency_p50_ms":null,"narrative_summary":null,"summary_updated_at":null},"enrichmentModel":"deterministic:skill-github:v1","enrichmentVersion":1,"enrichedAt":"2026-05-18T18:53:57.788Z","embedding":null,"createdAt":"2026-04-18T21:59:50.393Z","updatedAt":"2026-05-18T18:53:57.788Z","lastSeenAt":"2026-05-18T18:53:57.788Z","tsv":"'/en-us/azure/private-link/availability':450 '/en-us/azure/private-link/configure-private-link-service-direct-connect':517 '/en-us/azure/private-link/create-network-security-perimeter-cli':529 '/en-us/azure/private-link/disable-private-endpoint-network-policy':539 '/en-us/azure/private-link/disable-private-link-service-network-policy':547 '/en-us/azure/private-link/increase-private-endpoint-vnet-limits':463 '/en-us/azure/private-link/manage-private-endpoint':557 '/en-us/azure/private-link/monitor-private-link-reference':567 '/en-us/azure/private-link/network-security-perimeter-diagnostic-logs':578 '/en-us/azure/private-link/network-security-perimeter-role-based-access-control-requirements':478 '/en-us/azure/private-link/network-security-perimeter-transition':405 '/en-us/azure/private-link/private-endpoint-dns':590 '/en-us/azure/private-link/private-endpoint-dns-integration':389 '/en-us/azure/private-link/private-link-cost-optimization':417 '/en-us/azure/private-link/private-link-disable-snat':603 '/en-us/azure/private-link/rbac-permissions':492 '/en-us/azure/private-link/tutorial-dns-on-premises-private-resolver':435 '/en-us/azure/private-link/tutorial-inspect-traffic-azure-firewall':504 '/microsoftdocs/mcp/blob/main/readme.md)':163 '3':134 'accept':202 'access':168,251,401 'agent':83,127,186,200 'appli':378 'architectur':17,56,268,276,418 'assign':479 'avail':153,309,445 'avoid':235 'azur':2,8,35,38,48,255,281,348,370,384,397,407,430,441,452,471,480,500,525,551,560,585 'azure-private-link':1 'best':13,52,211,374,381 'bypass':593 'capabl':75 'categori':86,94,110,206,208 'check':440 'choos':249,394 'cli':526 'combin':65 'common':236 'configur':24,27,63,219,325,350,354,467,505,508,530,540,548,579,591 'connect':513 'consider':267 'content':70,172 'control':343,495 'cost':263,412 'cover':51 'creat':518 'data':564 'decis':15,54,242,390 'deploy':489 'descript':210 'design':18,57,217,254,269,274,410,419,423 'destin':514 'develop':11 'diagnost':574 'direct':512 'dns':216,233,237,275,360,379,424,581 'dns/private':30 'doc':178 'document':73,171 'e.g':98,114 'enabl':568 'endpoint':29,223,279,320,345,386,428,454,485,497,536,553,587,597 'endpoints/link':358 'expert':5,45 'fallback':190 'fetch':74,170,179,192 'file':104,112,119,124 'firewal':36,349,501 'focus':259 'forward':288 'github.com':162 'github.com/microsoftdocs/mcp/blob/main/readme.md)':161 'guid':160 'guidanc':46,220,247 'high':32,323,459 'horizon':232 'hybrid':297 'import':81,125 'includ':12,224,284 'increas':451 'index':87,207 'info':304 'infrastructur':425 'inspect':37,341,493 'instal':157,159 'integr':291,380 'knowledg':6 'l120':101 'l34':214 'l34-l38':213 'l35':100 'l35-l120':99 'l38':215 'l39':245 'l39-l44':244 'l44':246 'l45':272 'l45-l49':271 'l49':273 'l50':302 'l50-l55':301 'l55':303 'l56':328 'l56-l62':327 'l62':329 'l63':352 'l63-l74':351 'l74':353 'latest':142 'learn':185,199 'learn-agent-skil':184,198 'learn.microsoft.com':388,404,416,434,449,462,477,491,503,516,528,538,546,556,566,577,589,602 'learn.microsoft.com/en-us/azure/private-link/availability':448 'learn.microsoft.com/en-us/azure/private-link/configure-private-link-service-direct-connect':515 'learn.microsoft.com/en-us/azure/private-link/create-network-security-perimeter-cli':527 'learn.microsoft.com/en-us/azure/private-link/disable-private-endpoint-network-policy':537 'learn.microsoft.com/en-us/azure/private-link/disable-private-link-service-network-policy':545 'learn.microsoft.com/en-us/azure/private-link/increase-private-endpoint-vnet-limits':461 'learn.microsoft.com/en-us/azure/private-link/manage-private-endpoint':555 'learn.microsoft.com/en-us/azure/private-link/monitor-private-link-reference':565 'learn.microsoft.com/en-us/azure/private-link/network-security-perimeter-diagnostic-logs':576 'learn.microsoft.com/en-us/azure/private-link/network-security-perimeter-role-based-access-control-requirements':476 'learn.microsoft.com/en-us/azure/private-link/network-security-perimeter-transition':403 'learn.microsoft.com/en-us/azure/private-link/private-endpoint-dns':588 'learn.microsoft.com/en-us/azure/private-link/private-endpoint-dns-integration':387 'learn.microsoft.com/en-us/azure/private-link/private-link-cost-optimization':415 'learn.microsoft.com/en-us/azure/private-link/private-link-disable-snat':601 'learn.microsoft.com/en-us/azure/private-link/rbac-permissions':490 'learn.microsoft.com/en-us/azure/private-link/tutorial-dns-on-premises-private-resolver':433 'learn.microsoft.com/en-us/azure/private-link/tutorial-inspect-traffic-azure-firewall':502 'limit':20,34,59,299,321,436,457 'line':96,108,209 'link':4,10,40,50,113,122,241,257,307,372,409,443,488,510,544,562 'link/endpoint':334 'local':66 'locat':90 'log':575 'make':16,55,243,391 'manag':356,520,550 'markdown':189,205 'mcp':148,175 'metadata.generated':129 'microsoft':177 'microsoftdoc':149,176 'migration/transition':266 'misconfigur':238 'mode':252,402 'monitor':563 'monitoring/logging':367 'month':135 'name':227,285 'network':167,298,336,363,398,472,521,532,571 'nsgs':362 'nva':600 'old':136 'on-premis':293 'oper':339,475 'optim':264,406 'pattern':19,58,229,270,287,420 'per':310,317,455 'perimet':250,338,365,400,474,523,573 'permiss':469 'plus':340 'polici':533 'practic':14,53,212,375,382 'prefer':173 'premis':295 'privat':3,9,28,39,49,222,240,256,278,282,306,319,333,344,357,371,385,408,427,431,442,453,484,487,496,509,535,543,552,561,580,586,596 'privatelinkservicenetworkpolici':541 'properti':554 'provid':44 'pull':140 'queri':181,195 'quick':68 'quick-refer':67 'quota':21,60,300,437 'rais':316 'rang':97 'rbac':330,468,481 'read':103,118 'record':583 'refer':69,123,558 'relev':91 'remot':72 'repositori':146 'requir':166 'resolut':228,286 'resolv':31,283,432 'resourc':311,447 'return':188,204 'role':482 'rule':289 'scale':33,324,460 'section':92 'secur':22,61,261,326,337,364,399,414,464,473,522,572 'security.md':115,116 'servic':308,359,444,511 'set':368 'setup':226,258,331 'skill':41,43,80,165,187,201 'skill-azure-private-link' 'snat':361,592 'source-microsoftdocs' 'specifi':107 'split':231 'split-horizon':230 'store':570 'string':182,196 'subnet':531 'suggest':137,154 'tag':594 'text/markdown':203 'tool':150 'topic':376,392,421,438,465,506 'topic-agent' 'topic-agent-skills' 'topic-agentic-skills' 'topic-agentskill' 'topic-ai-agents' 'topic-ai-coding' 'topic-azure' 'topic-azure-functions' 'topic-azure-kubernetes-service' 'topic-azure-openai' 'topic-azure-sql-database' 'topic-azure-storage' 'tradeoff':262 'traffic':346,373,498,598 'transit':396 'type':312 'url':377,393,422,439,466,507 'use':25,78,84,102,117,174,191,280,322,499 'user':139,156 'version':143 'via':599 'vnet':318,456 'webpag':193 'zone':225,582","prices":[{"id":"9ff6975e-79e9-45be-9ebb-8adc51f13754","listingId":"1f9b971f-9425-469c-88a8-511bad1bd5c0","amountUsd":"0","unit":"free","nativeCurrency":null,"nativeAmount":null,"chain":null,"payTo":null,"paymentMethod":"skill-free","isPrimary":true,"details":{"org":"MicrosoftDocs","category":"Agent-Skills","install_from":"skills.sh"},"createdAt":"2026-04-18T21:59:50.393Z"}],"sources":[{"listingId":"1f9b971f-9425-469c-88a8-511bad1bd5c0","source":"github","sourceId":"MicrosoftDocs/Agent-Skills/azure-private-link","sourceUrl":"https://github.com/MicrosoftDocs/Agent-Skills/tree/main/skills/azure-private-link","isPrimary":false,"firstSeenAt":"2026-04-18T21:59:50.393Z","lastSeenAt":"2026-05-18T18:53:57.788Z"}],"details":{"listingId":"1f9b971f-9425-469c-88a8-511bad1bd5c0","quickStartSnippet":null,"exampleRequest":null,"exampleResponse":null,"schema":null,"openapiUrl":null,"agentsTxtUrl":null,"citations":[],"useCases":[],"bestFor":[],"notFor":[],"kindDetails":{"org":"MicrosoftDocs","slug":"azure-private-link","github":{"repo":"MicrosoftDocs/Agent-Skills","stars":549,"topics":["agent","agent-skills","agentic-skills","agentskill","ai","ai-agents","ai-coding","azure","azure-functions","azure-kubernetes-service","azure-openai","azure-sql-database","azure-storage","azure-virtual-machine","claude-code","github-copilot","microsoft-learn","openai-codex","skills"],"license":"cc-by-4.0","html_url":"https://github.com/MicrosoftDocs/Agent-Skills","pushed_at":"2026-05-17T02:50:05Z","description":"Curated Agent Skills for Microsoft & Azure – giving AI coding assistants structured, real-time expertise from Microsoft Learn docs.","skill_md_sha":"690959f807e277bde28192ba7080e47b607c09c1","skill_md_path":"skills/azure-private-link/SKILL.md","default_branch":"main","skill_tree_url":"https://github.com/MicrosoftDocs/Agent-Skills/tree/main/skills/azure-private-link"},"layout":"multi","source":"github","category":"Agent-Skills","frontmatter":{"name":"azure-private-link","description":"Expert knowledge for Azure Private Link development including best practices, decision making, architecture & design patterns, limits & quotas, security, and configuration. Use when configuring Private Endpoints, DNS/Private Resolver, High Scale limits, Azure Firewall inspection, or NSP access modes, and other Azure Private Link related development tasks. Not for Azure Virtual Network (use azure-virtual-network), Azure VPN Gateway (use azure-vpn-gateway), Azure ExpressRoute (use azure-expressroute), Azure Virtual WAN (use azure-virtual-wan).","compatibility":"Requires network access. Uses mcp_microsoftdocs:microsoft_docs_fetch or fetch_webpage to retrieve documentation."},"skills_sh_url":"https://skills.sh/MicrosoftDocs/Agent-Skills/azure-private-link"},"updatedAt":"2026-05-18T18:53:57.788Z"}}