azure-private-link

Compare original and translation side by side

🇺🇸

Original

English

🇨🇳

Translation

Chinese

Azure Private Link Skill

This skill provides expert guidance for Azure Private Link. Covers troubleshooting, best practices, decision making, architecture & design patterns, limits & quotas, security, and configuration. It combines local quick-reference content with remote documentation fetching capabilities.

本技能为Azure Private Link提供专业指导，涵盖故障排查、最佳实践、决策制定、架构与设计模式、限制与配额、安全及配置等内容。它结合了本地快速参考内容与远程文档获取能力。

How to Use This Skill

如何使用本技能

IMPORTANT for Agent: Use the Category Index below to locate relevant sections. For categories with line ranges (e.g.,
L35-L120
), use
read_file
with the specified lines. For categories with file links (e.g.,
[security.md](security.md)
), use
read_file
on the linked reference file

IMPORTANT for Agent: If
metadata.generated_at
is more than 3 months old, suggest the user pull the latest version from the repository. If
mcp_microsoftdocs
tools are not available, suggest the user install it: Installation Guide

This skill requires network access to fetch documentation content:

Preferred: Use

mcp_microsoftdocs:microsoft_docs_fetch

with query string

from=learn-agent-skill

. Returns Markdown.

Fallback: Use

fetch_webpage

with query string

from=learn-agent-skill&accept=text/markdown

. Returns Markdown.

Agent注意事项：请使用下方的分类索引定位相关章节。对于带有行范围的分类（例如
L35-L120
），请使用
read_file
工具读取指定行内容。对于带有文件链接的分类（例如
[security.md](security.md)
），请使用
read_file
工具读取链接的参考文件

Agent注意事项：如果
metadata.generated_at
的时间超过3个月，建议用户从仓库拉取最新版本。如果
mcp_microsoftdocs
工具不可用，建议用户安装该工具：安装指南

本技能需要网络访问权限以获取文档内容：

首选方式：使用
```
mcp_microsoftdocs:microsoft_docs_fetch
```
工具，查询字符串为
```
from=learn-agent-skill
```
，返回Markdown格式内容。
备用方式：使用
```
fetch_webpage
```
工具，查询字符串为
```
from=learn-agent-skill&accept=text/markdown
```
，返回Markdown格式内容。

Category Index

分类索引

Category	Lines	Description
Troubleshooting	L35-L40	Diagnosing and fixing Azure Private Endpoint and Private Link service connectivity issues, including DNS, network routing, and common misconfiguration problems.
Best Practices	L41-L45	DNS design and configuration guidance for private endpoints, including zone setup, name resolution patterns, split-horizon DNS, and avoiding common DNS misconfigurations with Private Link
Decision Making	L46-L51	Guidance on planning/migrating to Network Security Perimeter and designing Azure Private Link architectures optimized for security, segmentation, and cost.
Architecture & Design Patterns	L52-L56	Designing DNS architectures for Private Endpoints using Azure Private Resolver, including name resolution patterns, forwarding rules, and integration with on-premises or hybrid networks
Limits & Quotas	L57-L62	Regional availability of Private Link/Endpoints, supported services, and how to view or request increases to per‑VNet and global Private Endpoint limits
Security	L63-L69	Configuring RBAC for Private Link/Private Endpoints and Network Security Perimeters, and inspecting/controlling Private Endpoint traffic with Azure Firewall.
Configuration	L70-L82	Configuring Private Link endpoints/services: subnet and NSG policies, ASGs, DNS zones, SNAT bypass, NSPs, and monitoring/diagnostic logs for private connectivity.

分类	行范围	描述
故障排查	L35-L40	诊断并修复Azure Private Endpoint和Private Link服务的连接问题，包括DNS、网络路由和常见配置错误问题。
最佳实践	L41-L45	针对私有端点的DNS设计与配置指导，包括区域设置、名称解析模式、拆分DNS，以及避免Private Link相关的常见DNS配置错误。
决策制定	L46-L51	关于规划/迁移至Network Security Perimeter（NSP）以及设计针对安全性、分段和成本优化的Azure Private Link架构的指导。
架构与设计模式	L52-L56	使用Azure Private Resolver设计Private Endpoints的DNS架构，包括名称解析模式、转发规则，以及与本地或混合网络的集成。
限制与配额	L57-L62	Private Link/Endpoints的区域可用性、支持的服务，以及如何查看或申请提高每个VNet和全局Private Endpoint的限制。
安全	L63-L69	为Private Link/Private Endpoints和Network Security Perimeter配置RBAC，以及使用Azure Firewall检查和控制Private Endpoint流量。
配置	L70-L82	配置Private Link端点/服务：子网和NSG策略、ASGs、DNS区域、SNAT绕过、NSPs，以及私有连接的监控/诊断日志。

Troubleshooting

故障排查

Topic	URL
Diagnose Azure Private Endpoint connectivity issues	https://learn.microsoft.com/en-us/azure/private-link/troubleshoot-private-endpoint-connectivity
Troubleshoot Azure Private Link service connectivity	https://learn.microsoft.com/en-us/azure/private-link/troubleshoot-private-link-connectivity

主题	链接
诊断Azure Private Endpoint连接问题	https://learn.microsoft.com/en-us/azure/private-link/troubleshoot-private-endpoint-connectivity
排查Azure Private Link服务连接问题	https://learn.microsoft.com/en-us/azure/private-link/troubleshoot-private-link-connectivity

Best Practices

最佳实践

Topic	URL
Apply DNS integration best practices for Azure Private Endpoints	https://learn.microsoft.com/en-us/azure/private-link/private-endpoint-dns-integration

主题	链接
为Azure Private Endpoints应用DNS集成最佳实践	https://learn.microsoft.com/en-us/azure/private-link/private-endpoint-dns-integration

Decision Making

决策制定

Topic	URL
Plan and transition Azure resources to Network Security Perimeter	https://learn.microsoft.com/en-us/azure/private-link/network-security-perimeter-transition
Optimize Azure Private Link design for cost and security	https://learn.microsoft.com/en-us/azure/private-link/private-link-cost-optimization

主题	链接
规划并迁移Azure资源至Network Security Perimeter	https://learn.microsoft.com/en-us/azure/private-link/network-security-perimeter-transition
针对成本与安全优化Azure Private Link设计	https://learn.microsoft.com/en-us/azure/private-link/private-link-cost-optimization

Architecture & Design Patterns

架构与设计模式

Topic	URL
Design DNS infrastructure for Private Endpoints with Azure Private Resolver	https://learn.microsoft.com/en-us/azure/private-link/tutorial-dns-on-premises-private-resolver

主题	链接
使用Azure Private Resolver为Private Endpoints设计DNS基础设施	https://learn.microsoft.com/en-us/azure/private-link/tutorial-dns-on-premises-private-resolver

Limits & Quotas

限制与配额

Topic	URL
Check Azure Private Link regional availability and support	https://learn.microsoft.com/en-us/azure/private-link/availability
Increase Azure Private Endpoint per‑VNet and global limits	https://learn.microsoft.com/en-us/azure/private-link/increase-private-endpoint-vnet-limits

主题	链接
查看Azure Private Link的区域可用性与支持情况	https://learn.microsoft.com/en-us/azure/private-link/availability
提高每个VNet和全局Azure Private Endpoint的限制	https://learn.microsoft.com/en-us/azure/private-link/increase-private-endpoint-vnet-limits

Security

安全

Topic	URL
Configure RBAC permissions for Azure Network Security Perimeter operations	https://learn.microsoft.com/en-us/azure/private-link/network-security-perimeter-role-based-access-control-requirements
Assign Azure RBAC roles for Private Endpoint and Private Link deployment	https://learn.microsoft.com/en-us/azure/private-link/rbac-permissions
Inspect and control Private Endpoint traffic using Azure Firewall	https://learn.microsoft.com/en-us/azure/private-link/tutorial-inspect-traffic-azure-firewall

主题	链接
为Azure Network Security Perimeter操作配置RBAC权限	https://learn.microsoft.com/en-us/azure/private-link/network-security-perimeter-role-based-access-control-requirements
为Private Endpoint和Private Link部署分配Azure RBAC角色	https://learn.microsoft.com/en-us/azure/private-link/rbac-permissions
使用Azure Firewall检查并控制Private Endpoint流量	https://learn.microsoft.com/en-us/azure/private-link/tutorial-inspect-traffic-azure-firewall

Configuration

配置

Topic	URL
Configure application security groups with Azure Private Endpoints	https://learn.microsoft.com/en-us/azure/private-link/configure-asg-private-endpoint
Configure Private Link service Direct Connect destinations	https://learn.microsoft.com/en-us/azure/private-link/configure-private-link-service-direct-connect
Create a network security perimeter with Azure CLI	https://learn.microsoft.com/en-us/azure/private-link/create-network-security-perimeter-cli
Configure subnet network policies for private endpoints	https://learn.microsoft.com/en-us/azure/private-link/disable-private-endpoint-network-policy
Disable subnet network policies for Private Link service	https://learn.microsoft.com/en-us/azure/private-link/disable-private-link-service-network-policy
Manage Azure private endpoint configuration properties	https://learn.microsoft.com/en-us/azure/private-link/manage-private-endpoint
Reference for Azure Private Link monitoring data	https://learn.microsoft.com/en-us/azure/private-link/monitor-private-link-reference
Enable and store Network Security Perimeter diagnostic logs	https://learn.microsoft.com/en-us/azure/private-link/network-security-perimeter-diagnostic-logs
Configure private DNS zone names for Azure Private Endpoints	https://learn.microsoft.com/en-us/azure/private-link/private-endpoint-dns
Enable SNAT bypass for private endpoint traffic via NVA	https://learn.microsoft.com/en-us/azure/private-link/private-link-disable-snat

主题	链接
为Azure Private Endpoints配置应用安全组	https://learn.microsoft.com/en-us/azure/private-link/configure-asg-private-endpoint
配置Private Link服务Direct Connect目标	https://learn.microsoft.com/en-us/azure/private-link/configure-private-link-service-direct-connect
使用Azure CLI创建网络安全边界	https://learn.microsoft.com/en-us/azure/private-link/create-network-security-perimeter-cli
为私有端点配置子网网络策略	https://learn.microsoft.com/en-us/azure/private-link/disable-private-endpoint-network-policy
为Private Link服务禁用子网网络策略	https://learn.microsoft.com/en-us/azure/private-link/disable-private-link-service-network-policy
管理Azure私有端点配置属性	https://learn.microsoft.com/en-us/azure/private-link/manage-private-endpoint
Azure Private Link监控数据参考	https://learn.microsoft.com/en-us/azure/private-link/monitor-private-link-reference
启用并存储Network Security Perimeter诊断日志	https://learn.microsoft.com/en-us/azure/private-link/network-security-perimeter-diagnostic-logs
为Azure Private Endpoints配置私有DNS区域名称	https://learn.microsoft.com/en-us/azure/private-link/private-endpoint-dns
通过NVA为私有端点流量启用SNAT绕过	https://learn.microsoft.com/en-us/azure/private-link/private-link-disable-snat