Stuck waiting for Microsoft.Features/providers/Microsoft.Network/features/AllowPrivateEndpoints

Question

Stuck waiting for Microsoft.Features/providers/Microsoft.Network/features/AllowPrivateEndpoints

Andrew Gibson 5

We've been waiting many hours since executing the command to register the AllowPrivateEndpoints feature of Microsoft.Network:

az feature register --namespace Microsoft.Network --name AllowPrivateEndpoints --subscription "$SUBSCRIPTION_ID"

The Resource Provider was already enabled - we just need this feature. How do we unblock progress?

Ganesh Patapati 9,005 Reputation points Microsoft External Staff Moderator

2025-06-11T19:25:08.6233333+00:00

Hello Andrew Gibson

Could you please let me know which resources you are trying to enable this feature for in the private endpoint? Also, could you share a screenshot of the error message you are receiving?

Could you please check the activity logs to see if the action is in a Pending state or a Failed state? If it is in a Failed state, I request that you perform the action from the Azure Portal and let me know the results.

Wait for propagation sometimes, feature registrations take several hours or even days to propagate across Azure regions.

Hope this helps and let me know if you need more assistance!

If the above is unclear or you are unsure about something, please add a comment below.

Andrew Gibson 5

It is in pending state:

{
  "id": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/providers/Microsoft.Features/providers/Microsoft.Network/features/AllowPrivateEndpoints",
  "name": "Microsoft.Network/AllowPrivateEndpoints",
  "properties": {
    "state": "Pending"
  },
  "type": "Microsoft.Features/providers/features"
}

I'm not aware of any way to attempt this from the Portal (only from the CLI). We are only attempting this in a single subscription in a single region (UAE North)

Ganesh Patapati 9,005 Reputation points Microsoft External Staff Moderator

2025-06-13T11:34:22.4233333+00:00
Hello Andrew Gibson

I have checked from Backend and would like to inform you that customers who create a Private Endpoint using a Log Analytic workspace as a target using a template or script are configuring the LA workspace as the privateLinkServiceId. This is not the correct process. Instead, you need to use Azure Monitor Private Link Scope. The process to configure this is documented here Configure your Private Link - Azure Monitor | Microsoft Docs

To create the private endpoint for Azure Monitor, please use the following method:

Create an Azure Monitor Private Link Scope (AMPLS).

Connect resources to the AMPLS.

Connect AMPLS to a private endpoint.

Configure access to AMPLS resources.

Refer: https://learn.microsoft.com/en-us/answers/questions/2262914/microsoft-network-allowprivateendpoints-feature-st

Hope this helps and let me know if you need more assistance!
Anonymous

2025-06-16T10:20:35.4933333+00:00

Hello Andrew Gibson,

We haven’t heard from you on the last response, and was just checking back to see if you have a resolution yet. In case if you have any resolution, please do share that same with the community as it can be helpful to others. Otherwise, please respond with more details and we will try to help.
Andrew Gibson 5 Reputation points

2025-06-16T17:52:49.8833333+00:00

This does not answer the question. The "process" you suggest is simply a manual one - this doesn't work for landing zones which comply with Microsoft's best practice around immutable state and IaC.

1 answer

Your answer

Ganesh Patapati 9,005 Reputation points Microsoft External Staff Moderator

2025-06-11T19:25:08.6233333+00:00

Hello Andrew Gibson

Could you please let me know which resources you are trying to enable this feature for in the private endpoint? Also, could you share a screenshot of the error message you are receiving?

Could you please check the activity logs to see if the action is in a Pending state or a Failed state? If it is in a Failed state, I request that you perform the action from the Azure Portal and let me know the results.

Wait for propagation sometimes, feature registrations take several hours or even days to propagate across Azure regions.

Hope this helps and let me know if you need more assistance!

If the above is unclear or you are unsure about something, please add a comment below.
Andrew Gibson 5 Reputation points

2025-06-11T19:41:46.73+00:00

It is in pending state:

{ "id": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/providers/Microsoft.Features/providers/Microsoft.Network/features/AllowPrivateEndpoints", "name": "Microsoft.Network/AllowPrivateEndpoints", "properties": { "state": "Pending" }, "type": "Microsoft.Features/providers/features" }

I'm not aware of any way to attempt this from the Portal (only from the CLI). We are only attempting this in a single subscription in a single region (UAE North)
Ganesh Patapati 9,005 Reputation points Microsoft External Staff Moderator

2025-06-13T11:34:22.4233333+00:00

Hello Andrew Gibson

I have checked from Backend and would like to inform you that customers who create a Private Endpoint using a Log Analytic workspace as a target using a template or script are configuring the LA workspace as the privateLinkServiceId. This is not the correct process. Instead, you need to use Azure Monitor Private Link Scope. The process to configure this is documented here Configure your Private Link - Azure Monitor | Microsoft Docs

To create the private endpoint for Azure Monitor, please use the following method:

Create an Azure Monitor Private Link Scope (AMPLS).

Connect resources to the AMPLS.

Connect AMPLS to a private endpoint.

Configure access to AMPLS resources.

Refer: https://learn.microsoft.com/en-us/answers/questions/2262914/microsoft-network-allowprivateendpoints-feature-st

Hope this helps and let me know if you need more assistance!
Anonymous

2025-06-16T10:20:35.4933333+00:00

Hello Andrew Gibson,

We haven’t heard from you on the last response, and was just checking back to see if you have a resolution yet. In case if you have any resolution, please do share that same with the community as it can be helpful to others. Otherwise, please respond with more details and we will try to help.
Andrew Gibson 5 Reputation points

2025-06-16T17:52:49.8833333+00:00

This does not answer the question. The "process" you suggest is simply a manual one - this doesn't work for landing zones which comply with Microsoft's best practice around immutable state and IaC.

Answer 1

Hi @Andrew Gibson,

If you attempt to create a private endpoint for a Log Analytics workspace using an ARM or Bicep template that points directly to the workspace, you may encounter the below error message.

Subscription /subscriptions/xxxxxxxxxx-xxxxxx-xxxx-xxxxxxxxx/resourceGroups//providers/Microsoft.Network/subscriptions/ is not registered for feature Microsoft.Network/AllowPrivateEndpoints required to carry out the requested operation

This means you cannot configure a private endpoint directly to a Log Analytics workspace.

To resolve this issue, you need to use an Azure Monitor Private Link Scope. I tested this in my lab through the portal, and it works correctly using the Azure Monitor Private Link Scope.

This is the correct approach when configuring via any code (such as Bicep or ARM templates) as well.
User's image

Below is the Bicep code to create a private endpoint.

This is a partial snippet for the resource type Microsoft.Network/privateEndpoints.

resource reslawPrivateEndpoint 'Microsoft.Network/privateEndpoints@2021-05-01' = {  
  name: 'law-privendpoint'  
  location: parLocation  
  properties: {  
    privateLinkServiceConnections: [  
      {  
        name: 'law-PrivateEndpoint-PrivateLinkConnection'  
        properties: {  
          privateLinkServiceId: resAMprivateLinkScope.id   
          groupIds: [  
            'azuremonitor'  
          ]  
        }       
      }  
    ]  
    subnet: {  
      id: resExistingSubnetForprivateEnpoint.id  
    }  
  }  
}

Reference: https://learn.microsoft.com/en-us/azure/templates/microsoft.network/privateendpoints?pivots=deployment-language-bicep#privatelinkserviceconnectionproperties

I hope this is helpful! Do not hesitate to let me know if you have any other questions.

I really appreciate your feedback. It’s valuable to us. Please click Accept Answer on this post to assist other community members facing similar issues in finding the correct solution.

Anonymous

2025-06-18T11:18:07.4466667+00:00

Hi @Andrew Gibson,

I just wanted to follow up and see if you had a chance to review my response to your question. Please let us know if it was helpful, and feel free to reach out if you have any further queries.

Share via

Stuck waiting for Microsoft.Features/providers/Microsoft.Network/features/AllowPrivateEndpoints

1 answer

Your answer