How do I create a managed private endpoint in Synapse (and ADF) that will allow me to connect to data via application gateway

Question

I noticed that the "private link" for application gateway became generally available (finally).

https://azure.microsoft.com/en-us/updates/generally-available-application-gateway-private-link/

We would like to use this to make outbound connections from our synapse workspace to a custom web API.

Whenever a synapse workspace is hosted in a "managed vnet" these types of outbound connections can only be made via the managed-private-endpoints (MPE's). However I do NOT see this listed in the available MPE's within a Synapse workspace. I'm guessing it was not a priority for the Synapse U/I team to add the item to the list of selections.

It has always been a requirement to connect to our custom web API's. The workaround we've used in the past is very, very ugly (involving a private link service, load balancer, and NAT VM). Now that Microsoft has finally finished up "private link" for application gateway, I'd love to start using that from our Synapse Spark jobs.

Any tips would be very much appreciated. I'm hoping there is a way to configure an MPE, regardless of whether the Synapse U/I presents this as an option or not (eg. perhaps it is possible via ARM or powershell or something like that). Hopefully it is fully supported, notwithstanding the U/I.

Answer 1

It may now be possible (finally) to create a managed private endpoint for application gateway. I check for it on a periodic basis and finally noticed a selection for this in the UI (see below):

I would be more comfortable declaring victory if there was an announcement about this from the ADF or synapse teams. I haven't found that yet. But I had been creating support cases to check in with them for the past two years or so.

I will at least try it out myself and see what happens. I'm hoping it actually works.