Review and update private DNS zones for private endpoint

[krowlandson]

Description

Since the addition of private DNS zones for private endpoint support in the ALZ Portal accelerator, the list of services supporting private endpoint has grown.

There also appear to be a few changes in the documented zones required for services already included in the deployment templates.

Having done a quick review of the latest documented DNS zones, it appears we have some differences which need to be resolved as follows:

Private link resource type / Subresource	Status
Azure Automation / (Microsoft.Automation/automationAccounts) / Webhook, DSCAndHybridWorker	no changes identified
Azure SQL Database (Microsoft.Sql/servers) / sqlServer	no changes identified
Azure SQL Managed Instance (Microsoft.Sql/managedInstances)	needs testing to verify works with privatelink.{dnsPrefix}.database.windows.net format
Azure Synapse Analytics (Microsoft.Synapse/workspaces) / Sql	no changes identified
Azure Synapse Analytics (Microsoft.Synapse/workspaces) / SqlOnDemand	no changes identified
Azure Synapse Analytics (Microsoft.Synapse/workspaces) / Dev	no changes identified
Azure Synapse Studio (Microsoft.Synapse/privateLinkHubs) / Web	no changes identified
Storage account (Microsoft.Storage/storageAccounts) / Blob (blob, blob_secondary)	no changes identified
Storage account (Microsoft.Storage/storageAccounts) / Table (table, table_secondary)	no changes identified
Storage account (Microsoft.Storage/storageAccounts) / Queue (queue, queue_secondary)	no changes identified
Storage account (Microsoft.Storage/storageAccounts) / File (file, file_secondary)	no changes identified
Storage account (Microsoft.Storage/storageAccounts) / Web (web, web_secondary)	no changes identified
Azure Data Lake File System Gen2 (Microsoft.Storage/storageAccounts) / Data Lake File System Gen2 (dfs, dfs_secondary)	no changes identified
Azure Cosmos DB (Microsoft.AzureCosmosDB/databaseAccounts) / Sql	no changes identified
Azure Cosmos DB (Microsoft.AzureCosmosDB/databaseAccounts) / MongoDB	no changes identified
Azure Cosmos DB (Microsoft.AzureCosmosDB/databaseAccounts) / Cassandra	no changes identified
Azure Cosmos DB (Microsoft.AzureCosmosDB/databaseAccounts) / Gremlin	no changes identified
Azure Cosmos DB (Microsoft.AzureCosmosDB/databaseAccounts) / Table	no changes identified
Azure Batch (Microsoft.Batch/batchAccounts) / batchAccount	need to verify whether current regional implementation is correct
Azure Batch (Microsoft.Batch/batchAccounts) / nodeManagement	need to verify whether current regional implementation is correct
Azure Database for PostgreSQL - Single server (Microsoft.DBforPostgreSQL/servers) / postgresqlServer	no changes identified
Azure Database for MySQL (Microsoft.DBforMySQL/servers) / mysqlServer	no changes identified
Azure Database for MariaDB (Microsoft.DBforMariaDB/servers) / mariadbServer	no changes identified
Azure Key Vault (Microsoft.KeyVault/vaults) / vault	no changes identified
Azure Key Vault (Microsoft.KeyVault/managedHSMs) / Managed HSMs	no changes identified
Azure Kubernetes Service - Kubernetes API (Microsoft.ContainerService/managedClusters) / management	need to validate region format is correct and check requirements for {subzone}.privatelink.{region}.azmk8s.io zone
Azure Search (Microsoft.Search/searchServices) / searchService	no changes identified
Azure Container Registry (Microsoft.ContainerRegistry/registries) / registry	need to test whether regional zones work as expected for {region}.privatelink.azurecr.io
Azure App Configuration (Microsoft.AppConfiguration/configurationStores) / configurationStores	no changes identified
Azure Backup (Microsoft.RecoveryServices/vaults) / AzureBackup	no changes identified
Azure Site Recovery (Microsoft.RecoveryServices/vaults) / AzureSiteRecovery	need to check as zone is now documented as being regional, i.e. privatelink.{region}.siterecovery.windowsazure.com
Azure Event Hubs (Microsoft.EventHub/namespaces) / namespace	no changes identified
Azure Service Bus (Microsoft.ServiceBus/namespaces) / namespace	no changes identified
Azure IoT Hub (Microsoft.Devices/IotHubs) / iotHub	no changes identified
Azure Relay (Microsoft.Relay/namespaces) / namespace	no changes identified
Azure Event Grid (Microsoft.EventGrid/topics) / topic	no changes identified
Azure Event Grid (Microsoft.EventGrid/domains) / domain	no changes identified
Azure Web Apps (Microsoft.Web/sites) / sites	no changes identified
Azure Machine Learning (Microsoft.MachineLearningServices/workspaces) / amlworkspace	no changes identified
SignalR (Microsoft.SignalRService/SignalR) / signalR	no changes identified
Azure Monitor (Microsoft.Insights/privateLinkScopes) / azuremonitor	no changes identified
Cognitive Services (Microsoft.CognitiveServices/accounts) / account	no changes identified
Azure File Sync (Microsoft.StorageSync/storageSyncServices) / afs	need to check as zone is now documented as being regional, i.e. privatelink.{region}.afs.azure.net
Azure Data Factory (Microsoft.DataFactory/factories) / dataFactory	no changes identified
Azure Data Factory (Microsoft.DataFactory/factories) / portal	no changes identified
Azure Cache for Redis (Microsoft.Cache/Redis) / redisCache	no changes identified
Azure Cache for Redis Enterprise (Microsoft.Cache/RedisEnterprise) / redisEnterprise	no changes identified
Microsoft Purview (Microsoft.Purview) / account	no changes identified
Microsoft Purview (Microsoft.Purview) / portal	no changes identified
Azure Digital Twins (Microsoft.DigitalTwins) / digitalTwinsInstances	no changes identified
Azure HDInsight (Microsoft.HDInsight)	no changes identified
Azure Arc (Microsoft.HybridCompute) / hybridcompute	no changes identified
Azure Media Services (Microsoft.Media) / keydelivery, liveevent, streamingendpoint	no changes identified
Azure Data Explorer (Microsoft.Kusto)	missing
Azure Static Web Apps (Microsoft.Web/staticSites) / staticSites	missing
Azure Migrate (Microsoft.Migrate) / migrate projects, assessment project and discovery site	missing
Azure Managed HSM (Microsoft.Keyvault/managedHSMs) / managedhsm	missing
Azure API Management (Microsoft.ApiManagement/service) / gateway	missing
Microsoft PowerBI (Microsoft.PowerBI/privateLinkServicesForPowerBI)	missing
Azure Bot Service (Microsoft.BotService/botServices) / Bot	missing
Azure Bot Service (Microsoft.BotService/botServices) / Token	missing

Describe the solution you'd like

Update the module to reflect the latest changes in available services with private endpoint support.

Additional context

Related to:

• Review and update private DNS zones for private endpoint terraform-azurerm-caf-enterprise-scale#482
• Review and update private DNS zones for private endpoint Enterprise-Scale#1073