> ## Documentation Index > Fetch the complete documentation index at: https://docs.unstructured.io/llms.txt > Use this file to discover all available pages before exploring further. # Connecting to customer-managed services on Azure This page covers how to establish private connectivity between your dedicated instance and services running in your Azure environment that you self-host, such as MongoDB, Elasticsearch, or applications behind Azure API Management in internal VNet mode. For Azure-managed services that support Private Endpoint access natively (Blob Storage, Azure OpenAI, AI Search, Azure SQL, Cosmos DB, PostgreSQL, MySQL, Synapse, Azure Databricks), see [Connecting to Azure-managed services](/business/azure/azure-privatelink/connect-to-services). ## How it works Customer-managed services on Azure require you to front them with an **Azure Standard Load Balancer** and expose them via a **Private Link Service**. Unstructured then creates a Private Endpoint in the Unstructured-managed environment to connect to your service privately. In Azure terminology, you are the *service provider* and Unstructured is the *service consumer*. ## Information exchange The table below uses **Order** to indicate the general sequence of the information exchange — items with the same Order value can usually be provided at the same stage. The `` value is a placeholder; contact your Unstructured account team or open a ticket in the [Unstructured Support Portal](https://support.unstructured.io/) to get the actual value for your dedicated instance. Your service must be in the same Azure region as your dedicated instance — cross-region Private Link is not supported. The example region code in the table below is illustrative; use the region your dedicated instance is deployed in. See [Known limitations](/business/dedicated-instances/requirements#known-limitations). | Order | Information Required | Description | Example | Provided by | | ----- | ---------------------------------- | ------------------------------------------------------------------------------ | ------------------------------------------------------------------------------------- | ------------ | | 1 | Service Type | The service being accessed | `MongoDB`, `Elasticsearch`, `Internal API` | Customer | | 1 | Service Region | Azure region where the service is hosted | `eastus` | Customer | | 1 | Service Port | Port(s) the service listens on | `27017` (MongoDB), `9200` (Elasticsearch), `443` | Customer | | 2 | Unstructured Azure Subscription ID | Subscription ID to add to the visibility settings of your Private Link Service | `` | Unstructured | | 3 | Private Link Service Resource ID | Full resource ID of your Private Link Service | `/subscriptions/.../providers/Microsoft.Network/privateLinkServices/customer-app-pls` | Customer | | 3 | Service Endpoint | The endpoint hostname or IP for connection | Custom DNS or Private Link Service alias | Customer | ## Steps ### Step 1: Provide service information Provide Unstructured with the service type, region, and port via support ticket. Unstructured will share the Unstructured Azure Subscription ID you need to complete Step 3. ### Step 2: Create a Standard Load Balancer and Private Link Service Deploy an Azure Standard Load Balancer in front of your service, then create a Private Link Service attached to the load balancer's frontend IP configuration. [Learn how](https://learn.microsoft.com/en-us/azure/private-link/private-link-service-overview). **Using the Azure CLI:** ```bash theme={null} az network private-link-service create \ --name "customer-app-pls" \ --resource-group "" \ --vnet-name "" \ --subnet "" \ --lb-name "" \ --lb-frontend-ip-configs "" \ --location "" ``` Replace: * `` — Resource group for the Private Link Service and related resources * `` — Virtual network name * `` — Subnet used for the Private Link Service (must meet Azure subnet requirements for Private Link) * `` — Name of the Standard Load Balancer fronting your application * `` — Frontend IP configuration name on the load balancer * `` — Azure region (for example `eastus`) ### Step 3: Add Unstructured's subscription to your Private Link Service visibility Update the visibility settings on your Private Link Service to include Unstructured's Azure Subscription ID so Unstructured can create a Private Endpoint connecting to it. [Learn how](https://learn.microsoft.com/en-us/azure/private-link/private-link-service-overview#control-service-exposure). ### Step 4: Share your Private Link Service details with Unstructured Provide Unstructured with your Private Link Service Resource ID and service endpoint via support ticket. Unstructured will create a Private Endpoint in the Unstructured-managed environment targeting your service. ### Step 5: Approve Unstructured's connection request Once Unstructured creates the Private Endpoint, a connection request appears on your Private Link Service. Approve it as soon as possible to avoid delays. [Learn how](https://learn.microsoft.com/en-us/azure/private-link/manage-private-endpoint). **Using the Azure CLI:** ```bash theme={null} az network private-link-service connection approve \ --resource-group "" \ --service-name "customer-app-pls" \ --name "" ``` Replace `` with the name of the pending connection request (shown in the Azure portal or provided by Unstructured). ## Private API Gateway use case If your application uses Azure API Management in private-only (internal VNet) mode, you cannot target the API Management resource directly with a Private Link Service. Deploy an Azure Standard Load Balancer in front of API Management and create a Private Link Service that points to the load balancer. ## Questions? Need help? Contact your Unstructured account team or open a ticket in the [Unstructured Support Portal](https://support.unstructured.io/).