Add the Networking Tab in the Host Pool Creation Wizard in the Azure Portal

Just like we have a Networking tab in the Storage Account where public access can be disabled and private endpoints enabled, there should be a similar option available during Host Pool creation in the Azure Portal. In my customer environment, which is a banking organization, a policy is enforced that does not allow any resource to be created with public access—it blocks the creation outright.

az policy assignment create \
  --name "DenyPublicAccess" \
  --scope "/subscriptions/<subscription-id>" \
  --policy "/providers/Microsoft.Authorization/policyDefinitions/<policy-definition-id>"
The policy they use is named "Public network access should be disabled for PaaS services", which prevents the creation of a Host Pool unless public access is disabled. Currently, this setting cannot be configured during Host Pool creation in the Azure Portal, as the networking tab is only available after the Host Pool is created, allowing you to disable public access and enable private endpoints. For BFSI customers, requesting a policy relaxation is difficult. While this may be achieved through automation, the option should also be available in the Azure Portal. Otherwise, it creates a contradiction—there is a policy to disable public access, but no way to comply with it during the initial creation.