Synapse Workspace virtual_network_enabled=true argument results in broken synapse

When you rollout a Synapse workspace with managed_virtual_network_enabled=true everything seems to roll out correctly:

  • Synapse Workspace overview page is showing
  • You can create managed private endpoints to other resources via Terraform


  • Default and newly created integration endpoints are not running in the managed VNET
  • The newly create managed private endpoints are not working. The PAAS services still needing public networking enabled to be able support connections from Synapse
  • Azure Portal UI and Synapse Studio is not showing or grey out managed private endpoint configuration
  • ARM template is showing
    “resources”: [
    “type”: “Microsoft.Synapse/workspaces”,
    “apiVersion”: “2021-06-01”,
    “name”: “[parameters(’*)]",
    “location”: “westeurope”,
    “identity”: {
    “type”: “SystemAssigned”
    “properties”: {
    “defaultDataLakeStorage”: {
    “accountUrl”: "
    “filesystem”: “synapse”
    “encryption”: {},
    "managedVirtualNetwork": “default”,

So in other words what you rollout now with this option doesn’t work, fixing it will need a full redeploy of synapse

I see Pull Request and I’m convinced that this will fix my problem but this will be released in of the Terraform azurerm provider

Seeing it’s a very small fix for a not common setup (Synapse in a Private Network Environment) used deployment, current deploy is resulting in not working components. Can this pull request not be integrated earlier?

Hi @thomasannerelacerta!

This change would introduce a breaking change, and therefore it’s only introduced in v3.0 unfortunately…


Thx for the quick answer. Do not understand why it’s breaking. Contract stays the same but user needs destroy and apply manually before this will be fixed.

Will this be in the initial delivery of v3.0? Understood somewhere Q1 2022?