A premium ACR should exist in the hub vnet and accessed via a private endpoint.
This should make use of the private dns zone created in the connectivity subscription. Ensure there is a vnet link to the zone.
It should have quarantined containers configured.
Admin access should be disabled in favour of RBAC access.
A premium ACR should exist in the hub vnet and accessed via a private endpoint. This should make use of the private dns zone created in the connectivity subscription. Ensure there is a vnet link to the zone. It should have quarantined containers configured. Admin access should be disabled in favour of RBAC access.