diff --git a/quickstart/201-machine-learning-private/main.tf b/quickstart/201-machine-learning-private/main.tf
index 3a873834..4908b2b8 100644
--- a/quickstart/201-machine-learning-private/main.tf
+++ b/quickstart/201-machine-learning-private/main.tf
@@ -8,4 +8,94 @@ data "azurerm_client_config" "current" {}
 resource "azurerm_resource_group" "default" {
   name     = "${var.name}-${var.environment}-rgp"
   location = "${var.location}"
-}
\ No newline at end of file
+}
+
+# Virtual network
+resource "azurerm_virtual_network" "default" {
+  name                = "${var.name}-${var.environment}-vnet"
+  address_space       = ["10.0.0.0/16"]
+  location            = azurerm_resource_group.default.location
+  resource_group_name = azurerm_resource_group.default.name
+}
+
+resource "azurerm_subnet" "mlsubnet" {
+  name                 = "mlsubnet"
+  resource_group_name  = azurerm_resource_group.default.name
+  virtual_network_name = azurerm_virtual_network.default.name
+  address_prefixes     = ["10.0.1.0/24"]
+  enforce_private_link_endpoint_network_policies = true
+}
+
+# DNS zones
+resource "azurerm_private_dns_zone" "dnsvault" {
+  name                = "privatelink.vaultcore.azure.net"
+  resource_group_name = azurerm_resource_group.default.name
+}
+
+resource "azurerm_private_dns_zone_virtual_network_link" "vnetlinkvault" {
+  name                  = "dnsvaultlink"
+  resource_group_name   = azurerm_resource_group.default.name
+  private_dns_zone_name = azurerm_private_dns_zone.dnsvault.name
+  virtual_network_id    = azurerm_virtual_network.default.id
+}
+
+resource "azurerm_private_dns_zone" "dnsstorageblob" {
+  name                = "privatelink.blob.core.windows.net"
+  resource_group_name = azurerm_resource_group.default.name
+}
+
+resource "azurerm_private_dns_zone_virtual_network_link" "vnetlinkblob" {
+  name                  = "dnsblobstoragelink"
+  resource_group_name   = azurerm_resource_group.default.name
+  private_dns_zone_name = azurerm_private_dns_zone.dnsstorageblob.name
+  virtual_network_id    = azurerm_virtual_network.default.id
+}
+
+
+resource "azurerm_private_dns_zone" "dnsstoragefile" {
+  name                = "privatelink.file.core.windows.net"
+  resource_group_name = azurerm_resource_group.default.name
+}
+
+resource "azurerm_private_dns_zone_virtual_network_link" "vnetlinkfile" {
+  name                  = "dnsfilestoragelink"
+  resource_group_name   = azurerm_resource_group.default.name
+  private_dns_zone_name = azurerm_private_dns_zone.dnsstoragefile.name
+  virtual_network_id    = azurerm_virtual_network.default.id
+}
+
+resource "azurerm_private_dns_zone" "dnscontainerregistry" {
+  name                = "privatelink.azurecr.io"
+  resource_group_name = azurerm_resource_group.default.name
+}
+
+resource "azurerm_private_dns_zone_virtual_network_link" "vnetlinkcr" {
+  name                  = "dnscrlink"
+  resource_group_name   = azurerm_resource_group.default.name
+  private_dns_zone_name = azurerm_private_dns_zone.dnscontainerregistry.name
+  virtual_network_id    = azurerm_virtual_network.default.id
+}
+
+resource "azurerm_private_dns_zone" "dnsazureml" {
+  name                = "privatelink.api.azureml.ms"
+  resource_group_name = azurerm_resource_group.default.name
+}
+
+resource "azurerm_private_dns_zone_virtual_network_link" "vnetlinkml" {
+  name                  = "dnsazuremllink"
+  resource_group_name   = azurerm_resource_group.default.name
+  private_dns_zone_name = azurerm_private_dns_zone.dnsazureml.name
+  virtual_network_id    = azurerm_virtual_network.default.id
+}
+
+resource "azurerm_private_dns_zone" "dnsnotebooks" {
+  name                = "privatelink.azureml.notebooks.net"
+  resource_group_name = azurerm_resource_group.default.name
+}
+
+resource "azurerm_private_dns_zone_virtual_network_link" "vnetlinknbs" {
+  name                  = "dnsnotebookslink"
+  resource_group_name   = azurerm_resource_group.default.name
+  private_dns_zone_name = azurerm_private_dns_zone.dnsnotebooks.name
+  virtual_network_id    = azurerm_virtual_network.default.id
+}
diff --git a/quickstart/201-machine-learning-private/workspace.tf b/quickstart/201-machine-learning-private/workspace.tf
index c21083d3..bdf5ed4e 100644
--- a/quickstart/201-machine-learning-private/workspace.tf
+++ b/quickstart/201-machine-learning-private/workspace.tf
@@ -12,7 +12,7 @@ resource "azurerm_key_vault" "default" {
   resource_group_name      = azurerm_resource_group.default.name
   tenant_id                = data.azurerm_client_config.current.tenant_id
   sku_name                 = "premium"
-  purge_protection_enabled = false
+  purge_protection_enabled = true
   
   network_acls {
     default_action = "Deny"
@@ -56,53 +56,6 @@ resource "azurerm_machine_learning_workspace" "default" {
   }
 }
 
-# Virtual network
-resource "azurerm_virtual_network" "default" {
-  name                = "${var.name}-${var.environment}-vnet"
-  address_space       = ["10.0.0.0/16"]
-  location            = azurerm_resource_group.default.location
-  resource_group_name = azurerm_resource_group.default.name
-}
-
-resource "azurerm_subnet" "mlsubnet" {
-  name                 = "mlsubnet"
-  resource_group_name  = azurerm_resource_group.default.name
-  virtual_network_name = azurerm_virtual_network.default.name
-  address_prefixes     = ["10.0.1.0/24"]
-  enforce_private_link_endpoint_network_policies = true
-}
-
-# DNS zones
-resource "azurerm_private_dns_zone" "dnsvault" {
-  name                = "privatelink.vaultcore.azure.net"
-  resource_group_name = azurerm_resource_group.default.name
-}
-
-resource "azurerm_private_dns_zone" "dnsstorageblob" {
-  name                = "privatelink.blob.core.windows.net"
-  resource_group_name = azurerm_resource_group.default.name
-}
-
-resource "azurerm_private_dns_zone" "dnsstoragefile" {
-  name                = "privatelink.file.core.windows.net"
-  resource_group_name = azurerm_resource_group.default.name
-}
-
-resource "azurerm_private_dns_zone" "dnscontainerregistry" {
-  name                = "privatelink.azurecr.io"
-  resource_group_name = azurerm_resource_group.default.name
-}
-
-resource "azurerm_private_dns_zone" "dnsazureml" {
-  name                = "privatelink.api.azureml.ms"
-  resource_group_name = azurerm_resource_group.default.name
-}
-
-resource "azurerm_private_dns_zone" "dnsnotebooks" {
-  name                = "privatelink.azureml.notebooks.net"
-  resource_group_name = azurerm_resource_group.default.name
-}
-
 # Private endpoints
 resource "azurerm_private_endpoint" "keyvault_ple" {
   name                = "${var.name}-${var.environment}-kv-ple"
@@ -181,7 +134,7 @@ resource "azurerm_private_endpoint" "cr_ple" {
 }
 
 resource "azurerm_private_endpoint" "ml_ple" {
-  name                = "${var.name}-${var.environment}-ple"
+  name                = "${var.name}-${var.environment}-ml-ple"
   location            = azurerm_resource_group.default.location
   resource_group_name = azurerm_resource_group.default.name
   subnet_id           = azurerm_subnet.mlsubnet.id
@@ -200,4 +153,5 @@ resource "azurerm_private_endpoint" "ml_ple" {
     subresource_names              = [ "amlworkspace" ]
     is_manual_connection           = false
   }
+
 }
\ No newline at end of file