Why does the Genesys Cloud Edge deployment script is failing at the registration stage when using a private endpoint in our Azure VNet? We are migrating from a Zendesk Talk setup where the infrastructure was entirely managed, so this level of network configuration is a steep learning curve. The environment is Genesys Cloud EU1 (eu1-3), and we are attempting to deploy a BYOC Edge node version 21.10. The error occurs when the edge-register command tries to validate the connection against the provided private link resource. The specific error message returned is: HTTP 403 Forbidden: Access Denied. The client does not have permission to perform this action on the resource 'privatelink.euc1.genesis.cloud'. We have verified that the NSG rules allow outbound traffic on port 443 to the specific private endpoint IP range, and the DNS resolution is correct within the Azure Private DNS Zone. In Zendesk, we never had to worry about private link scopes or endpoint policies, as the SaaS model abstracted this away. Here, it feels like we are hitting a wall due to a subtle misconfiguration in the Azure Private Link Service connection approval or the Genesys Cloud tenant’s private connectivity settings. The deployment logs show the initial handshake succeeds, but the token exchange fails immediately after. We have double-checked the API key permissions, ensuring the admin user has ‘Manage Edge’ capabilities. Is there a specific header or certificate requirement for the private link registration that differs from the public internet deployment? The documentation mentions a ‘trusted network’ configuration, but it is unclear if this applies to the initial registration handshake. Any insights into what might be blocking the 403 response would be appreciated, as we are stuck in the migration pipeline.