@Tim James - Thanks for reaching out to us and again thanks for patiently working with support while they worked on resolving your issue.
Resurfacing the resolution here, so it can be beneficial to the community who might be facing the similar issue.
- By discussing with network team, they confirmed that the Network resource provider will automatically create a Network Interface (NIC) as part of the Private Endpoint (PE) creation behind the scenes and this NIC will link to the PE.
- From Azure Resource Management (ARM) template perspective, if the deployment mode is Complete Mode, any resources that are not defined in the template will be removed: deployment-modes.
- With the design of Complete Mode, we have document to list resource types that will be deleted in complete mode or not: deployment-complete-mode-deletion.
- And the network interface is marked as Yes so it will be deleted in this mode.
- However, in the actual deployment, the NIC is linked to the PE, so the deletion finally failed as a result. Therefore, we may need to use Incremental Mode when deploying the PE. From Managed Application perspective, you could choose the deployment mode during the creation of application definition.
Hope this helps.
------------------------------------------------------------------
If the above response was helpful, please feel free to "Accept as Answer" and "Upvote" the same so it can be beneficial to the community.