diff --git a/src/Network/Network/ChangeLog.md b/src/Network/Network/ChangeLog.md
index 47cdd6333c83..06d3e43869ae 100644
--- a/src/Network/Network/ChangeLog.md
+++ b/src/Network/Network/ChangeLog.md
@@ -23,6 +23,7 @@
     - Added `CustomV2` to the validation set of `PolicyType`
     - Added `TLSv1_3` to the validation set of `MinProtocolVersion`
     - Removed validation for null or empty cipher suites list since there can be empty cipher suites list for min protocol version of tls1.3
+* [Breaking Change] Changed default value of `-PrivateEndpointNetworkPoliciesFlag` to `Disabled` in `Add-AzVirtualNetworkSubnetConfig` and `New-AzVirtualNetworkSubnetConfig`
 
 ## Version 4.17.0
 * Supported `Microsoft.Network/privateLinkServices` in `Get-AzPrivateEndpointConnection` [#16984].
diff --git a/src/Network/Network/VirtualNetwork/Subnet/AddAzureVirtualNetworkSubnetConfigCommand.cs b/src/Network/Network/VirtualNetwork/Subnet/AddAzureVirtualNetworkSubnetConfigCommand.cs
index 79480529c371..66e35dbc81e8 100644
--- a/src/Network/Network/VirtualNetwork/Subnet/AddAzureVirtualNetworkSubnetConfigCommand.cs
+++ b/src/Network/Network/VirtualNetwork/Subnet/AddAzureVirtualNetworkSubnetConfigCommand.cs
@@ -113,7 +113,7 @@ public override void Execute()
                 subnet.Delegations = this.Delegation?.ToList();
             }
 
-            subnet.PrivateEndpointNetworkPolicies = this.PrivateEndpointNetworkPoliciesFlag ?? "Enabled";
+            subnet.PrivateEndpointNetworkPolicies = this.PrivateEndpointNetworkPoliciesFlag ?? "Disabled";
             subnet.PrivateLinkServiceNetworkPolicies = this.PrivateLinkServiceNetworkPoliciesFlag ?? "Enabled";
 
             this.VirtualNetwork.Subnets.Add(subnet);
diff --git a/src/Network/Network/VirtualNetwork/Subnet/NewAzureVirtualNetworkSubnetConfigCommand.cs b/src/Network/Network/VirtualNetwork/Subnet/NewAzureVirtualNetworkSubnetConfigCommand.cs
index 576796760696..7aa5f107aad6 100644
--- a/src/Network/Network/VirtualNetwork/Subnet/NewAzureVirtualNetworkSubnetConfigCommand.cs
+++ b/src/Network/Network/VirtualNetwork/Subnet/NewAzureVirtualNetworkSubnetConfigCommand.cs
@@ -101,7 +101,7 @@ public override void Execute()
                 subnet.Delegations = this.Delegation?.ToList();
             }
 
-            subnet.PrivateEndpointNetworkPolicies = this.PrivateEndpointNetworkPoliciesFlag ?? "Enabled";
+            subnet.PrivateEndpointNetworkPolicies = this.PrivateEndpointNetworkPoliciesFlag ?? "Disabled";
             subnet.PrivateLinkServiceNetworkPolicies = this.PrivateLinkServiceNetworkPoliciesFlag ?? "Enabled";
 
             WriteObject(subnet);
diff --git a/src/Network/Network/help/Add-AzVirtualNetworkSubnetConfig.md b/src/Network/Network/help/Add-AzVirtualNetworkSubnetConfig.md
index 1ccce2252409..cad673f9b335 100644
--- a/src/Network/Network/help/Add-AzVirtualNetworkSubnetConfig.md
+++ b/src/Network/Network/help/Add-AzVirtualNetworkSubnetConfig.md
@@ -186,7 +186,7 @@ Accept wildcard characters: False
 ```
 
 ### -PrivateEndpointNetworkPoliciesFlag
-Configure to enable or disable applying network policies on private endpoint in the subnet.
+Configure to enable or disable applying network policies on private endpoint in the subnet. Default value is Disabled.
 
 ```yaml
 Type: System.String
diff --git a/src/Network/Network/help/New-AzVirtualNetworkSubnetConfig.md b/src/Network/Network/help/New-AzVirtualNetworkSubnetConfig.md
index 560ab8b7f929..f047bebcd8b0 100644
--- a/src/Network/Network/help/New-AzVirtualNetworkSubnetConfig.md
+++ b/src/Network/Network/help/New-AzVirtualNetworkSubnetConfig.md
@@ -198,7 +198,7 @@ Accept wildcard characters: False
 ```
 
 ### -PrivateEndpointNetworkPoliciesFlag
-Configure to enable or disable applying network policies on private endpoint in the subnet.
+Configure to enable or disable applying network policies on private endpoint in the subnet. Default value is Disabled.
 
 ```yaml
 Type: System.String