diff --git a/.changelog/3829.txt b/.changelog/3829.txt
new file mode 100644
index 00000000000..00ed1271c8d
--- /dev/null
+++ b/.changelog/3829.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+access_application: added more fields to private destinations
+```
diff --git a/access_application.go b/access_application.go
index 8a66327f86c..1691324582e 100644
--- a/access_application.go
+++ b/access_application.go
@@ -35,7 +35,18 @@ const (
 
 type AccessDestination struct {
 	Type AccessDestinationType `json:"type"`
-	URI  string                `json:"uri"`
+	// URI is required and only used for public destinations.
+	URI string `json:"uri,omitempty"`
+	// Hostname can only be used for private destinations.
+	Hostname string `json:"hostname,omitempty"`
+	// CIDR can only be used for private destinations.
+	CIDR string `json:"cidr,omitempty"`
+	// PortRange can only be used for private destinations.
+	PortRange string `json:"port_range,omitempty"`
+	// L4Protocol can only be used for private destinations.
+	L4Protocol string `json:"l4_protocol,omitempty"`
+	// VnetID can only be used for private destinations.
+	VnetID string `json:"vnet_id,omitempty"`
 }
 
 // AccessApplication represents an Access application.
diff --git a/access_application_test.go b/access_application_test.go
index bd7a3ee7279..daef8e12606 100644
--- a/access_application_test.go
+++ b/access_application_test.go
@@ -294,7 +294,14 @@ func TestCreateAccessApplications(t *testing.T) {
 				"domain_type": "public",
 				"destinations": [
 					{"type": "public", "uri": "test.example.com/admin"},
-					{"type": "public", "uri": "test.example.com/admin2"}
+					{"type": "private", "hostname": "test.private.domain"},
+					{
+						"type": "private",
+						"cidr": "192.168.1.0/24",
+						"port_range": "8080-8081",
+						"vnet_id": "e69219cb-095a-4839-a352-b25b3d43aaac",
+						"l4_protocol": "udp"
+					}
 				],
 				"type": "self_hosted",
 				"session_duration": "24h",
@@ -342,8 +349,21 @@ func TestCreateAccessApplications(t *testing.T) {
 		Domain:     "test.example.com/admin",
 		DomainType: AccessDestinationPublic,
 		Destinations: []AccessDestination{
-			{Type: AccessDestinationPublic, URI: "test.example.com/admin"},
-			{Type: AccessDestinationPublic, URI: "test.example.com/admin2"},
+			{
+				Type: AccessDestinationPublic,
+				URI:  "test.example.com/admin",
+			},
+			{
+				Type:     AccessDestinationPrivate,
+				Hostname: "test.private.domain",
+			},
+			{
+				Type:       AccessDestinationPrivate,
+				CIDR:       "192.168.1.0/24",
+				PortRange:  "8080-8081",
+				VnetID:     "e69219cb-095a-4839-a352-b25b3d43aaac",
+				L4Protocol: "udp",
+			},
 		},
 		Type:                     "self_hosted",
 		SessionDuration:          "24h",
@@ -429,7 +449,14 @@ func TestUpdateAccessApplication(t *testing.T) {
 				"domain_type": "public",
 				"destinations": [
 					{"type": "public", "uri": "test.example.com/admin"},
-					{"type": "public", "uri": "test.example.com/admin2"}
+					{"type": "private", "hostname": "test.private.domain"},
+					{
+						"type": "private",
+						"cidr": "192.168.1.0/24",
+						"port_range": "8080-8081",
+						"vnet_id": "e69219cb-095a-4839-a352-b25b3d43aaac",
+						"l4_protocol": "udp"
+					}
 				],
 				"type": "self_hosted",
 				"session_duration": "24h",
@@ -476,7 +503,14 @@ func TestUpdateAccessApplication(t *testing.T) {
 		DomainType: AccessDestinationPublic,
 		Destinations: []AccessDestination{
 			{Type: AccessDestinationPublic, URI: "test.example.com/admin"},
-			{Type: AccessDestinationPublic, URI: "test.example.com/admin2"},
+			{Type: AccessDestinationPrivate, Hostname: "test.private.domain"},
+			{
+				Type:       AccessDestinationPrivate,
+				CIDR:       "192.168.1.0/24",
+				PortRange:  "8080-8081",
+				VnetID:     "e69219cb-095a-4839-a352-b25b3d43aaac",
+				L4Protocol: "udp",
+			},
 		},
 		Type:                     "self_hosted",
 		SessionDuration:          "24h",
@@ -519,7 +553,14 @@ func TestUpdateAccessApplication(t *testing.T) {
 		DomainType: AccessDestinationPublic,
 		Destinations: []AccessDestination{
 			{Type: AccessDestinationPublic, URI: "test.example.com/admin"},
-			{Type: AccessDestinationPublic, URI: "test.example.com/admin2"},
+			{Type: AccessDestinationPrivate, Hostname: "test.private.domain"},
+			{
+				Type:       AccessDestinationPrivate,
+				CIDR:       "192.168.1.0/24",
+				PortRange:  "8080-8081",
+				VnetID:     "e69219cb-095a-4839-a352-b25b3d43aaac",
+				L4Protocol: "udp",
+			},
 		},
 		Type:                     "self_hosted",
 		SessionDuration:          "24h",
@@ -557,7 +598,14 @@ func TestUpdateAccessApplication(t *testing.T) {
 		DomainType: AccessDestinationPublic,
 		Destinations: []AccessDestination{
 			{Type: AccessDestinationPublic, URI: "test.example.com/admin"},
-			{Type: AccessDestinationPublic, URI: "test.example.com/admin2"},
+			{Type: AccessDestinationPrivate, Hostname: "test.private.domain"},
+			{
+				Type:       AccessDestinationPrivate,
+				CIDR:       "192.168.1.0/24",
+				PortRange:  "8080-8081",
+				VnetID:     "e69219cb-095a-4839-a352-b25b3d43aaac",
+				L4Protocol: "udp",
+			},
 		},
 		Type:                     "self_hosted",
 		SessionDuration:          "24h",