diff --git a/agent/consul/intention_endpoint.go b/agent/consul/intention_endpoint.go
index 25e35c891b..bd763a794c 100644
--- a/agent/consul/intention_endpoint.go
+++ b/agent/consul/intention_endpoint.go
@@ -585,7 +585,7 @@ func (s *Intention) Match(args *structs.IntentionQueryRequest, reply *structs.In
 		return err
 	}
 
-	// Finish defaulting the namespace fields.
+	// Finish defaulting the namespace and partition fields.
 	for i := range args.Match.Entries {
 		if args.Match.Entries[i].Namespace == "" {
 			args.Match.Entries[i].Namespace = entMeta.NamespaceOrDefault()
@@ -594,6 +594,14 @@ func (s *Intention) Match(args *structs.IntentionQueryRequest, reply *structs.In
 			return fmt.Errorf("Invalid match entry namespace %q: %v",
 				args.Match.Entries[i].Namespace, err)
 		}
+
+		if args.Match.Entries[i].Partition == "" {
+			args.Match.Entries[i].Partition = entMeta.PartitionOrDefault()
+		}
+		if err := s.srv.validateEnterpriseIntentionPartition(args.Match.Entries[i].Partition); err != nil {
+			return fmt.Errorf("Invalid match entry partition %q: %v",
+				args.Match.Entries[i].Partition, err)
+		}
 	}
 
 	var authzContext acl.AuthorizerContext
diff --git a/agent/consul/state/intention.go b/agent/consul/state/intention.go
index e74edc585b..f6f79ec765 100644
--- a/agent/consul/state/intention.go
+++ b/agent/consul/state/intention.go
@@ -911,6 +911,7 @@ func intentionMatchOneTxn(tx ReadTxn, ws memdb.WatchSet,
 	return result, nil
 }
 
+// TODO(partitions): Update for partitions
 // intentionMatchGetParams returns the tx.Get parameters to find all the
 // intentions for a certain entry.
 func intentionMatchGetParams(entry structs.IntentionMatchEntry) ([][]interface{}, error) {