Static IP ranges for Data Factory and add ADF to list of Trusted Azure Services
It is not currently possible to identify the IP Address of the DF, which you need for firewall rules, including Azure SQL Server firewall....
Great news – static IP range for Azure Integration Runtime is now available in all ADF regions! You can whitelist specific IP ranges for ADF as part of firewall rules. The IPs are documented here: https://docs.microsoft.com/en-us/azure/data-factory/azure-integration-runtime-ip-addresses#azure-integration-runtime-ip-addresses-specific-regions. Static IP ranges for gov cloud and China cloud will be published soon!
Please refer to this blog post on how you can use various mechanisms including trusted Azure service and static IP to secure data access through ADF:
Service tag support will be made available in next few weeks. Please stay tuned!
If your network security requirement calls for ADF support for VNet and cannot be met using Trusted Azure service (released in Oct 2019), static IP range (released in Jan 2020), or service tag (upcoming), please vote for VNet feature here: https://feedback.azure.com/forums/270578-data-factory/suggestions/37105363-data-factory-should-be-able-to-use-vnet-without-re
Michael Daynes commented
The ability to white list Data Factory in Azure SQL databases is great news as it means you don't have to Allow All Azure Services. But you are still allowing all Data Factories and not just your own.
Nice work~~ Finally, I can setup an IR for a specific region. My ftp access looks good so far.
Please keep the IP range list up to date.
Alam, Shafiul commented
Great news. But still getting "Access Denied" error when trying to create Linked service for a West US2 "Azure FILE storage" even if we white listed West US2 static IPs. Can you please tell me if I am doing something wrong? Attaching images with "ADF error messeges", Azure file share firewall setting and Azure IR properties. PLease note the our Azure IR has "Auto resolve" region. Can that be an issue?
Need some urgent help
When can we expect South Africa North?
Could you please verify if North Central US range is correct? we are getting a 184.108.40.206 IP address value when the range mentioned on the Microsoft document is 220.127.116.11/25 and 18.104.22.168/26.
Oliver Yao (Azure Data Factory) commented
list for Azure Gov would be added soon (in weeks).
Looks like it is not all regions... I do not see anything listed for Azure Government, or do you have that list posted somewhere else?
Any update on this. We really need this
please give it now, we desperately need it
Mayank Srivastava commented
Any update on this yet ?
Also looking for an update on the statics.
Santiago Galvis commented
This is great, can you please provide an update on the static IP address. Thank you
Great news, any update on when we can expect the Static IP range for Azure Integration Runtime to be available?
Adding a bump to this. Either getting ADF in an Azure VNet or getting the Public CIDR range for the Azure workers.
The VNet option would be preferable.
C Uslu commented
I need to add ADF to an Azure Vnet . Come on guys !
FRANK GAROFALO commented
Is there any update on support service tag ADF? My Government customers want to use ADF to access things like Oracle or SQL Server hosted on IaaS boxes but need to limit what ports are open and what can route to those ports via NSGs. Since ADF does not have a service support tag in avaiable to us in an NSG, nor is there a published list for ip addresses for ADF in Azure Gov they will not create NSG rules wide open to allow the correct port routing required to access DB's on IaaS that have vNet's.
Any ETA on when ADF will be listed as a trusted service for Azure Cosmos DB? I plan to use network restriction with my CosmosDB account, but cannot set up ADF now (for backups) because it isn't considered a trusted service.
When ADF will be available as “Trusted Azure service” for Azure database for MYSQL ?