Static IP ranges for Data Factory and add ADF to list of Trusted Azure Services
It is not currently possible to identify the IP Address of the DF, which you need for firewall rules, including Azure SQL Server firewall....
Thank you for your suggestions and your patience! We are working hard to enable the following enhancements for better network security:
- Adding ADF to the list of “Trusted Azure service” for Azure Key Vault and Azure Storage (blob/ADLS Gen2). ETA is in the upcoming weeks.
- Static IP range for Azure Integration Runtime so that you can whitelist specific IP ranges for ADF as part of firewall rules. ETA is next few months.
- Support service tag for ADF
We will provide an update as soon as any of the above becomes available.
Need this now please
Is there an update on when this will be implemented?
Emmanuel Auffray commented
Same for CosmosDB as ADF is a recommended backup option and this becomes an issue if the CosmosDB is network restricted.
Donavan Decot commented
any updates on this?
Bets Tadesse commented
If you have Azure App/Web Service running on your portal there is a way to trace all IP addressing landing at your web page/app. Same way to trace ADF IP - if you send a GET request from Azure Data Factory (using Azure Web Activity) to your website you will be able to read from what Public IP azure data factory is coming from.
To do this -
1. Create Azure App Service on the portal ( almost any spec will do for now).
2. Go to your Azure App Service and look for Diagnostic Log or App Logging Settings then enable that. Now go to the Logs view. At this point, you will be able to pick up the public IP address of anyone requesting your page.
3. Go to Azure Data factory use the Web Activity and type your web app/site address under the setting. Change the Web Activity request type to GET. Then Publish the pipeline and trigger the Activity.
4. if you go to the Logs view window of the App Service, you should see the IP of the ADF from which the GET request was sent.
We need to make sure this is a Dedicated Public IP to our DFW vs a shared group of IPs the service can use. We can't whitelist ALL DFW IPs, it has to be exclusively our own DFW PIP.
Kristian Rickardt commented
BEsides ADF being a trusted service for AKV, a service tag so you can allow ADF to talk through a ASG
Donavan Decot commented
Dmitri Gaikovoi commented
Please also add ADF to the list of “Trusted Azure service” for Azure Key Vault.
This is important to have secure communication between ADF and other Azure resources, would appreciate if we get sooner resolution.
Ronny Hagen commented
Any information on ETA would be appreciated.
Ludovic Toinel commented
This feature is critical to adopt DataFactory.
Can you share a date of the availability of this feature ?
We have a similair problem with connecting from Analysis services to ADF. The IP changes very often and we need to change the IP's manually every time. It would be great if we can trust all azure services in the firewall of Analysis services, or just choose a static IP for ADF pipelines.
Eric Aurik commented
Is there any update on progress?
Thomas Boge commented
Are we there yet?
Diego Oliveira Sanchez commented
Is there a timeline for implementing this feature? Do you anticipate it will be ready in a few weeks, a few months, or a few years? What is the order of magnitude here?
Is there any kind of update on this? This has been outstanding for some time and has considerable support. This seems like it should be a relatively straightforward one for Microsoft to address and promote the use of the enterprise services you offer - it should be a win-win all around?
Like many others here, this is holding up our deployment.
HI Azure team,
Delayed the product launch due to this limitation in Azure (i.e. unable to whitelist specific IP list).
Hope the specific IP list for ADF is being resolved.
Awaiting confirmation on the fix.
thanks in advance.
Rahul M commented
Hello, I am trying to connect ADFV2 to Azure Storage, but getting message as Access Denied, even though I have enabled option "Allow Trusted Azure Services....". Is there any workaround apart from VM or Self Hosted IR.
Samuel Li commented
Any progress on this?
We are flowing logs to splunk, and have to open the port to all; we already observed some logs from shodan.io.
We need to white list the ADF service IP address as soon as possible.