Great news – static IP range for Azure Integration Runtime is now available in all ADF regions! You can whitelist specific IP ranges for ADF as part of firewall rules. The IPs are documented here: https://docs.microsoft.com/en-us/azure/data-factory/azure-integration-runtime-ip-addresses#azure-integration-runtime-ip-addresses-specific-regions. Static IP ranges for gov cloud and China cloud will be published soon!
Please refer to this blog post on how you can use various mechanisms including trusted Azure service and static IP to secure data access through ADF:
Service tag support will be made available in next few weeks. Please stay tuned!
If your network security requirement calls for ADF support for VNet and cannot be met using Trusted Azure service (released in Oct 2019), static IP range (released in Jan 2020), or service tag (upcoming), please vote for VNet feature here: https://feedback.azure.com/forums/270578-data-factory/suggestions/37105363-data-factory-should-be-able-to-use-vnet-without-reSamuel Li commented
Any progress on this?
We are flowing logs to splunk, and have to open the port to all; we already observed some logs from shodan.io.
We need to white list the ADF service IP address as soon as possible.
Thanks for the feedback. We’ll keep it in mind for the future. In the meantime, you can consider using delegation (http://aka.ms/apimdelegation) which is a feature which is specifically designed to allow customers to completely override sign-in/out and product subscription logic and UI. Admittedly, the two are coupled and have to be taken over together which may be not ideal in your case.