Update: Microsoft will be moving away from UserVoice sites on a product-by-product basis throughout the 2021 calendar year. We will leverage 1st party solutions for customer feedback. Learn more here.

Sebastien Gissinger

My feedback

  1. 56 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Azure Kubernetes Service (AKS) » Portal  ·  Flag idea as inappropriate…  ·  Admin →
    Sebastien Gissinger supported this idea  · 
  2. 1,982 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    91 comments  ·  Data Factory  ·  Flag idea as inappropriate…  ·  Admin →

    Great news – static IP range for Azure Integration Runtime is now available in all ADF regions! You can whitelist specific IP ranges for ADF as part of firewall rules. The IPs are documented here: https://docs.microsoft.com/en-us/azure/data-factory/azure-integration-runtime-ip-addresses#azure-integration-runtime-ip-addresses-specific-regions. Static IP ranges for gov cloud and China cloud will be published soon!

    Please refer to this blog post on how you can use various mechanisms including trusted Azure service and static IP to secure data access through ADF:

    Service tag support will be made available in next few weeks. Please stay tuned!

    If your network security requirement calls for ADF support for VNet and cannot be met using Trusted Azure service (released in Oct 2019), static IP range (released in Jan 2020), or service tag (upcoming), please vote for VNet feature here: https://feedback.azure.com/forums/270578-data-factory/suggestions/37105363-data-factory-should-be-able-to-use-vnet-without-re

    An error occurred while saving the comment
    Sebastien Gissinger commented  · 

    Just found a workaround.
    Create an Azure KeyVault linked service with an Azure KeyVault which has firewall enabled.
    Then create, for example, a SQL Database linked service which uses this Azure KeyVault linked service for the password.
    You got an error, open it :

    "Failed to get the secret from key vault, secretName: mySecretName, secretVersion: , vaultBaseUrl: https://MYKEYVAULT.vault.azure.net/. The error message is: Client address (%IP_ADRESS%) is not authorized and caller is not a trusted service".

    IP may vary with location, that's why I didn't it.
    The real question is why DataFactory is not an Azure trusted service ?

Feedback and Knowledge Base