Great news – static IP range for Azure Integration Runtime is now available in all ADF regions! You can whitelist specific IP ranges for ADF as part of firewall rules. The IPs are documented here: https://docs.microsoft.com/en-us/azure/data-factory/azure-integration-runtime-ip-addresses#azure-integration-runtime-ip-addresses-specific-regions. Static IP ranges for gov cloud and China cloud will be published soon!
Please refer to this blog post on how you can use various mechanisms including trusted Azure service and static IP to secure data access through ADF:
Service tag support will be made available in next few weeks. Please stay tuned!
If your network security requirement calls for ADF support for VNet and cannot be met using Trusted Azure service (released in Oct 2019), static IP range (released in Jan 2020), or service tag (upcoming), please vote for VNet feature here: https://feedback.azure.com/forums/270578-data-factory/suggestions/37105363-data-factory-should-be-able-to-use-vnet-without-reFRANK GAROFALO supported this idea ·
An error occurred while saving the commentFRANK GAROFALO commented
Is there any update on support service tag ADF? My Government customers want to use ADF to access things like Oracle or SQL Server hosted on IaaS boxes but need to limit what ports are open and what can route to those ports via NSGs. Since ADF does not have a service support tag in avaiable to us in an NSG, nor is there a published list for ip addresses for ADF in Azure Gov they will not create NSG rules wide open to allow the correct port routing required to access DB's on IaaS that have vNet's.