web
You’re offline. This is a read only version of the page.
close
Skip to main content
Community site session details

Community site session details

Session Id :
Power Platform Community / Forums / Power Pages - General Discussions / How to whitelist Power...
Power Pages - General Discussions
Unanswered

How to whitelist Power Pages API on an Azure Storage Account

(1) ShareShare
ReportReport
Posted on by Dru0056

I followed this article to setup file download/upload to an Azure storage account.

In addition to limiting the permissions on the storage account to the service principal of our power pages site, my company requires that our storage accounts be network restricted.

I was able to get the sample code working with my storage account being open to all networks, but I've been trying to figure out the best way to restrict it. Its my understanding that the file upload works by having the client side script call the power pages API, which in turn passes the file stream along to the storage account. This means that my users don't need network access to the storage account, but the power pages API does.

I haven't found much information on this so far, the best I've been able to come up with is to check the "Enable from selected virtual networks and IP addresses" setting under "Networking" on the storage account, then I provided the IP of the power pages API. I got the IP by digging it out of the storage account's logs, and later found that it is included in the IP ranges listed my Microsoft's "Azure IP Ranges and Service Tags" page. That list has dozens of IP ranges for my region, I'm assuming I'd have to whitelist them all.

 

Download Azure IP Ranges and Service Tags – Public Cloud from Official M...

Azure IP Ranges and Service Tags – Public Cloud

 

 

I'm wondering if anyone has a better solution to allow the power pages API to reach a storage account that is not open to all networks.

Categories:
General
I have the same question (0)
  • Suggested answer
    Jerry-IN Profile Picture
    Jerry-IN 182 on at
    How to whitelist Power Pages API on an Azure Storage Account
    Hello  Dru0056!
     
    To whitelist Power Pages API on an Azure Storage Account with network restrictions, here are recommended best practices:
    • Azure Storage supports configuring network rules under the Networking settings on the storage account. You can restrict access by enabling "Selected networks" and adding allowed virtual networks, IP address ranges, or specific Azure resource instances.
    • Since Power Pages API calls the storage on behalf of users, your users do not require direct network access to the storage account. Instead, the Power Pages API and its backend service need access.
    • The best approach is to add Microsoft service tags related to Power Platform and Azure services to your storage account's firewall rules. Microsoft publishes IP ranges and service tags, such as PowerPlatform, AzureCloud, or Storage, which can be used to allow traffic from all Azure-related IPs dynamically, avoiding manual whitelisting of dozens of IP addresses.
    • You can find the latest IP ranges and service tags for your Azure region on the Azure IP Ranges and Service Tags page and use service tags in your storage account firewall settings where possible.
    • If needed, identify the exact IP ranges from your storage logs or request network traces and then add those IP ranges as IP network rules, but this is less maintainable than using service tags.
    • Another option is deploying your Power Pages backend or API inside an Azure Virtual Network and granting that VNet access to the storage through Virtual Network rules.
    • Lastly, ensure your Power Pages site's service principal or managed identity has the required role permissions (e.g., Storage Blob Data Contributor) for authorization.
    This approach secures your storage account while allowing Power Pages API access without opening access to all networks.
     
    Best regards,
    Jerald Felix

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

News and Announcements

Welcome to the Power Platform Communities
Join experts in person to explore low code and AI agents at the Power Platform Community Conference sponsored by Microsoft

Quick Links

Responsible AI policies

As AI tools become more common, we’re introducing a Responsible AI Use…

Tom Macfarlan – Community Spotlight

We are honored to recognize Tom Macfarlan as our Community Spotlight for October…

Congratulations to the September Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Power Pages

#1
Fubar Profile Picture

Fubar 85 Super User 2025 Season 2

#2
Jerry-IN Profile Picture

Jerry-IN 54

#3
dgray304 Profile Picture

dgray304 39

Last 30 days Overall leaderboard

Featured topics

Solution to LinkedIn Authentication in Power Apps Portals

Product updates

Microsoft Power Platform Community release plans