Azure-docs: Connection from Azure WebApp or PowerBI Services
What is a recommended secure configuration to allow access from Azure public services such as App Service or PowerBI to SQL MI thru public endpoint. The challenge is that Microsoft public App Services in an NSG will allow access from a whole region as opposed to specific IP address. Same thing for PowerBI.
Thank you
Document Details
⚠Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.
- ID: 22ccc6de-f90a-ca47-a559-a91df8581382
- Version Independent ID: cc683db0-750a-b18a-24f4-7d0010da5b4e
- Content: Secure managed instance public endpoints - Azure SQL Database managed instance
- Content Source: articles/sql-database/sql-database-managed-instance-public-endpoint-securely.md
- Service: sql-database
- Sub-service: security
- GitHub Login: @srdan-bozovic-msft
- Microsoft Alias: srbozovi
ukiguy
All 3 comments
@ukiguy Thank you for your inquiry. The current solution is App Service Environments which gives you a dedicated IP. Otherwise, you can be selective with specific IP Ranges for a specific data center or enable the Allow Azure services to connect configuration in firewall for your specific service (SQL in this case).
Mike-Ubezzi-MSFT
on 23 Apr 2019
"or enable the Allow Azure services to connect configuration in firewall for your specific service (SQL in this case)." does not apply to Managed Instance as Managed Instance uses Network Security Groups to control access. The NSG equivalent of "Allow Azure services" is having Allow inbound NSG rule for TCP port 3342 scoped for AzureCloud service tag
srdan-bozovic-msft
on 24 Apr 2019
@ukiguy We will now proceed to close this thread. If there are further questions regarding this matter, please comment and we will gladly continue the discussion.
Mike-Ubezzi-MSFT
on 26 Apr 2019
Related issues
monteledwards
·
3Comments
spottedmahn
·
3Comments
AronT-TLV
·
3Comments
bdcoder2
·
3Comments
Agazoth
·
3Comments
Most helpful comment
"or enable the Allow Azure services to connect configuration in firewall for your specific service (SQL in this case)." does not apply to Managed Instance as Managed Instance uses Network Security Groups to control access. The NSG equivalent of "Allow Azure services" is having Allow inbound NSG rule for TCP port 3342 scoped for AzureCloud service tag