Power BI Service IP addresses

Go to Dutch version

Opening up connections for Power BI to allow incoming connections all across Azure or even completely disabling IP-address validation can be an unacceptable security risk depending on your local security policy.

The following list of current IP-address range has been established to currently cover all identified Microsoft PowerBI.com connection requests (a.k.a. “Power BI Service”), which further limits the security risks in opening up connections for Power BI automated data source refresh:

  • ::ffff:20.38.84.133
  • ::ffff:20.38.84.166
  • ::ffff:20.50.0.22
  • ::ffff:20.50.0.26
  • ::ffff:40.74.30.164
  • ::ffff:40.74.30.165
  • ::ffff:40.74.30.176
  • ::ffff:40.74.30.177
  • ::ffff:40.74.30.197
  • ::ffff:40.74.30.198
  • ::ffff:40.74.30.199
  • ::ffff:40.74.30.200
  • ::ffff:40.74.30.205
  • ::ffff:40.74.30.216
  • ::ffff:40.74.30.228
  • ::ffff:40.74.30.229
  • ::ffff:40.74.30.235

The list of IP-addresses which PowerBI.com uses to collect data for Power BI has been established from PowerBI.com usage from a set of thousands of mostly European Power BI-users on Invantive Cloud. The list may change over time with IP-addresses being reallocated to other parties than Microsoft and can be incomplete. Always contact your local security officer to check adherence to your local security policy.

Please include the following list in Bridge IP-address list to allow access to data sources from Power BI Service by this list using Invantive’s Power BI-connectors:

::ffff:20.38.84.133,::ffff:20.38.84.166,::ffff:20.50.0.22,::ffff:20.50.0.26,::ffff:40.74.30.164,::ffff:40.74.30.165,::ffff:40.74.30.176,::ffff:40.74.30.177,::ffff:40.74.30.197,::ffff:40.74.30.198,::ffff:40.74.30.199,::ffff:40.74.30.200,::ffff:40.74.30.205,::ffff:40.74.30.216,::ffff:40.74.30.228,::ffff:40.74.30.229,::ffff:40.74.30.235

For more details on setting up the list of address ranges, please consult Fix itgenboe031 and itgenboe030 error on Power BI Refresh (Bridge Online access is not authorized from IP address ...).

Is het mogelijk een update te krijgen van deze lijst van IP-adressen? Of is er een manier om deze lijst zelf te identificeren?

Als ik op vandaag probeer te vernieuwen in Power BI Service krijg ik onder andere volgende IP-adressen:
::ffff:20.50.0.53
::ffff:20.50.0.89
::ffff:20.50.0.158

Microsoft biedt een lijst van alle IP-adressen binnen Azure, maar deze is circa een kwart miljoen IP-adressen.

Helaas is het alternatief alleen het zelf toevoegen o.b.v. ervaringen.

Merk op dat al deze IP-adressen beveiligingstechnisch “proxies” zijn; er kunnen honderdduizenden gebruikers achter zitten. Het vinkje “Toegang toestaan voor Azure” dat elders geboden wordt is daar minder expliciet over.