Opening up connections for Power BI to allow incoming connections all across Azure or even completely disabling IP-address validation can be an unacceptable security risk depending on your local security policy.
The following list of current IP-address range has been established to currently cover all identified Microsoft PowerBI.com connection requests (a.k.a. “Power BI Service”), which further limits the security risks in opening up connections for Power BI automated data source refresh:
- ::ffff:20.38.84.133
- ::ffff:20.38.84.166
- ::ffff:20.50.0.22
- ::ffff:20.50.0.26
- ::ffff:40.74.30.164
- ::ffff:40.74.30.165
- ::ffff:40.74.30.176
- ::ffff:40.74.30.177
- ::ffff:40.74.30.197
- ::ffff:40.74.30.198
- ::ffff:40.74.30.199
- ::ffff:40.74.30.200
- ::ffff:40.74.30.205
- ::ffff:40.74.30.216
- ::ffff:40.74.30.228
- ::ffff:40.74.30.229
- ::ffff:40.74.30.235
The list of IP-addresses which PowerBI.com uses to collect data for Power BI has been established from PowerBI.com usage from a set of thousands of mostly European Power BI-users on Invantive Cloud. The list may change over time with IP-addresses being reallocated to other parties than Microsoft and can be incomplete. Always contact your local security officer to check adherence to your local security policy.
Please include the following list in Bridge IP-address list to allow access to data sources from Power BI Service by this list using Invantive’s Power BI-connectors:
::ffff:20.38.84.133,::ffff:20.38.84.166,::ffff:20.50.0.22,::ffff:20.50.0.26,::ffff:40.74.30.164,::ffff:40.74.30.165,::ffff:40.74.30.176,::ffff:40.74.30.177,::ffff:40.74.30.197,::ffff:40.74.30.198,::ffff:40.74.30.199,::ffff:40.74.30.200,::ffff:40.74.30.205,::ffff:40.74.30.216,::ffff:40.74.30.228,::ffff:40.74.30.229,::ffff:40.74.30.235
For more details on setting up the list of address ranges, please consult Fix itgenboe031 and itgenboe030 error on Power BI Refresh (Bridge Online access is not authorized from IP address ...).