Forum Discussion
Storage Accounts - Networking
Hi All,
Seems like a basic issue, however, I cannot seem to resolve the issue.
In a nutshell, a number of storage accounts (and other resources) were created with the Public Network Access
set as below:
I would like to change them all to them all to Enabled from selected virtual networks and IP addresses or
even Disabled.
However, when I change to Enabled from selected virtual networks and IP addresses, connectivity from, for example,
Power Bi to the Storage Account fails. I have added the VPN IP's my local IP etc.
But all continue to fail connection or authentication. Once it is changed back to Enabled for All networks everything works, i.e. Power Bi can access the Azure Blob Storage and refresh successfully.
When any of the two restrictive options are selected, do they also block various Microsoft services.
Any help would be gratefully appreciated.
6 Replies
Yes.
The on-prem LAN's etc shouldn't be required anyways if it's just PBI. Based on your replies you've already tried several paths. Probably already tried to use SAS as well? SAS should bypass network restrictions. I'll probably have time to test something tomorrow. I'll get back to you after some testing.
Direct access to an Azure Storage account with the firewall enabled and in the same region as Power Query Online isn't supported. This limitation arises because Power Query services, when deployed in the same region as the Azure storage account, use private Azure IP addresses for communication.
Hi DavyA1980 ,
I tried the SAS approach, connection to Power BI Desktop via SAS worked fine, as it uses web connections i think.
However, SAS would not authenticate and connect to enable auto refreshes etc., via Data Source Credentials in the Semantic model. Not sure why it didn't work, same connection error.
Is there a way to determine the private IP address where PBI will be coming from?
If there is I could put that as the source IP in the VNet rules. 🤷
Yes, I have also added all the on-prem LAN's, WLAN's, VPN's etc. But PBI fails to have access to the data. data Source Credentials error, whether using Key, Service Principal etc, it fails. As soon as I switch it back to Enable From All Networks, it authenticates straight away.
One more idea I had was to add ALL of the Resource Instances, as this would white list more Azure services, although PBI should be covered by enabling 'Allow Azure services on the trusted services list to access this storage account'. I thought I might give it a try.
Also, I created an NSG and used the ServiceTags file to create an inbound rule to allow Power BI from UK South.Also, I created a Private Endpoint.
This should all have worked but still can’t set it to restricted networks. I must be missing something fundamental or there is something fundamentally off with this tenant.Just wondering because it's not explicitly mentioned.. Did you check the box "Allow Azure services on the trusted services list to access this network"?
Hi DavyA1980 ,
Yes, I have also added all the on-prem LAN's, WLAN's, VPN's etc. But PBI fails to have access to the data. data Source Credentials error, whether using Key, Service Principal etc, it fails. As soon as I switch it back to Enable From All Networks, it authenticates straight away.
One more idea I had was to add ALL of the Resource Instances, as this would white list more Azure services, although PBI should be covered by enabling 'Allow Azure services on the trusted services list to access this storage account'. I thought I might give it a try.
Also, I created an NSG and used the ServiceTags file to create an inbound rule to allow PowerBI.UKSouth. Private Endpoints with target sub resource set to blob.
Could it be the DNS?
