We are frequently asked to share the best practice for Power platform to connect backend service or database and storage and so on. I summarize it for future reference.
Power Platform + Azure Integration Validation Checklist
๐ง 1. Virtual Network Configuration
- [ ] Ensure non-overlapping CIDR blocks across all VNets (e.g., avoid using 10.0.0.0/16 in both).
- [ ] Confirm VNet peering is established if cross-VNet communication is required.
- [ ] Validate DNS resolution across VNets (especially if using Private DNS Zones).
๐ 2. Private Endpoint Setup
- [ ] Confirm private endpoints are created for each Azure resource (SQL, Storage).
- [ ] If using multiple VNets, verify:
- [ ] Each VNet has its own private endpoint or
- [ ] A shared private endpoint is accessible via peering and DNS zone linking.
- [ ] Ensure Private DNS Zones are linked to all VNets that need to resolve the endpoint.
๐ก 3. Route Table Configuration
- [ ] Route tables include specific routes to private endpoint IPs.
- [ ] Avoid default routes (0.0.0.0/0) that send traffic to the internet unless explicitly required.
- [ ] Use service tags like AzureSQL, Storage, and PowerPlatform where applicable.
- [ ] Confirm no conflicting UDRs (User Defined Routes) that override private endpoint routing.
๐ก๏ธ 4. Network Security Groups (NSGs)
- [ ] NSGs allow traffic to/from Power Platform IP ranges or service tags.
- [ ] NSGs do not block traffic to private endpoint IPs.
๐งญ 5. Power Platform Environment Settings
- [ ] Environment is configured with VNet injection (if applicable).
- [ ] Subnet delegated to Microsoft.PowerPlatform.
- [ ] CIDR block is at least /25 for production workloads.
๐งช 6. Connectivity Testing
- [ ] Test connection to SQL Server and Storage Account from Power Apps.
- [ ] Validate DNS resolution from Power Platform to private endpoint FQDNs.
- [ ] Use tools like nslookup, Test-NetConnection, or Azure Network Watcher for diagnostics.
๐ 7. Documentation & Governance
- [ ] Document all private endpoints, DNS zones, and route tables.
- https://learn.microsoft.com/en-us/power-platform/admin/vnet-injection-overview.
- [ ] Ensure compliance with internal security and networking policies.
Published Jul 09, 2025
Version 1.0
Yan_Liang
Microsoft
Microsoft