Zero Trust Setup for Dynamics 365 Entity Store in Data Lake?

Alan Hunter 1 Reputation point
2022-01-05T16:50:05.697+00:00

Hi All,

We have configured Dynamics 365 Finance and Operations to Connect to an Azure Data Lake using the below Microsoft Doc.

https://learn.microsoft.com/en-us/dynamics365/fin-ops-core/dev-itpro/data-entities/entity-store-data-lake

We would however like to secure the Key Vault and Storage Account/Data Lake by only allowing Secured Networks to connect to both. As Dynamics 365 FO uses a dynamic IP range this is proving to be some what tricky.

Does anyone have any recommendations on how we setup a Zero Trust solution and restrict untrusted network traffic from attempting to connect to the storage account/ Data Lake?

I hope someone can assist! :)

Azure Key Vault
Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
1,082 questions
Azure Storage Accounts
Azure Storage Accounts
Globally unique resources that provide access to data management services and serve as the parent namespace for the services.
2,608 questions
Azure Firewall
Azure Firewall
An Azure network security service that is used to protect Azure Virtual Network resources.
555 questions
Azure Virtual Network
Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
2,089 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,092 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. deherman-MSFT 32,951 Reputation points Microsoft Employee
    2022-01-05T23:57:46.087+00:00

    @Alan Hunter
    Unfortunately, this is not possible currently as Dynamics 365 is not currently one of the trusted Azure services listed here. Since Dynamics 365 could use any Azure IP you would need to whitelist the full range which defeats the purpose. I also don't believe Dynamics 365 has VNET integration.

    I recommend also posting your question on Dynamics 365 to see if it is possible to go through a VNET or a smaller range of IP addresses.
    https://community.dynamics.com/365/f/dynamics-365-general-forum

    For product feedback and feature requests I will refer you to our feedback forum. This allows the community to add their voice and upvote popular ideas. The forums are monitored and responded to by our product teams.
    https://feedback.azure.com

    -------------------------------

    Please don’t forget to "Accept the answer" and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.

    0 comments No comments