This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(284.8, 75%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EM%3C/text%3E%3C/svg%3E)
Hi,
I have azure sql db setup with deny public access and I am able to connect to the db through private endpoint and VM in the same virtual network. But I am not able to move data from oracle using azure data factory. We do have Self Hosted Integration runtime setup and working. I am able to move data when I set deny public access to NO but does not work when Set to YES.
It says following
. Check the linked service configuration is correct, and make sure the SQL Database firewall allows the integration runtime to access.,Source=Microsoft.DataTransfer.ClientLibrary,''Type=System.Data.SqlClient.SqlException,Message=Reason: An instance-specific error occurred while establishing a connection to SQL Server. Connection was denied since Deny Public Network Access is set to Yes (https://learn.microsoft.com/azure/azure-sql/database/connectivity-settings#deny-public-network-access).
At this time Azure SQL Database needs to have Deny Public Network Access set to No and Allow All Azure Services Set to Yes for Data Flows to be able to communicate with Azure SQL Database.
We have sensitive data that we need to load. Will that be secure if we set up Deny Public access to NO and allow azure service to YES. We want to lock down the database so that we can securely access the data.
When Deny Public access is set to "No" and Allow Azure Services is set to "Yes" then machines/Services running in Azure Environment will be able to connect. For Azure outside connections you need to specify the public IP. That is not secure. It is a current limitation with ADF in conjuntion with private endpoint.
Let me share here with you a beautiful table describing all possible combinations between those 2 settings.
It seems to work with 'Deny Public access to NO and Allow Azure Services to NO. I do have setup private endpoint.
If you have sensitive data and there are restrictions on access to source and destination point then DO NOT allow all / public access
MS have a solution for this SHIR - these are secure devices that can be stood up in your internal network to allow this access
the caveats to this is you need Network components too (Vnet/PrivateEndpoints)