Managed connectors outbound IP addresses

Suppose you have an environment with strict network requirements or firewalls that limit traffic to specific IP addresses. If you use managed connectors or custom connectors in Azure Logic Apps or Microsoft Power Platform, your environment or firewall must allow access for the outbound IP addresses used by these connectors in your datacenter region. Otherwise, requests sent by these connectors won't work.

When you configure firewall access rules, make sure to pay attention to the port numbers. Most connectors work on top of HTTPS protocol and use HTTPS port 443 as the default. However, some connectors might use other port numbers and protocols, such as HTTP, FTP, or SMTP. Review the following recommendations to configure firewall inbound rules as described:

• For the destination (local) port, allow the appropriate port for the network protocol.
• For the source (remote) port, allow ANY/ALL.

The preferred way to obtain the most current up-to-date lists of outbound IP addresses and service tags is to programmatically utilize the Service Tag Discovery API. Alternatively, downloadable lists are available for Azure Public, Azure US Government, Microsoft Azure operated by 21Vianet, and Azure Germany clouds.

Бележка

Azure Logic Apps and Microsoft Power Platform each have their own datacenter regions.

Важно

If firewall or other network restrictions are in place for your environment, network security groups must allow the appropriate region service tags or the appropriate IP ranges must be added to your allow lists.

Azure Logic Apps

Before you start configuring firewall access rules for Azure Logic Apps, review the following considerations:

• Azure Logic Apps also has inbound and outbound IP addresses that require access. For more information, review Azure Logic Apps - Firewall IP configuration considerations.

• For Azure China 21Vianet, fixed or reserved IP addresses are unavailable for managed connectors and custom connectors in China North and China East regions. However, they are available in China North 2 and China East 2 regions.

• If you have Standard workflows that run in the single-tenant Azure Logic Apps environment, you need the fully qualified domain names (FQDNs) for your connections. For more information, review the corresponding sections in the following articles:

  • Azure portal - Find domain names for firewall access in single-tenant Azure Logic Apps
  • Visual Studio Code - Find domain names for firewall access in single-tenant Azure Logic Apps

• If you create and use security rules, you can reduce complexity by using service tags instead. That way, you don't have to explicitly specify the IP address prefixes for each region. Service tags work across the regions where Azure Logic Apps is available.

• For more information about service tags, see Virtual network service tags.

  The AzureConnectors tag represents the IP address prefixes used by managed connectors to make outbound calls to their respective services. The same service tag also represents IP address prefixes used by some managed connectors to make inbound webhook callbacks to Azure Logic Apps. Each region also has their own AzureConnectors.[region] service tag. You can use the same service tag to include all the IP address prefixes used by managed connectors.

  For example, the following managed connectors make inbound webhook callbacks to Azure Logic Apps: Adobe Creative Cloud, Adobe Sign, Adobe Sign Demo, Adobe Sign Preview, Adobe Sign Stage, Azure Sentinel, Business Central, Calendly, Common Data Service, DocuSign, DocuSign Demo, Dynamics 365 for Fin & Ops, LiveChat, Office 365 Outlook, Outlook.com, Parserr, SAP*, Shifts for Microsoft Teams, Teamwork Projects, and Typeform.

Важно

In addition to the IP addresses listed in the Service Tag Discovery API (or downloadable lists) associated with the below Azure Logic Apps service tags, the below IP addresses must be explicitly allowlisted as well. IP addresses from both data sources are required to be allowlisted.

Region	Service tags	Outbound IP addresses
Australia East	AzureConnectors.AustraliaEast
Australia Southeast	AzureConnectors.AustraliaSoutheast
Brazil South	AzureConnectors.BrazilSouth
Brazil Southeast	AzureConnectors.BrazilSoutheast	23.97.121.26
Canada Central	AzureConnectors.CanadaCentral
Canada East	AzureConnectors.CanadaEast
Central India	AzureConnectors.CentralIndia
Central US	AzureConnectors.CentralUS	40.77.68.110
Central US EUAP	AzureConnectors.CentralUSEUAP	20.288.37.79
China East 2	AzureConnectors.ChinaEast2
China East 3	AzureConnectors.ChinaEast3
China North 2	AzureConnectors.ChinaNorth2
China North 3	AzureConnectors.ChinaNorth3
East Asia	AzureConnectors.EastAsia
East US	AzureConnectors.EastUS	52.188.157.160
East US 2	AzureConnectors.EastUS2	40.65.220.25
East US 2 EUAP	AzureConnectors.EastUS2EUAP
France Central	AzureConnectors.FranceCentral
France South	AzureConnectors.FranceSouth
Germany North	AzureConnectors.GermanyNorth
Germany West Central	AzureConnectors.GermanyWestCentral
Israel Central	AzureConnectors.IsraelCentral
Italy North	AzureConnectors.ItalyNorth
Japan East	AzureConnectors.JapanEast
Japan West	AzureConnectors.JapanWest	104.46.26.17
Jio India West	AzureConnectors.JioIndiaWest	40.64.21.254
Korea Central	AzureConnectors.KoreaCentral
Korea South	AzureConnectors.KoreaSouth
North Central US	AzureConnectors.NorthCentralUS
North Europe	AzureConnectors.NorthEurope	40.115.108.29
Norway East	AzureConnectors.NorwayEast	51.120.92.27
Norway West	AzureConnectors.NorwayWest	51.13.145.17
Poland Central	AzureConnectors.PolandCentral
Qatar Central	AzureConnectors.QatarCentral
South Africa North	AzureConnectors.SouthAfricaNorth	40.127.2.94
South Africa West	AzureConnectors.SouthAfricaWest	102.133.75.194
South Central US	AzureConnectors.SouthCentralUS
South India	AzureConnectors.SouthIndia
Southeast Asia	AzureConnectors.SoutheastAsia
Spain Central	AzureConnectors.SpainCentral
Sweden Central	AzureConnectors.SwedenCentral
Switzerland North	AzureConnectors.SwitzerlandNorth
Switzerland West	AzureConnectors.SwitzerlandWest	51.107.231.190
UAE Central	AzureConnectors.UAECentral	20.45.67.28
UAE North	AzureConnectors.UAENorth	40.123.224.120
UK South	AzureConnectors.UKSouth
UK West	AzureConnectors.UKWest
West Central US	AzureConnectors.WestCentralUS
West Europe	AzureConnectors.WestEurope	13.93.36.78
West India	AzureConnectors.WestIndia
West US	AzureConnectors.WestUS
West US 2	AzureConnectors.WestUS2	13.66.164.219
West US 3	AzureConnectors.WestUS3	20.38.173.7
US DoD Central	AzureConnectors.USDoDCentral	52.182.54.8
US DoD East	AzureConnectors.USDoDEast
US Gov Arizona	AzureConnectors.USGovArizona	52.244.69.0
US Gov Texas	AzureConnectors.USGovTexas
US Gov Virginia	AzureConnectors.USGovVirginia

Power Platform

Requests from Power Platform use IP addresses or service tags that depend on the region and the environment in which the app or flow is located. To facilitate Power Platform requests, add the designated IP addresses or service tags in your allow list. For more information about service tags, see Virtual network service tags.

Важно

In addition to the IP addresses listed in the Service Tag Discovery API (or downloadable lists) associated with the below Power Platform service tags, the below IP addresses must be explicitly allowlisted as well. IP addresses from both data sources are required to be allowlisted.

Multi-tenant region	Service tags	Outbound IP addresses
Asia	AzureConnectors.EastAsia AzureConnectors.SoutheastAsia	52.151.217.109, 52.151.217.66
Australia	AzureConnectors.AustraliaCentral AzureConnectors.AustraliaCentral2 AzureConnectors.AustraliaEast AzureConnectors.AustraliaSoutheast
Brazil	AzureConnectors.BrazilEast AzureConnectors.BrazilSoutheast AzureConnectors.BrazilSouth	23.97.121.26
Canada	AzureConnectors.CanadaCentral AzureConnectors.CanadaEast
China	AzureConnectors.ChinaEast2 AzureConnectors.ChinaEast3 AzureConnectors.ChinaNorth2 AzureConnectors.ChinaNorth3
Europe	AzureConnectors.NorthEurope AzureConnectors.WestEurope	40.115.108.29, 13.93.36.78
France	AzureConnectors.FranceCentral AzureConnectors.FranceSouth
Germany	AzureConnectors.GermanyCentral AzureConnectors.GermanyNorthEast AzureConnectors.GermanyNorth AzureConnectors.GermanyWestCentral
India	AzureConnectors.CentralIndia AzureConnectors.JioIndiaCentral AzureConnectors.JioIndiaWest AzureConnectors.SouthIndia AzureConnectors.WestIndia	104.211.214.161
Japan	AzureConnectors.JapanEast AzureConnectors.JapanWest
Korea	AzureConnectors.KoreaCentral AzureConnectors.KoreaSouth	52.231.160.99
Norway	AzureConnectors.NorwayEast AzureConnectors.NorwayWest	51.120.92.27
Singapore	AzureConnectors.SoutheastAsia	52.151.217.109, 52.151.217.66
South Africa	AzureConnectors.SouthAfricaNorth AzureConnectors.SouthAfricaWest	40.127.2.94, 102.133.75.194
Sweden	AzureConnectors.SwedenCentral
Switzerland	AzureConnectors.SwitzerlandNorth AzureConnectors.SwitzerlandWest	51.107.231.190
United Arab Emirates	AzureConnectors.UAECentral AzureConnectors.UAENorth	20.45.67.28, 40.123.224.120
United Kingdom	AzureConnectors.UKNorth AzureConnectors.UKSouth AzureConnectors.UKSouth2 AzureConnectors.UKWest
United States (Preview)	AzureConnectors.WestCentralUS AzureConnectors.WestUS2	13.66.164.219
United States	AzureConnectors.NorthCentralUS AzureConnectors.SouthCentralUS AzureConnectors.CentralUS AzureConnectors.EastUS AzureConnectors.EastUS2 AzureConnectors.WestUS AzureConnectors.WestUS2 AzureConnectors.WestUS3	52.188.157.160, 40.77.68.110, 40.65.220.25, 52.181.180.194, 52.181.182.180, 52.151.217.109, 52.151.217.66
United States Government (GCC)	AzureConnectors.USGovArizona AzureConnectors.USGovIowa AzureConnectors.USGovTexas AzureConnectors.USGovVirginia	52.245.161.213, 52.126.190.111, 20.141.95.45, 20.141.94.250
United States Government (GCC High)	AzureConnectors.USGovArizona AzureConnectors.USGovTexas AzureConnectors.USGovVirginia	20.141.100.65, 52.126.191.63, 20.141.142.113, 20.141.142.106
Department of Defense (DoD) in Azure Government	AzureConnectors.USDoDCentral AzureConnectors.USDoDEast