Azure Functions
An Azure service that provides an event-driven serverless compute platform.
5,932 questions
Correct Service Tag for Power Automatr
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(230.39999999999998, 84%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGP%3C/text%3E%3C/svg%3E)
Garry Pope
21
Reputation points
Hello Microsoft community,
I hope I'm posting this in the correct place.
I have a question about securing a Function App, please. I have zero knowledge about Function Apps, so forgive me.
My requirement is, have a Function App that gets called from a Power Automate Flow's HTTP trigger.
I've built a Function App. On the "Authentication" blade I've enabled Microsoft as the identity provider and paired a Service Principal with it, so that only the Service Principal can authenticate with the Function App. This seems to be working well. But, I wanted to increase security by using functionality in the "Networking" blade.
I've changed the "Public network access" from "Enabled for all networks" to "Enabled for selected virtual networks and ID addresses".
Here I can add IP addresses from Microsoft in regards to Power Automate, but there are over 250. This is a monster job and I will have many function apps.
I read about "Service Tags" which, if I'm reading it correctly, uses all the IP addresses for a particular service. This is perfect.
But, my question is, which "Service Tag" should I use to allow calls to come from Power Automate, and if possible just from the UK?
Any help would be greatly appreciated,
Thanks very much,
Garry
Azure Functions
{count} votes
-
VenkateshDodda-MSFT 25,111 Reputation points Microsoft Employee Moderator2024-12-19T09:35:24.51+00:00 @Garry Pope Thanks for reaching out to Microsoft Q&A, apologize for any inconvenience caused on this.
From the Service Tags documentation, I see two tags to access the Powerplatform services like PowerAutomate, Power Apps, Power BI etc.,
Also for UK region I see the below service tags to access the PowerPlatformInfra. did you tried adding them to inbound rule in functions and checked?
-
Garry Pope 21 Reputation points
2024-12-21T06:01:29.4466667+00:00 Hello @VenkateshDodda-MSFT ,
Thanks for the quick response, and sorry for the delay in replying. I didn't receive any notification, sorry.
This looks great, but I'm unable to select the Service Tag value you've selected. I don't see anything for the Power Platform.
If I open Service Tags and don't search I only see these frequently used ones:
So I imagine I need to enable that Service Tag somewhere. Any idea where? Or why I'm not seeing it?
Thanks very much,
Garry
-
VenkateshDodda-MSFT 25,111 Reputation points Microsoft Employee Moderator
2024-12-23T10:00:35.6+00:00 @Garry Pope Thanks for your response and apologize for the delay in my response over the weekend.
I have reached out to you over private message could you please check and share the requested information.
-
Pinaki Ghatak 5,600 Reputation points Microsoft Employee Volunteer Moderator2024-12-23T12:13:52.8166667+00:00 Hello @Garry Pope
It's great to hear that you are taking steps to secure your Function App. Regarding your question, you can use the "Microsoft.PowerApps" service tag to allow calls to come from Power Automate.
This service tag includes all IP addresses used by Power Automate. To restrict access to only the UK, you can use the "UK South" region service tag.
This service tag includes all IP addresses used in the UK South region.
To add these service tags to your Function App's networking configuration, follow these 7 steps:
- Go to your Function App's Networking blade.
- Under "Public endpoint", select "Enabled for selected networks".
- Click "Add inbound IP rule".
- Under "Source", select "Service Tag".
- Under "Service Tag", select "Microsoft.PowerApps" to allow calls from Power Automate.
- Under "Source", select "Service Tag".
- Under "Service Tag", select "UK South" to restrict access to the UK. 8. Click "Add". This should allow calls to your Function App from Power Automate while restricting access to only the UK.
I hope that this response has addressed your query and helped you overcome your challenges. If so, please mark this response as Answered. This will not only acknowledge our efforts, but also assist other community members who may be looking for similar solutions.
-
Garry Pope 21 Reputation points
2024-12-24T06:25:35.02+00:00 Hello @VenkateshDodda-MSFT
Thanks for your help. Unfortunately I’m unable to view the private message. I replied to it saying I can’t view it. Any ideas why, please? Sorry.
-
Garry Pope 21 Reputation points
2024-12-24T06:29:09.3+00:00 Hello @Pinaki Ghatak
Thanks so much for the reply and description. If you see my comment above I’m unable to see any service tags relating to the Power Platform. How do I enable them to be selected in a Function App, please?
Sign in to comment
Sign in to answer