Share via

Power Automate HTTP Flow — 403 / Authentication Error When Uploading to Private Azure Blob Storage

Balasaheb N 0 Reputation points
2026-06-15T02:48:17.38+00:00

We have Azure private storage account and through power automate HTTP flow we want to upload to this storage account.

Connector we are using in HTTP flow is blob v2, authentication method: service principal

In http flow we are getting "Authentication error". After research I got to know power automate cannot directly reach Azure storage account.

So, I would like to understand will Azure virtual Network Data gateway work for this ???, I think on-prem data gateway is not supported.

In Vnet data gateway we need to create 2 virtual networks so what is another simple solution for example: Azure virtual machine which will take uploaded files from power automate and and azure VM will push to Storage account(but how to make connectivity between Azure VM with only private IP and power automate). or another solution like if any other connector is supported in power automate http to upload to storage?

Note: We do not create any public service

Questions

  1. Is VNet Data Gateway the correct and recommended solution for this scenario?
  2. Is there a simpler alternate solution that avoids creating 2 VNets?
  3. Can the HTTP with Microsoft Entra ID connector with on-premises data gateway reach a private Blob Storage endpoint?
  4. If Vnet data gateway is recommended or proper approach then can i create 2 vnets: 1(central india) and 2nd in south india.

Please share possible suggestions, appreciate your help

Azure Storage
Azure Storage

Globally unique resources that provide access to data management services and serve as the parent namespace for the services.

0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest

  1. AI answer

    2026-06-15T02:48:32.36+00:00

    Power Automate can reach a private Azure Storage account without exposing a public endpoint by using a virtual network (VNet) data gateway, provided the scenario matches the supported patterns.

    Key points from the available information:

    1. A VNet data gateway is specifically designed to let Microsoft Fabric and Power Platform (including Power Automate) connect to data services secured in an Azure VNet without using an on-premises data gateway.
      • It connects Azure and other data services to the Power Platform and supports scenarios where the data source is in a private VNet (PaaS or IaaS).
      • It can be used with private endpoints so that no traffic is exposed to a public endpoint.
    2. For Power Platform dataflows, VNet data gateways are explicitly supported to connect to data services secured in a VNet, and they use the same supported data sources as Power BI. Azure Storage is included in the supported Azure data services list for Power BI when using VNet data gateways.
    3. There is a known connectivity consideration for Storage accounts when using a VNet data gateway:
      • If the Storage account (or ADLS Gen2, or services that manage storage accounts like Databricks/Snowflake) is in the same region as the VNet data gateway, Microsoft.Storage service endpoint might need to be enabled on the delegated subnet to avoid connectivity issues.
    4. The VNet data gateway is a fully managed alternative to on-premises data gateway and is intended exactly for cases where a cloud data source resides in a private network (for example, a Storage account with private endpoints and no public access).

    From the context:

    • On‑premises data gateway is not required for VNet‑secured Azure PaaS; the VNet data gateway is the correct pattern.
    • The VNet data gateway can be used with private endpoints and provides compute isolation and auditing, which aligns with the requirement to avoid public services.

    Therefore, for a Power Automate flow that must upload to a private Azure Storage account with no public endpoint:

    • A virtual network (VNet) data gateway is the supported approach to allow Power Platform to reach that private Storage account over a VNet/private endpoint, instead of using an on‑premises data gateway or a public endpoint.
    • When configuring it, ensure:
      • The Storage account is integrated with the VNet via private endpoint.
      • The VNet data gateway is deployed in a delegated subnet in the same or appropriate VNet.
      • If the Storage account is in the same region as the VNet data gateway and connectivity issues occur, enable the Microsoft.Storage service endpoint on the delegated subnet as described in the FAQ.

    The context does not describe a pattern where Power Automate calls an intermediate private‑only VM directly, so the documented and supported solution in scope is to use a VNet data gateway rather than a VM relay.

    References:

    AI-generated content may be incorrect. Read our transparency notes for more information.

    Was this answer helpful?

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.