Networking settings for Azure Storage account with Dataverse Synapse Link

Arnoud Wigherink 6 Reputation points
2022-08-25T09:54:23.46+00:00

Hi, first time posting a question here.

I've tried google of course for a clear and uniform answer, but didn't manage to find one, so thought, lets give this forum a go.

So the following is the situation. I've set up a Dataverse Synapse Link from D365 CE to a Datalake Gen2 storage account for a client (No synapse workspace). The networking settings are currently open, however, the client would obviously prefer it if the public networking access setting would be swapped to the 'Enabled from selected virtual networks and IP addresses' option, with the option of 'Allow Azure services on the trusted services list to access this storage account. ' enabled. Setting up the Synapse Link has created an App registration, 'Export to Data Lake', and assigned it to a couple of different Roles in the Access Control list. My question is, will swapping to this networking setting, stop the Synapse Link from working, or will it keep functioning as it should.

Kind regards

Azure Data Lake Storage
Azure Data Lake Storage
An Azure service that provides an enterprise-wide hyper-scale repository for big data analytic workloads and is integrated with Azure Blob Storage.
1,336 questions
Azure Storage Accounts
Azure Storage Accounts
Globally unique resources that provide access to data management services and serve as the parent namespace for the services.
2,671 questions
Azure Synapse Analytics
Azure Synapse Analytics
An Azure analytics service that brings together data integration, enterprise data warehousing, and big data analytics. Previously known as Azure SQL Data Warehouse.
4,346 questions
{count} vote

2 answers

Sort by: Most helpful
  1. AaronHughes 391 Reputation points
    2022-10-19T18:41:58.907+00:00

    Right so update - I have a pending Bug to fix this issue

    Currently there is an active bug against the Synapse Link process with ADLSgen2 FW Trusted Services

    The Synapse Link service is supposed to be a trusted Azure service so that when a vnet is stood up against adlsgen2 that you are able to maintain the link as per a public adls. However due to the missing service from the trusted list this is not the case currently.

    I haven't got a fix date for this but I m told it is a global bug and should be reflected soon due to number of customers it effects. I will update when i get more details back from MS support team on ADLS.

    1 person found this answer helpful.

  2. Vidya Narasimhan 2,201 Reputation points Microsoft Employee
    2022-08-28T04:40:47.257+00:00

    Hi @Arnoud Wigherink as per this doc https://learn.microsoft.com/en-us/power-apps/maker/data-platform/azure-synapse-link-data-lake#connect-dataverse-to-azure-data-lake-storage-gen2 -
    Currently, you can't provide public IPs for the Azure Synapse Link for Dataverse service that can be used in Azure Data Lake firewall settings. Public IP network rules have no effect on requests originating from the same Azure region as the storage account. Services deployed in the same region as the storage account use private Azure IP addresses for communication. Thus, you can't restrict access to specific Azure services based