Restrict traffic on system integrations with service tags


This content is archived and is not being updated. For the latest documentation, go to What's new and planned for Dynamics 365 Business Central. For the latest release plans, go to Dynamics 365 and Microsoft Power Platform release plans.

Enabled for Public preview General availability
Admins, makers, marketers, or analysts, automatically - Feb 1, 2023

Business value

New service tags support secure integration scenarios where a limited list of service tags is allowed for incoming traffic.

Feature details

An Azure service tag represents a group of IP addresses from/to which traffic from a specific service may come. This service tag is automatically updated as this group of IP addresses changes over time, so administrators can avoid frequent updates to network security rules to keep up with those changes. We will introduce the Dynamics365BusinessCentral service tag to enable administrators to restrict access from/to Dynamics 365 Business Central using firewall and network security group rules.

This service tag represents the group of IP addresses used by Dynamics 365 Business Central globally; while this will make it possible to control Business Central traffic, it won't be possible to control traffic on more granular levels (for example, per Azure AD Tenant of Business Central environment).

The group of IP addresses making up the service tag are available through the Azure Management API and as downloadable .json files to use for any systems that don't support service tags.

To learn more about service tags, go to Virtual network service tags.

Tell us what you think

Help us improve Dynamics 365 Business Central by discussing ideas, providing suggestions, and giving feedback. Use the forum at

Thank you for your idea

Thank you for submitting this idea. We listened to your idea, along with comments and votes, to help us decide what to add to our product roadmap.

See also

Azure security service tags (docs)