Power Platform URLs and IP address ranges
Microsoft Power Platform requires connectivity to the internet. The endpoints listed in this article should be reachable for customers using the Power Platform services.
Internet URLs to allow
Ensure that you have added the required URLs to the allow list to ensure communication through firewalls and other security mechanisms. If you cannot access a service or specific URLs fail to load, a proxy or firewall might be configured to prevent you from accessing server resources. Review your proxy settings and ensure that you add all the relevant URLs to the allowed list as per your service.
URLs for Power Platform services
Add the following URLs to the allow list.
| Service | URLs |
|---|---|
| Power Apps | - Public cloud - Government cloud |
| Power Automate | - Public cloud - Government cloud |
| Power BI | - Public cloud - Government cloud |
| Power Pages | - Public cloud - Government cloud |
| Microsoft Copilot Studio | - Public cloud - Government cloud |
Important
If you are a customer in China and want to access Power Platform services operated by a local company that stores your data within China, go to Power Platform and Dynamics 365 apps - operated by 21Vianet in China
URLs for Dynamics 365 services
Add the following URLs to the allow list to use Dynamics 365 apps such as Dynamics 365 Sales, Dynamics 365 Customer Service, Dynamics 365 Field Service, and Dynamics 365 Marketing.
| Endpoint URL | Justification |
|---|---|
| http://login.microsoftonline-p.com | Required for Microsoft Cloud Authentication. Includes business-to-consumer (B2C) and guest scenarios. |
| https://login.live.com | |
| https://secure.aadcdn.microsoftonline-p.com | |
| https://auth.gfx.ms | |
| https://*.windows.net | |
| http://*.passport.net | |
| https://.crm#.dynamics.com and http://.crm#.dynamics.com | Required for environments access. Includes integration and static Content Delivery Network (CDN) content endpoints. Replace # in http://.crm#.dynamics.com and https://.crm#.dynamics.com with your region's number:
|
| https://*.azureedge.net | |
| https://*.microsoftonline.com | Required for authentication and Microsoft 365 services such as the Microsoft 365 admin center. |
| https://go.microsoft.com | Required for product documentation and context-sensitive help pages. |
https://urs.microsoft.com |
Required for Microsoft defender SmartScreen filtering. |
| https://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl | Required for Certification Revocation List checks. |
| https://dynamics.microsoft.com | |
| https://*.api.powerplatform.com, https://*.powerplatform.com, and https://*.api.powerplatformusercontent.com | Required for Power Platform API connectivity and used internally by Microsoft products and admin automation scenarios as described in Programmability and extensibility overview. |
| https://mem.gfx.ms | Me Control is a Microsoft feature that provides a consistent way for users to do core authentication functions like signing in, switching between accounts and more. |
| https://www.d365ccafpi.com | d365ccafpi service exposes a controller endpoint for token change to achieve client side first party integration with external service from PCF control |
| https://api.admin.powerplatform.microsoft.com | Required to call Power Platform admin center service in public cloud. |
| https://eu-mobile.events.data.microsoft.com/Collector/3.0 (Europe) https://browser.pipe.aria.microsoft.com (Rest of the world) |
Required for model-driven apps telemetry information. |
Important
- If you are Government cloud customer, go to Dynamics 365 US Government URLs
- If you are a customer in China and want to access Dynamics 365 services operated by a local company that stores your data within China, go to Power Platform and Dynamics 365 apps - operated by 21Vianet in China
IP addresses required
All IP addresses for various services for public and government clouds are available in these downloadable JSON files:
- Azure IP Ranges and Service Tags – Public Cloud
- Azure IP Ranges and Service Tags – US Government Cloud
- Azure IP Ranges and Service Tags – China Cloud
- Azure IP Ranges and Service Tags – Germany Cloud
The IP address values in these JSON files are grouped by service tags that define the service they're applicable for.
For Power Platform and Dynamics 365 services, you must add the IP address values specified under the AzureCloud service tag. The service tags also have a regional scope to define the IP addresses required per Azure datacenter region. For example, to find out the required IP address values for accessing services in the Australia region, use the Azure IP Ranges and Service Tags – Public Cloud file, and search for AzureCloud.Australia. For real-time collaboration features, you must add the IP address values specified under the MicrosoftAzureFluidRelay service tag.
If you are using Power Platform connectors, see the complete list of required IP addresses in Connectors docs.
Note
Blocked IPs can also impact connecting Dynamics 365 apps to Microsoft Exchange Server (on-premises).
IPv6 support in Microsoft Power Platform and Dynamics 365
Starting April 2024, IPv6 network connectivity is supported on Power Platform and Dynamics 365 products and services. If your organization's network does not support IPv6 yet, this doesn’t impact your ability to connect to Power Platform and Dynamics 365 services on current prevalent IPv4 connectivity. Microsoft will continue to support both IPv4 and IPv6 protocols for Power Platform products and services.
What is changing?
In December 2023, we published Power Platform IPv6 address ranges in Azure service tags with plans to introduce IPv6 support for Power Platform products and services. Starting from April 2024, selective Power Platform service endpoints will start resolving to both IPv4 and IPv6 addresses with the goal to eventually enable IPv6 on all Power Platform and Dynamics 365 endpoints. If your organization network is configured to consume cloud services on IPv6 and clients prefer IPv6 over IPv4, your connections to Power Platform services will happen using IPv6 protocol. Additionally, if you configured the endpoints owned by you in Power Platform and Dynamics 365 and such endpoints announce support for IPv6 connectivity (by DNS names resolving to IPv6 AAAA address), Power Platform and Dynamics 365 services will start connecting to your endpoints using IPv6 protocol.
How can my organization be ready for this change?
If your organization network is configured to consume cloud services using IPv6 protocol or your configured endpoints within Power Platform and Dynamics 365 services announce support for IPv6 connectivity, Power Platform and Dynamics 365 service connections are expected to happen using IPv6 protocol. If your organization implements access control lists (ACLs) for such inbound and outbound connections, your organization network needs to be configured to allow Power Platform IPv6 address ranges as published in Azure service tags file for successful communication.
Additional resources for IPv6 support:
- Azure service tags overview
- IPv6 support in Microsoft Entra ID
- IPv6 support in Microsoft 365 services
- What is IPv6 for Azure Virtual Network?
- Internet Protocol version 6 (IPv6) overview
Ports
Dataverse exposes ports 1433 and 5558 to expose the Dataverse Tabular Data Stream.
See also
Plan for Deployment and Administration
Work with requirements as a solution architect for Power Platform and Dynamics 365