Enhance shared access signature calls to include IP restrictions

Important

Some of the functionality described in this release plan has not been released. Delivery timelines may change and projected functionality may not be released (see Microsoft policy). Learn more: What's new and planned

Enabled for	Public preview	General availability
Users by admins, makers, or analysts	Jul 2024	Sep 2024

Business value

With this feature, customers can enhance their security for shared access signature calls by restricting usage of these calls with IP restrictions that are configurable in the Power Platform admin center.

Feature details

Customers can configure the IP restrictions for shared access signature calls within our low-code products. These options include:

• IP Binding Only - Restricts shared access signature keys to the requester’s IP.
• IP Firewall Only - Restricts using shared access signature keys to only work within an admin-specified range.
• IP Binding and Firewall - Restricts using shared access signature keys to work within an admin-specified range and only to the requestor's IP.
• IP Binding or Firewall - Allows shared access signature keys to be used within an admin-specified range. If the request comes from outside the range, IP Binding is applied.

This feature specifically applies to:

• Power Apps
• Power Automate
• Microsoft Dataverse

Due to routing and additional calls that must be made to enhance security, customers with advanced apps, flows, and large data sets may see a slight effect on performance when this feature is enabled.

In addition to these calls gaining IP restrictions, logging for creation and usage events is actively being developed. These logs are off, by default, due to the significant amount of traffic generated, but they can be activated in the Power Platform admin center. Once activated, logs are visible in Microsoft Purview and Microsoft Sentinel.

For more information, go to shared access signature IP Binding.