Azure Blob storage account may have this setting enabled in Networking to limit access only to specific IP ranges, for example belonging only to your organization:
Public network access -> Enabled from selected virtual networks and IP addresses.
If you want in addition to access the blobs/files in storage with Power Automate, you would need to whitelist the Power Automate IPs, otherwise when trying to use Power Automate connectors for Azure Blob Storage you will see the following error:
{
"error": {
"code": "DynamicInvocationFailed",
"message": "The dynamic invocation request failed with error",
"status": 403,
"message": "AuthorizationFailure\r\nclientRequestId: 2c8242fe-9607-4808-b93b-cc01a5223de5",
"error": {
"message": "AuthorizationFailure"
},
"source": "azureblob-ne.azconn-ne-002.p.azurewebsites.net"
}
}Find Power Automate region
Ref. learn.microsoft.com/en-us/power-automate/regions-overview
Go to admin.powerplatform.microsoft.com -> Environments -> Your Env -> Details table -> Region
In my case the region is Europe.
Find Service tag names associated with your region
Ref. learn.microsoft.com/en-us/connectors/common/outbound-ip-addresses#power-platform
Requests from Power Platform use IP addresses or service tags that depend on the region and the environment in which the app or flow is located
All service tags associated with a region must be allow-listed - regardless of the location of the target resource
For Europe, the service tags are:
- AzureConnectors.NorthEurope
- AzureConnectors.WestEurope
Find IP addresses behind service tags
You can download JSON files that contain the current list of service tags together with IP address range details. These lists are updated and published weekly. Locations for each cloud are: Azure Public
Go to Azure Public -> click Download to get the JSON file -> search in JSON for your relevant service tags.
For AzureConnectors.NorthEurope:
{
"name": "AzureConnectors.NorthEurope",
"id": "AzureConnectors.NorthEurope",
"properties": {
"changeNumber": 8,
"region": "northeurope",
"regionId": 17,
"platform": "Azure",
"systemService": "AzureConnectors",
"addressPrefixes": [
"13.69.171.0/32",
"13.69.227.208/28",
"13.69.231.192/27",
"20.82.159.224/32",
"20.82.224.59/32",
"20.82.225.129/32",
"20.82.226.52/32",
"20.82.226.163/32",
"20.82.246.112/28",
"20.93.81.75/32",
"52.146.138.32/27",
"52.178.150.68/32",
"94.245.91.93/32",
"2603:1020:5:402::180/122"
],
"networkFeatures": [
"API",
"NSG",
"UDR",
"FW"
]
}
}For AzureConnectors.WestEurope:
{
"name": "AzureConnectors.WestEurope",
"id": "AzureConnectors.WestEurope",
"properties": {
"changeNumber": 9,
"region": "westeurope",
"regionId": 18,
"platform": "Azure",
"systemService": "AzureConnectors",
"addressPrefixes": [
"13.69.64.208/28",
"13.69.71.192/27",
"20.82.14.39/32",
"20.82.15.2/32",
"20.86.93.32/27",
"20.86.93.64/28",
"20.103.131.1/32",
"20.103.132.139/32",
"20.103.158.245/32",
"20.103.159.225/32",
"20.126.241.238/32",
"20.126.243.151/32",
"40.91.208.65/32",
"52.174.88.118/32",
"52.174.180.160/32",
"137.117.161.181/32",
"2603:1020:206:402::180/122",
"2603:1020:206:403::1c0/122"
],
"networkFeatures": [
"API",
"NSG",
"UDR",
"FW"
]
}
}Add all IPs from addressPrefixes to Firewall -> Address range in Azure Storage -> Networking and you are good to go.
Alternatively, same IPs can be found here www.azurespeed.com/Information/AzureIpRangesByService
