skip to Main Content

I’m trying to access an Azure API Management instance from Microsoft Fabric (Dataflow). The API has IP restrictions configured that block incoming requests.

Current setup:

  • I have an Azure API Management instance with IP restrictions enabled
  • I need to consume this API from Microsoft Fabric dataflows
  • Direct access is blocked due to the IP restrictions

What I’ve considered

  • IP whitelisting(Not sure what IPs to whitelist? Do not want to whitelist a whole regions range)
  • Private Link/Private Endpoints(Not sure if this is the right path for this type of communication?)

Question:
What is the recommended approach to securely connect Microsoft Fabric to an IP-restricted Azure API Management instance?

2

Answers


  1. Chosen as BEST ANSWER

    After investigating several approaches, I found a robust solution that maintains security principles while staying aligned with Microsoft's architecture patterns.

    Solution: I implemented an Azure Function that acts as a middleware/proxy between Microsoft Fabric and the API Management instance. Here's how it works:

    Architecture:

    • Azure Function acts as an intermediary service
    • Microsoft Fabric connects to the Azure Function through managed endpoints
    • Azure Function forwards requests to APIM
    • Only the Azure Function's static IP needs to be whitelisted in APIM
    • The solution is future-proof, and the function can probably be moved to fabric in the future, sine AF is in preview for fabric.

    Hope this helps others facing similar challenges!


  2. You’ll need to use an On Prem Data Gateway or a VNet Data gateway to access IP-restricted endpoints. In Fabric outbound Private Endpoints only work with Spark.

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search