Microsoft Dynamics 365 | Integration, Dataverse...

Issue Configuring Synapse Link with Private Endpoints and Public Network Access Disabled

(1) Share

Report

Posted on by GK-13050341-0

Hi everyone,
We're encountering an issue while configuring Azure Synapse Link for Dataverse. Our environment is secured using VNet private endpoints, and public network access is fully disabled on the associated Azure Storage and Synapse resources.
When attempting to configure Synapse Link, the process fails—presumably due to network restrictions. Based on documentation and community insights, it seems Synapse Link may require public network access for setup and delta sync processes, which contradicts our security policies.

We've considered the following:
1. Temporarily enabling public access — not ideal due to compliance requirements.
2. Whitelisting IP ranges — we tried adding the full Azure region’s data center IPs, but this doesn't help since Dynamics 365-specific IPs or CIDRs are not publicly available. Also, checkbox for trust MS services is enabled.
3. Removing private endpoints — this works but compromises the secure network model we've put in place.

Did anyone tried this: https://learn.microsoft.com/en-us/power-apps/maker/data-platform/azure-synapse-link-msi

Has anyone else successfully configured Synapse Link in a fully private setup with public network access disabled? If so, did you follow a specific set of steps or use managed private endpoints to achieve this?
Any guidance, lessons learned, or documentation links would be greatly appreciated.
Thanks in advance!

Categories:

Dynamics 365 general

Screenshot 2025-0...

All responses (2)

Answers (0)

CU06060808-0 6 on at

Like (1)

Report

Issue Configuring Synapse Link with Private Endpoints and Public Network Access Disabled

Hi,

yes, we have done the configuration in private connectivity.

The mentioned documentation is good but does not cover every needed configuration.

Be sure you have set the permissions accordingly and your account is subscription owner and you do not have Azure Policys active which blocks delegating permissions to the environment. Also the part with the "Enterprise policy" needs to be done upfront and the permissions in the power platform needs to be set before starting the setup.

Depending on your usecase additional configurations for the managed PEs could be necessary.

If your issue still persists you can send me a message to have a look on it.

best regards
Suggested answer

Muhammad Shahzad Sh... 379 Most Valuable Professional on at

Like (0)

Report
Issue Configuring Synapse Link with Private Endpoints and Public Network Access Disabled

Azure Synapse Link for Dataverse requires public network access during initial setup and delta syncs. Fully private configurations with public access disabled are not currently supported.

Temporarily enable public access with "Trust Microsoft services" enabled → complete provisioning → then disable public access.

Managed Private Endpoints help for ongoing access but don’t eliminate the need for public access during setup.

The MSI guide improves authentication but does not remove public access dependency.

IP whitelisting or fully private setup will not work due to lack of static Dataverse IP ranges.
Conclusion: Temporary public access is currently the only working solution.