Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Enhance your career with this limited time 50% discount on Fabric and Power BI exams. Ends August 31st. Request your voucher.

Reply
jkeeley
Frequent Visitor

Embedding for Customer - Is there anyway to IP restrict inbound traffic from users browser Capacity

‎09-10-2021 06:10 AM

We are using Embedded for our Customers and are wanting to be able to apply an IP restriction

Anyway to setup IP restriction for the communication between a customer's browser and the calls to power bi capacity?

jkeeley_0-1631279284405.png

 

Labels:
Message 1 of 7
1,762 Views
0
1 ACCEPTED SOLUTION
lbendlin
Super User
Super User
In response to jkeeley

‎09-11-2021 07:27 PM

If they can generate/intercept embed tokens they can probably also spoof IP addresses.

 

You will want to ask your Microsoft contacts that question though.

View solution in original post

Message 6 of 7
1,513 Views
0
6 REPLIES 6
jkeeley
Frequent Visitor

‎09-16-2021 04:53 AM

Opened Ticket with MS and received confirmation.  IP Restrictions are not currently possible on Power BI Embedded Capacities

Message 7 of 7
1,386 Views
0
jkeeley
Frequent Visitor

‎09-11-2021 04:04 PM

Thanks for the reply.  I'm not looking for Azure IP Ranges.  I'm looking to restrict the IP Address range that is allowed to access Our Azure Power BI Embedded Capacity.  We are using Embed for your customer and we need to ensure only our customer IP Ranges can render reports from our Power BI Capacity.  

Message 3 of 7
1,643 Views
0
lbendlin
Super User
Super User
In response to jkeeley

‎09-11-2021 05:52 PM

it's the same thing .  "Our Power BI capacity" is not actually a thing. Even Premium SKUs don't have dedicated IP addresses.  The Gov Cloud might be different, but EM SKUs are all sitting in the same Azure pool.

Message 4 of 7
1,558 Views
0
jkeeley
Frequent Visitor
In response to lbendlin

‎09-11-2021 06:03 PM

Thanks again for the response.  Sorry if I'm not being clear in my question.  When a customer of ours logs into our web portal and views an embedded power bi report using an embed token we've generated for them, the customers browsers javascript client makes a call to the Azure Power BI Embedded Capacity to render the report (using the embed token).  I'm not looking to get an IP address for the Azure Embedded Capacity, in fact I'm not looking for an IP Address at all.  What I'm asking is there a way to Restric IP address ranges (these are IPs from our customers browsers) from making calls to Azure Embedded Capacity.  This would be very much like conditional access policies in Azure AD Premium.  The intent here is to protect our clients data even in the event of a compromised Embed Token.  So Hypothetically a hacker figures out a way to generate an embed token, currently, they could use that token to render a report from anywhere, we would like to block the use of a valid token if its coming from a non-white-listed IP Address.

Message 5 of 7
1,541 Views
0
lbendlin
Super User
Super User
In response to jkeeley

‎09-11-2021 07:27 PM

If they can generate/intercept embed tokens they can probably also spoof IP addresses.

 

You will want to ask your Microsoft contacts that question though.

Message 6 of 7
1,514 Views
0
lbendlin
Super User
Super User

‎09-11-2021 03:52 PM

There are lists on the interwebs for that but they keep changing.  Have a look at this one

Download Azure IP Ranges and Service Tags – Public Cloud from Official Microsoft Download Center

Message 2 of 7
1,667 Views
0

Helpful resources

Announcements
July 2025 community update carousel

Fabric Community Update - July 2025

Find out what's new and trending in the Fabric community.

July PBI25 Carousel

Power BI Monthly Update - July 2025

Check out the July 2025 Power BI update to learn about new features.

View All