Restrict PowerApps/ Dynamics 365 Portal access by IP address

Follow my blog for more interesting topics on Dynamics 365, Portals and Power Platform. For training and consulting, write to us at info@xrmforyou.com

In this blog I am going to explain on how you can restrict access requests for PowerApps portal from specific IP addresses. Before I explain on how we can do it, let’s understand when this functionality may be required.

So you have designed a portal for a bank. And they want that the portal application should only surface their content when requests originate from only within company network. But how can you achieve this? Gone are the days of the on-premise portal offerings. Portals are always provisioned online now.

But wait there is a way. PowerApps portal access request can be restricted based on IP address. So let’s see how we can do it.

Navigate to PowerApps maker portal and select your portal. From the menu click on Settings.

Restrict Portal Access by IP address

Once PowerApps Portal admin center is up, click on “Set up IP address restriction” from the left hand navigation.

Restrict Portal Access by IP address

On the Set up IP address section, click on Add New

Restrict Portal Access by IP address

Once you have entered the IP address, click on Configure. In this example I have set the IP address restriction to 33.33.33.33/16. Well most of the blogs specify till this point. Even Microsoft Docs article does not explain this notation. If you observe closely, the IP address is specified in CIDR notation.

You will like the below posts

But what is CIDR Notation? CIDR stand for Classless Inter-Domain Routing. I am not a network expert neither this blog is about network related topics. However this need a certain bit of explanation here. Because usually when I demo this in training, participants think that using this will block requests from all IP addresses from 33.33.33.16 – 33.33.33.33.

Well it’s not that simple. If I go by definition, “CIDR notation is a compact representation of an IP address and its associated routing prefix. The notation is constructed from an IP address, a slash(‘/’) character, and a decimal number. The trailing number is the count of leading 1 bits in the routing mask, traditionally called the network mask. The IP address in the notation is always represented according to the standards for IPv4 or IPv6

33.33.33.33/16 represents the IPv4 address 33.33.33.33 and its associated routing prefix 33.33.33.0, or equivalently, its subnet mask 255.255.255.0, which has 16 leading 1-bits. You may be wondering what does that mean? All I can suggest is to better involve your network team when you do this configuration. After all, a cross group collaboration is always so desired in an organization.

If you want to delete the IP address restriction, it’s as simple to go ahead and delete the record you just created.

Restrict Portal Access by IP address

Recent Posts

Hope this helps!
Debajit Dutta
(Business Solutions MVP)

Leave a Reply