IP ranges for Dynamics 365

IP whitelisting (Range) for Dynamics 365.

In one of our recent project we need to call a web service from Workflow and Action from Dynamics 365 online (9.x) . The web service publisher will allow only request from specific IP ranges due to security principal of the organisation.

To Achieve this IP range there could be multiple approach but I will explain the below two

  1. Add Dynamics IP range to the allowed IP range for the Web Service Publisher.
  2. Use Azure API manager or some other static IP provider in between Dynamics 365 and the Web service.

In the current blog I will explain the Dynamics 365 IP ranges. I will explain the Azure API manager in future blog.

Add Dynamics IP range to the allowed IP range for the webservice

The IP range for dynamics CRM can be found on https://support.microsoft.com/en-us/help/2728473/microsoft-dynamics-crm-online-ip-address-ranges . this link has the exhaustive list for Dynamics CRM for each CRM region. For Oceania region the list is around 10 IP ranges.

But I found that the Request to the web service is going from 13.70.86.61 which is not listed in the in the IP range for Oceania for CRM, but this is within a range Azure IP range for Oceania region.

So, I understood with 9.x version as dynamics is using Azure infrastructure so request is going from Azure IP range. Up to CRM 8.x version the request seems to go from Dynamics IP range(Listed previously) . To get double sure I raised a ticket with Microsoft.

Based on the reply from Microsoft, Dynamics 365 does not have any static IP range furthermore with 9.x and higher as the Azure infra has been used. The IP that the request will go from Azure IP range for this region.

The Azure IP range all region can be downloaded from https://www.microsoft.com/en-us/download/details.aspx?id=41653

Below is the reply from Microsoft for the ticket.

Ip Range

Conclusion

So, If you have the requirement for IP range from currently use all the Azure IP range for the region. This is not a clean solution as this IP range could be changed by Microsoft anytime. So, Using API manager and wrapper service will be a cleaner solution but this include extra cost for customer in terms of development and Azure hosting.

I wish Microsoft will come with a more specific IP ranges for Dynamics Application.

I will explain the API manager and Wrapper service approach in future blog.

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s