IP whitelisting (Range) for Dynamics 365.
In one of our recent project we need to call a web service from Workflow and Action from Dynamics 365 online (9.x) . The web service publisher will allow only request from specific IP ranges due to security principal of the organisation.
To Achieve this IP range there could be multiple approach but I will explain the below two
- Add Dynamics IP range to the allowed IP range for the Web Service Publisher.
- Use Azure API manager or some other static IP provider in between Dynamics 365 and the Web service.
In the current blog I will explain the Dynamics 365 IP ranges. I will explain the Azure API manager in future blog.
Add Dynamics IP range to the allowed IP range for the webservice
The IP range for dynamics CRM can be found on https://support.microsoft.com/en-us/help/2728473/microsoft-dynamics-crm-online-ip-address-ranges . this link has the exhaustive list for Dynamics CRM for each CRM region. For Oceania region the list is around 10 IP ranges.
But I found that the Request to the web service is going from “18.104.22.168” which is not listed in the in the IP range for Oceania for CRM, but this is within a range Azure IP range for Oceania region.
So, I understood with 9.x version as dynamics is using Azure infrastructure so request is going from Azure IP range. Up to CRM 8.x version the request seems to go from Dynamics IP range(Listed previously) . To get double sure I raised a ticket with Microsoft.
Based on the reply from Microsoft, Dynamics 365 does not have any static IP range furthermore with 9.x and higher as the Azure infra has been used. The IP that the request will go from Azure IP range for this region.
The Azure IP range all region can be downloaded from https://www.microsoft.com/en-us/download/details.aspx?id=41653
Below is the reply from Microsoft for the ticket.
So, If you have the requirement for IP range from currently use all the Azure IP range for the region. This is not a clean solution as this IP range could be changed by Microsoft anytime. So, Using API manager and wrapper service will be a cleaner solution but this include extra cost for customer in terms of development and Azure hosting.
I wish Microsoft will come with a more specific IP ranges for Dynamics Application.
I will explain the API manager and Wrapper service approach in future blog.