Share via

Unexpected IP Requirement for Azure Analysis Services Trigger from NorthEurope ADF

somyasri 0 Reputation points
2025-07-30T05:37:26.7133333+00:00

I’ve encountered an issue while triggering an Azure Analysis Services refresh from my Azure Data Factory (ADF), both located in the North Europe region.

I've enabled the firewall on the Analysis Service to allow NorthEuropeADF, as that’s the only region from which it should be accessed. Two refresh activities were triggered from the same NorthEurope ADF instance:

One database refreshed successfully.

The second failed with the following error:

Operation on target *** failed: Operation on target Analysis_service failed: { "code": "Unauthorized", "subCode": 0, "message": "An internal error occurred.", "httpStatusCode": 401, "details": [ {"code": "Param2", "message": "<ip>72.145.56.40</ip>"} ] }

When I explicitly added the IP 72.145.56.40 to the firewall, the refresh worked fine.

My question is: Why was this specific IP (72.145.56.40)—associated with NorthEuropeAzureCloud—required now?

Earlier, this same job used to run successfully with only the NorthEuropeADF IPs allowed. But now it is failing for the same.

Azure Analysis Services

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. somyasri 0 Reputation points
    2025-07-31T13:00:59.35+00:00

    Hi @Kalyani Kondavaradala

    Thanks for the detailed explanation.

    However, I’d like to highlight that the IP address 72.145.56.40 is not listed in the currently published IP ranges for North Europe ADF.

    I double-checked, and this IP seems to be part of the NorthEuropeAzureCloud range, not specifically under the North Europe ADF range.

    This is a bit confusing—could you clarify why an IP from NorthEuropeAzureCloud is required to refresh the Analysis Service when the request is triggered from North Europe ADF?

  2. Kalyani Kondavaradala 405 Reputation points Microsoft External Staff Moderator
    2025-07-31T15:23:33.75+00:00

    Hello somyasri,

    Greetings for the day!

    You’re right that this 72.145.56.40 IP appears to fall under the NorthEuropeAzureCloud range and not specifically under the North Europe ADF range as published. I understand this can be a bit confusing.

    image Please note that Azure IP ranges are dynamic and subject to change on a weekly basis as part of Microsoft's platform updates. Because of this, relying on static IPs can sometimes lead to unexpected connectivity issues, especially if a new IP is introduced after your last allowlist update.

    imageTo avoid such disruptions, we highly recommend using Azure Service Tags (e.g., AzureDataFactory, AzureCloud, etc.) wherever possible. Service Tags are designed to automatically include the correct and updated IP ranges behind Azure services, and they help ensure that your environment stays in sync with Azure’s backend changes.

    You can refer to the official Microsoft IP range listing, which is updated every week, using the link below:

    https://www.microsoft.com/en-us/download/details.aspx?id=56519

    Hope this helps. Let me know if you have any further questions or need additional assistance. Also, if these answers your query, do click the "Upvote" and click "Accept the answer" of which might be beneficial to other community members.

    Thanks

    Kalyani

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.