Security considerations for data movement in Azure Data Factory
URL: https://learn.microsoft.com/en-us/azure/data-factory/data-movement-security-considerations#firewall-requirements-for-on-premisesprivate-network
Author: ssabat
Summary
Describes basic security infrastructure that data movement services in Azure Data Factory use to help secure your data.
Highlights Added July 17, 2024 at 11:02 AM
Domain names Outbound ports Description
*.servicebus.windows.net443 Required by the self-hosted integration runtime for interactive authoring.{datafactory}.{region}.datafactory.azure.net
or*.frontend.clouddatahub.net443 Required by the self-hosted integration runtime to connect to the Data Factory service.
For new created Data Factory, please find the FQDN from your Self-hosted Integration Runtime key which is in format {datafactory}.{region}.datafactory.azure.net. For old Data factory, if you don't see the FQDN in your Self-hosted Integration key, please use *.frontend.clouddatahub.net instead.download.microsoft.com443 Required by the self-hosted integration runtime for downloading the updates. If you have disabled auto-update, you can skip configuring this domain.*.core.windows.net443 Used by the self-hosted integration runtime to connect to the Azure storage account when you use the staged copy feature.*.database.windows.net1433 Required only when you copy from or to Azure SQL Database or Azure Synapse Analytics and optional otherwise. Use the staged-copy feature to copy data to SQL Database or Azure Synapse Analytics without opening port 1433. ([View Highlight] (https://read.readwise.io/read/01gzct54jcbms13wvgt8pwg8yb))