Set up connections for storage accounts behind firewalls

[Transition from Azure Private Link to managed identities for Azure resources has been delayed.]

If you have Azure Data Lake Storage accounts protected by firewalls, use Azure Private Link to connect to Dynamics 365 Customer Insights - Data. Azure Private Link lets Customer Insights - Data connect to your Azure storage over a private endpoint in your virtual network.

Important

If your instance doesn't already use private links, your instance must be updated first to support private links. Contact Support to get your instance updated.

There are three scenarios where Customer Insights - Data can be configured to connect to firewall-protected Azure storage containers:

• When creating a new Customer Insights - Data environment for which you would like to Use your own Azure Data Lake Storage account that is protected by your virtual network.
• When creating a data source for which the data is stored in your protected Azure Data Lake Storage account.
• Directly from the Settings > Permissions > Private Links page in Customer Insights - Data.

Prerequisites

• Minimum role requirement to set up a Private Link connection:
  • Customer Insights - Data: Administrator
  • Azure built-in role: Storage Account Contributor
  • Permissions for custom Azure role: Microsoft.Storage/storageAccounts/read and Microsoft.Storage/storageAccounts/PrivateEndpointConnectionsApproval/action

Set up a Private Link when creating a Customer Insights - Data environment

When creating a Customer Insights - Data environment that connects to your virtual network protected storage:

1. Select Enable Azure Private Link.

2. Select Create Private Link to initiate the creation process.

3. Approve the Private Link in the Azure portal.

4. Once all links are approved, select Validate Private Link. Upon successful validation, you can continue configuring your new environment.

Set up a Private Link when creating a data source

When creating an Azure Data Lake Storage data source that needs to connect to a storage protected by a virtual network, follow the same steps as described under Setting up a private link when creating a Customer Insights - Data environment.

Set up a Private Link directly from the Private Links page in Customer Insights - Data

1. In Customer Insights - Data, go to Settings > Permissions and select the Private Links tab.

2. Select Add Private Link.

   The Add Private Link pane lists storage accounts in your tenant that you can see.

3. Select the subscription, resource group, and storage account.

4. Review the data privacy and compliance and select I agree.

5. Select Save.

Approve your Private Link in the Azure portal

After configuring the Private Link between Customer Insights - Data and your virtual network protected storage, four Private Links show on the Private Links tab in Customer Insights - Data with a status of Pending.

1. In the Azure portal, go to your Data Lake Storage account, and select Networking > Private endpoints connections to see the four new Private Links.

2. Select Yes to approve them.

   Tip

   For easy identification, consider adding a description when approving the Private Links.

   

3. In Customer Insights - Data, go to Settings > Permissions and select the Private Links tab. The Private Links now show the status Approved.

Delete an Azure Private link

1. In Customer Insights - Data, go to Settings > Permissions and select the Private Links tab.

2. Select the storage account name for which you would like to delete the Private Links.

3. Select Delete.