Add Fabric URLs to your allowlist

This article contains the allowlist of the Microsoft Fabric URLs required for interfacing with Fabric workloads. For the Power BI allowlist, see Add Power BI URLs to your allowlist.

The URLs are divided into two categories: required and optional. The required URLs are necessary for the service to work correctly. The optional URLs are used for specific features that you might not use. To use Fabric, you must be able to connect to the endpoints marked required in the tables in this article, and to any endpoints marked required on the linked sites. If the link to an external site refers to a specific section, you only need to review the endpoints in that section. You can also add endpoints that are marked optional to allowlists for specific functionality to work.

Fabric requires only TCP Port 443 to be opened for the listed endpoints.

The tables in this article use the following conventions:

  • Wildcards (*) represent all levels under the root domain.
  • N/A is used when information isn't available.

The Endpoint column lists domain names and links to external sites, which contain further endpoint information.

Fabric Platform Endpoints

Purpose Endpoint Port
Required: Portal *.fabric.microsoft.com TCP 443

OneLake

Purpose Endpoint Port
For OneLake access for DFS APIs (default Onelake endpoint) *.onelake.dfs.fabric.microsoft.com TCP 1443
Onelake endpoint for calling Blob APIs *.onelake.blob.fabric.microsoft.com TCP 443
Optional: Regional Endpoints for DFS APIs *<region>-onelake.dfs.fabric.microsoft.com TCP 443
Optional: Regional Endpoints for Blob APIs *<region>-onelake.blob.fabric.microsoft.com TCP 443

Pipeline

Purpose Endpoint Port
For outbound connections
Required: Portal *.powerbi.com TCP 443
Required: Backend APIs for Portal *.pbidedicated.windows.net TCP 443
Required: Cloud pipelines No specific endpoint is required N/A
Optional: On-premises data gateway login *.login.windows.net
login.live.com
aadcdn.msauth.net
login.microsoftonline.com
*.microsoftonline-p.com
See the documentation for Adjust communication settings for the on-premises data gateway
TCP 443
Optional: On-premises data gateway communication *.servicebus.windows.net TCP 443
TCP 5671-5672
TCP 9350-9354
Optional: On-premises data gateway pipelines *.frontend.clouddatahub.net
(User can use service tag DataFactory or DataFactoryManagement)
TCP 443
For inbound connections No specific endpoints other than the customer's data store endpoints required in pipelines and behinds the firewall.
(User can use service tag DataFactory, regional tag is supported, like DataFactory.WestUs)

Lakehouse

Purpose Endpoint Port
Inbound connections https://cdn.jsdelivr.net/npm/monaco-editor* N/A

Notebook

Purpose Endpoint Port
Inbound connections (icons) http://res.cdn.office.net/ N/A
Required: Notebook backend https://*.pbidedicated.windows.net
wss://*.pbidedicated.windows.net
(HTTP/WebSocket)
N/A
Required: Lakehouse backend https://onelake.dfs.fabric.microsoft.com N/A
Required: Shared backend https://*.analysis.windows.net N/A
Required: DE/DS extension UX https://pbides.powerbi.com N/A
Required: Notebooks UX https://aznb-ame-prod.azureedge.net N/A
Required: Notebooks UX https://*.notebooks.azuresandbox.ms N/A
Required: Notebooks UX https://content.powerapps.com N/A
Required: Notebooks UX https://aznbcdn.notebooks.azure.net N/A

Spark

Purpose Endpoint Port
Inbound connections (icons) http://res.cdn.office.net/ N/A
Inbound connections (library management for PyPI) https://pypi.org/* N/A
Inbound connections (library management for Conda) local static endpoints for condaPackages N/A

Data Warehouse

Purpose Endpoint Port
Required: Datamart SQL datamart.fabric.microsoft.com TCP 1433
Required: Datamart SQL datamart.pbidedicated.microsoft.com TCP 1433
Required: Datamart SQL *.pbidedicated.microsoft.com TCP 1433
Required: Fabric DW SQL datawarehouse.fabric.microsoft.com TCP 1433
Required: Fabric DW SQL datawarehouse.pbidedicated.microsoft.com TCP 1433
Required: Fabric DW SQL *.pbidedicated.microsoft.com TCP 1433

Data Science

Purpose Endpoint Port
Inbound connections (library management for PyPI) https://pypi.org/* N/A
Inbound connections (library management for Conda) local static endpoints for condaPackages N/A

KQL Database

Purpose Endpoint Port
https://*.z[0-9].kusto.fabric.microsoft.com

Eventstream

Purpose Endpoint Port
Customers can send/read events from Eventstream in their custom app sb://*.servicebus.windows.net http: 443
amqp: 5672/5673
kafka: 9093