Restrict portal access by IP address

Note

These release notes describe functionality that may not have been released yet. To see when this functionality is planned to release, please review Summary of what’s new. Delivery timelines and projected functionality may change or may not ship (see Microsoft policy).

Security is a key concern for applications and it becomes more paramount for an external-facing application like Dynamics 365 Portal. As part of this release, we will add capabilities for customers to be able to restrict access to their portals from certain IP addresses. This will help organizations that are looking to restrict their portals from fixed locations like internal company networks. Also, this will help customers who are in a development phase and want to make sure their data doesn't get leaked because of a bad configuration.

This feature would allow administrators to define a list of IP addresses that are allowed to access your portal. The allow list can include individual IP addresses or a range of IP addresses defined by a subnet mask. When a request to the portal is generated from any user, their IP address is evaluated against the allow list. If the IP address is not in the list, the portal replies with an HTTP 403 status code.