Enabling private network RFC 1918 connectivity from Power Apps managed environments to Azure SQL Server using Virtual Network support, a native alternative to using data gateways.
Note
A license that allows that enables self-service sign-up and managed environments is required.
- A Power Apps license (E.g.: Power Apps Premium, Power Apps Developer).
- Use managed environments. Make sure to enable it after the environment creation.
- Azure subscription with
Microsoft.PowerPlatformprovider enabled.
Create the .auto.tfvars file:
cp config/local.auto.tfvars .auto.tfvarsIdentify the IP address from which you'll be administering the resources:
curl ifconfig.meSet the required variables to your preferences:
Important
Make sure to match the Azure and the Power Apps locations to your environment.
subscription_id = "<SUBSCRIPTION id>"
allowed_public_ips = ["<YOUR IP ADDRESS>"]
entraid_tenant_domain = "<ENTRA ID DOMAIN>"Create the resources:
terraform init
terraform apply -auto-approveIn the new Power App UI experience, the Enterprise Policies seem to have been migrated to the URL below, and are identified as Virtual Network policies:
https://admin.powerplatform.microsoft.com/security/dataprotection
Enterprise policy for network injection must be configured via the CLI (or so it seems). Microsoft has provided a collection os scripts to assist with that, of which the step 7. Set Subnet Injection for an environment would be the one required for this configuration.
Download the microsoft/PowerApps-Samples code base. Start by reading the How to run setup scripts section and make sure the requirements are met.
Tip
I had issues running these scripts on Linux. Code in this section was run on a Windows environment with PS7.
Note
Run this script from a elevated terminal. It`ll install several required packages. Bypass the execution at your own discretion.
cd .\PowerApps-Samples-master\powershell\enterprisePolicies
pwsh -executionpolicy bypass -file .\InstallPowerAppsCmdlets.ps1Tip
Close the elevated terminal and start a standard one
Execute the required script that will perform the subnet injection into the Power Apps environment:
# You'll need to `cd` into this directory first:
cd .\SubnetInjection\
# And then run the script
pwsh -executionpolicy bypass -file .\NewSubnetInjection.ps1Retrieve the registration status of the enterprise policy to the environment:
Note
It might take some time until the connectivity is functional and usable when connecting to data from Power Apps.
pwsh -executionpolicy bypass -file GetSubnetInjectionEnterprisePolicyForEnvironment.ps1Check the environment history to confirm the change was successful:
Quick links to relevant Microsoft documents:
- Set up Virtual Network support for Power Platform
- Virtual Network support overview
- 7. Set Subnet Injection for an environment
- Managed Environments overview
Remove the subnet injection:
pwsh -executionpolicy bypass -file .\RevertSubnetInjection.ps1You should now be able to delete the Power App managed environment.
Destroy the Azure resources:
terraform destroy -auto-approve