Skip to content

FSI Agent Governance Framework

Portal Walkthrough

judeper/FSI-AgentGov

Portal Walkthrough: Control 1.20 - Network Isolation and Private Connectivity

Last Updated: January 2026 Portal: Power Platform Admin Center, Azure Portal Estimated Time: 6-8 hours for VNet setup

Prerequisites

Power Platform Admin role
Azure Network Contributor role
Managed Environment enabled
Azure subscription for VNet resources

Step-by-Step Configuration

Step 1: Configure IP Firewall

Open Power Platform Admin Center
Select environment > Settings > Security
Enable IP firewall
Add approved IP ranges:
Corporate network CIDR (e.g., 10.0.0.0/8)
VPN egress IPs
Set mode: Audit first, then Enforce

Step 2: Enable VNet Support (Zone 3)

In Azure Portal, create VNet:
Name: vnet-powerplatform-prod
Address space: 10.100.0.0/16
Create delegated subnet:
Name: snet-powerplatform
Delegation: Microsoft.PowerPlatform/enterprisePolicies
In PPAC, enable VNet support for environment
Select the delegated subnet

Step 3: Configure Private Endpoints for Key Vault

In Azure Portal, navigate to Key Vault
Go to Networking > Private endpoint connections
Add private endpoint:
VNet: powerplatform VNet
Subnet: Private endpoint subnet
Create private DNS zone and link to VNet

Step 4: Configure Private Link for Application Insights

Create Azure Monitor Private Link Scope (AMPLS)
Add Application Insights resources
Create private endpoint for AMPLS
Configure private DNS zones

Configuration by Governance Level

Setting	Baseline (Zone 1)	Recommended (Zone 2)	Regulated (Zone 3)
IP Firewall	Optional	Required	Required
VNet Support	Not required	Recommended	Mandatory
Private Endpoints	Not required	Sensitive data	All connections
Network Logging	Basic	Standard	Full flow logging

Validation

After completing these steps, verify:

IP Firewall blocks non-allowlisted IPs
Agent reaches resources via VNet path
Private DNS resolves to private IPs
Key Vault access uses private endpoint

Back to Control 1.20 | PowerShell Setup | Verification Testing | Troubleshooting