Troubleshooting: Control 1.20 - Network Isolation and Private Connectivity
Last Updated: January 2026
Common Issues
| Issue | Cause | Resolution |
|---|---|---|
| Access blocked unexpectedly | IP not in allowlist | Add IP to firewall rules |
| VNet connectivity failing | Subnet not delegated | Configure delegation |
| Private DNS not resolving | DNS zone not linked | Link private DNS zone to VNet |
| Key Vault access denied | Network rules blocking | Add private endpoint exception |
Detailed Troubleshooting
Issue: IP Firewall Blocking Legitimate Access
Symptoms: Users cannot access environment from corporate network
Resolution:
- Verify corporate IP ranges in firewall rules
- Check for NAT/proxy IP changes
- Test in audit mode first
- Add missing IP ranges
Issue: VNet Connectivity Not Working
Symptoms: Agent cannot reach private resources
Resolution:
- Verify subnet delegation to Microsoft.PowerPlatform
- Check VNet is linked in PPAC environment settings
- Verify NSG rules allow required traffic
- Check private endpoint is healthy
Escalation Path
- Power Platform Admin - IP Firewall and VNet settings
- Azure Network Admin - VNet and private endpoint configuration
- Security Admin - Network architecture approval
- Microsoft Support - Platform issues
Known Limitations
| Limitation | Impact | Workaround |
|---|---|---|
| VNet requires Managed Environment | Not available on standard | Upgrade to Managed |
| Regional availability | Not all regions supported | Check documentation |
| IP Firewall 200 rule limit | Large organizations may hit limit | Use CIDR aggregation |
Back to Control 1.20 | Portal Walkthrough | PowerShell Setup | Verification Testing