Microsoft Fabric Updates Blog

Easily implement data mesh architecture with domains in Fabric

Today, organizations are experiencing massive growth in the volume of data they handle. As a result, they face an ever increasing need to be able to organize and manage that data in a logical way that facilitates targeted usage and efficient governance.

To meet this challenge, organizations are shifting away from traditional IT-centric data architectures, where the data is governed and managed centrally, to more federated models, organized according to line-of-business needs. This federated data architecture is referred to as data mesh. In data mesh architecture, data ownership is decentralized and data itself is organized and governed within specific business domains, such as marketing, sales, human resources, etc.

Microsoft Fabric’s data mesh architecture supports organizing data into domains and enabling data consumers to be able to filter and discover content by domain. It also enables federated governance, which means that some governance currently controlled at the tenant level can be delegated to domain-level control, enabling each business unit/department to define its own rules and restrictions according to its specific business needs. As a result, enterprise customers are empowered with the key tools they need to structure their tenant’s data estate along the principles of a data mesh.

Introducing domains in Fabric

Domains in Fabric allow tenant admins to conveniently define domains and subdomains and assign domain admins and workspaces in a simple quick creation flow, it’s easy to get started.

Get started with domains in Fabric

Go to the Admin portal and click on the Domains tab.  

Click the Create new domain button.

In the dialog that opens, enter the new domain name and the domain admins you would like to assign and click Create.

Note: The domain admins can be assigned or modified later as well.

Now you have a new domain created:

Once you create some domains, you can further refine the logic of the way your data estate is structured by creating subdomains that are nested under the domains.

Create subdomains (preview)

To create subdomains for a domain, open the domain you want to create a subdomain for and select New subdomain.

Provide a name for the subdomain in the New subdomain dialog that appears. When done, select Create.

 Note: Subdomains don’t have their own domain admins. A subdomain’s admins are the domain admins of its parent domain.

Assign workspaces to domains and subdomains

To assign workspaces to a domain or subdomain in the admin portal, go to the domain or subdomain’s page and select Assign workspaces.

In the Assign workspaces to this domain side pane, select how to assign the workspaces.

  • Assign by workspace name
    • Some organizations have naming conventions for workspaces that make it easy to identify the data’s business context. You can search for and select multiple workspaces at once.
  • Assign by workspace admin
    • You can select specific users or security groups as per your business structure. When you confirm the selection, all the workspaces the users and security groups are admins of will be associated to the domain.
  • Assign by capacity
      • Some organizations have dedicated capacities per department. You can search for and select multiple capacities at once. When you confirm your selection, all the workspaces associated to the selected capacities will be assigned to the domain.

Move WS between domains or sub domains (preview)

If you already associated WS to the domain or sub domain, you can easily move them to the relevant domain / sub domain, for better organizing the data without the need to unassign and re-assign.

Select the WS you would like to move (you can select one or more)

Select the destination and click on Move Here

The WS will be assigned to the selected destination. Tenant admins and domain admins assigned to more than one domain will be able to move WS also between domains.

Block WS reassign (preview)

Workspace domain assignments by Fabric admin and domain admins will override existing assignments only if the Allow tenant and domain admins to override workspace assignments (preview) tenant setting is enabled. Tenant admins can easily block the re-assign.

Unassign Workspaces

To unassign a workspace from a domain or subdomain, select the checkbox next to the workspace name and then select the Unassign button above the list. You can select several checkboxes to unassign more than one workspace at a time.

Configure Domain settings

Tenant and domain admins can configure domain and subdomain settings on the domain or subdomain’s Domain settings side pane. Subdomains currently have general settings only.

To open the Domain settings side pane, open the domain or subdomain and select Domain settings (for subdomains, Subdomain settings).

Alternatively, for domains, you can hover over the domain on the Domains tab, select More options (…), and choose Settings.

The domain settings side pane has a number of tabs:

Select General settings to edit domain name and description.

Note: only tenant admins will be able to edit domain name

Select Image and then click on Select an image.

In the photo gallery that pops up you can choose an image or color to represent your domain in the OneLake data hub when your domain is selected.

Once selected, click Apply

Select Admins and then specify who can change domain settings and add or remove workspaces. When done, select Apply.

Note: only tenant admins will be able to add/remove domain admins

Select Contributors and then specify who can assign workspaces to the domain. You can specify everyone in the organization (default), specific users/groups only, or you can allow only tenant admins and the specific domain admins to assign workspaces to the domain. When done, select Apply.

Select Default domain (preview) and specify users and/or security groups. that settings will automatically associate all the unassigned workspaces that owner is the admin of. It will also ensure that when the specified users and/or security groups create new workspaces, that workspace will automatically be assigned to the domain. This capability helps keep the relevant data under the relevant domain without additional work from the tenant or domain admins.

Delegated settings – Tenant admins can decide to delegate some of their tenant settings to domain level. By enabling delegation, the domain admin can decide to change the default setup for the specific configuration and adjust it to specific domain needs. ‘Certification’ is the first setting that can be delegated to domains.

Certification settings at the domain level mean you can: enable or disable certification of items that belong to the domain, if enabled you can specify certifiers who are experts in the domain.

To override the tenant-level certification settings, expand the certification section, select the Override tenant admin selection checkbox, and configure the settings as desired. To revert back to the original tenant settings, uncheck the Override tenant admin selection checkbox and click Apply.

Optimized Discoverability

Discover your data in optimized way with domains and subdomains In OneLake Hub:

And also from all Get data scenarios:

Admin APIs (preview)

We recently released the domains admin APIs. Most of the actions available from the UI are available through the APIs.

Final Thoughts

Domains is a key enabler for data mesh architecture, providing the infrastructure for decentralized architecture, with federated governance and optimized consumption per data business context. With domains, it’s simpler than ever to ensure that the data in your organization is well structured and effectively governed, and that data consumers can easily find the content they need.

To further discuss the capabilities of the domains feature and the challenges it can solve in your organization I invite you to reach out to us at Fabric Domains – Feedback

Useful Links:

Domain DocumentationDomains – Microsoft Fabric | Microsoft Learn

Rest API for AdminsDomains – REST API (Admin) | Microsoft Learn

Related blog posts

Easily implement data mesh architecture with domains in Fabric

June 12, 2024 by Denyse Niwenshuti

The Fabric Help Pane provides Fabric users with a fast and efficient way to access self-help content, allowing them to resolve issues independently or direct them to create a support ticket if further help is required. Following its launch last year, we’ve heard your feedback to improve the relevance of our self-help resources. We are … Continue reading “Solved Fabric Community posts are now available in the Fabric Help Pane”

May 31, 2024 by Dandan Zhang

As more and more enterprises store and analyze data on the cloud, the need for securing sensitive data has become paramount. Microsoft Fabric offers security at different levels – for instance, access control using workspace roles/permissions and granular security at the data layer. In addition to these, Network security provides a critical level of isolation, … Continue reading “Announcing General Availability of Fabric Private Links, Trusted Workspace Access, and Managed Private Endpoints”