Microsoft Fabric Updates Blog

Announcing General Availability of Fabric Private Links, Trusted Workspace Access, and Managed Private Endpoints

As more and more enterprises store and analyze data on the cloud, the need for securing sensitive data has become paramount. Microsoft Fabric offers security at different levels – for instance, access control using workspace roles/permissions and granular security at the data layer. In addition to these, Network security provides a critical level of isolation, ensuring protection from unauthorized or unwanted access to data in Fabric by applying required controls on your network traffic.

Earlier this year, in February, we introduced the following new and enhanced network security capabilities in public preview to protect your business-critical data in Fabric:

  1. Private links for Fabric tenant: Announcing Azure Private Link Support for Microsoft Fabric in Public Preview | Microsoft Fabric Blog | Microsoft Fabric
  2. Use trusted workspace access in OneLake Shortcuts: Introducing Trusted Workspace Access for OneLake Shortcuts  | Microsoft Fabric Blog | Microsoft Fabric
  3. Managed PEs for Spark: Introducing Managed Private Endpoints for Microsoft Fabric in Public Preview | Microsoft Fabric Blog | Microsoft Fabric

We are now excited to announce the GENERAL AVAILABILITY of these capabilities.

Here’s a quick summary of how these features enable you secure and optimize your data access and connectivity in Fabric:

  • Private links for Fabric tenant secures inbound access to Fabric from select virtual networks (VNets) and allow you to block access from the internet. This enhances your security and compliance posture by preventing unauthorized or malicious traffic from reaching your Fabric tenant. With this feature enabled, you can secure connectivity to Fabric Onelake and experiences like Data Warehouse, Data Engineering, Data Science and Data Factory. In addition to the above, we are also announcing private link support for Eventhouses today. To learn more about Azure Private Link Support for Microsoft Fabric, see About private Links for secure access to Fabric  – Microsoft Fabric | Microsoft Learn
  • Trusted workspace access allows seamless and secure access to firewall enabled Azure storage accounts. It is designed to help you securely and easily access data stored in Storage accounts from Fabric workspaces, without compromising on performance or functionality. This feature extends the power and flexibility of OneLake shortcuts to work with data in protected storage accounts in place without compromising on security. You can also use this capability with Data pipelines and the COPY INTO feature of Fabric warehouses to ingest data securely and easily into Fabric workspaces. To get started with this feature and to learn about limitations, see Trusted workspace access in Microsoft Fabric – Microsoft Fabric | Microsoft Learn
  • Managed private endpoints provide secure connectivity from Fabric to data sources that are behind a firewall or not accessible from the public internet. Managed Private Endpoints enable Fabric Data Engineering items to access data sources securely without exposing them to the public network or requiring complex network configurations. Managed private endpoints are supported for various data sources, such as Azure Storage, Azure SQL Database, and many others- the most recent addition being Azure Event Hub and Azure IOT Hub. To learn more about Managed Private Endpoints and supported data sources see Overview of managed private endpoints for Microsoft Fabric – Microsoft Fabric | Microsoft Learn

We are dedicated to ensuring Fabric has the highest level of data security. While we continue to add more security capabilities, we also encourage you to review the new Fabric security white paper. This whitepaper aggregates all relevant security information for Fabric in a centralized asset making it convenient to use and share. Whether you are new to Fabric and want to learn about Fabric security or are an existing Fabric customer, exploring mechanisms to secure our ever-evolving capabilities, we recommend you start with the Fabric security whitepaper and then navigate to specific feature documentation for additional details.

Finally, we welcome you to try these features and provide feedback. Also do share suggestions on enhancements or new security features critical to you and your organization in your Fabric journey in Fabric Ideas.

Related blog posts

Announcing General Availability of Fabric Private Links, Trusted Workspace Access, and Managed Private Endpoints

July 14, 2024 by Nimrod Shalit

GitHub and GitHub Enterprise are now available for source control integration. Connect your workspace and you can start syncing your fabric content into your repository.

July 12, 2024 by Ed Lima

During Microsoft Build, in May 2024, we announced the worldwide public preview of API for GraphQL in Microsoft Fabric. With the preview, data engineers and scientists can create a GraphQL data API to connect to different Fabric data sources in seconds, use the APIs in their workflows, or share the API endpoints with app development … Continue reading “Announcing Fabric API for GraphQL pricing”