Microsoft Fabric Updates Blog

Announcing Azure Private Link Support for Microsoft Fabric in Public Preview

Organizations today rely on cloud platforms for storage and analysis of data at scale and need to keep up with the accelerating volume of data while protecting sensitive information.  While enterprises in Banking, Healthcare, and similar domains require strict data security standards by default, securing business-critical data is the highest priority for all enterprises.

At Fabric GA, we introduced the support of Entra conditional access policies that help secure inbound connectivity to Fabric using sophisticated policies based on user’s identity, device context, location, and network.  Today, we are excited to announce the public preview of an enhanced networking feature, Azure Private Link for Microsoft Fabric, for securing access to your sensitive data in Microsoft Fabric by providing network isolation and applying required controls on your inbound network traffic.

Private Link in Fabric

Private Links enable secure connectivity to Fabric by restricting access to your Fabric tenant from an Azure VNet of your choice and blocking all public access. This ensures that only network traffic from that VNet is allowed to access Fabric experiences like Notebooks, Lakehouses, Warehouses in your tenant.

With Azure Private Link, you can:

  • Restrict traffic from the internet to Fabric and route it through the Microsoft backbone network.
  • Ensure only authorized client machines can access Fabric.
  • Comply with regulatory and compliance requirements that mandate private access to your data and analytics services.

While Azure private links were supported in Power BI at a tenant level, we are now extending this feature to other Fabric workloads with this release. For example, connecting to your data in Onelake using the OneLake Explorer can be protected through Private Links. Similarly, you can access Warehouses and Lakehouse SQL endpoints in SQL Managed Studio via Private Links. A list of supported scenarios and limitations can be found at Use private link to access Fabric.

Private Link Setup

You can turn ON Private links for Fabric and restrict public access in the Fabric admin portal. In addition, you will need to follow a series of steps in the Azure portal to complete the setup. For detailed instructions, please refer to How to set up private endpoints to access Fabric.

Once the private link setup is complete,  all Fabric endpoints including  Onelake and Warehouse endpoints will resolve to private IPs.

And users who try to access Fabric from public networks will see the following error:

Get Started Today

We hope you are as excited as we are about this new security feature. Please do try it and share your feedback.

Related blog posts

Announcing Azure Private Link Support for Microsoft Fabric in Public Preview

July 24, 2024 by Jason Himmelstein

Welcome to the July 2024 update. Here are a few, select highlights of the many we have for Fabric. Creating and managing Git branches & connected workspaces with Git integration just got with the latest enhancements to Fabric Git integration. You now have the capability to perform restore-in-place of a warehouse in Microsoft Fabric through … Continue reading “Microsoft Fabric July 2024 Update”

July 14, 2024 by Nimrod Shalit

GitHub and GitHub Enterprise are now available for source control integration. Connect your workspace and you can start syncing your fabric content into your repository.