Announcing Azure Private Link Support for Microsoft Fabric in Public Preview
Organizations today rely on cloud platforms for storage and analysis of data at scale and need to keep up with the accelerating volume of data while protecting sensitive information. While enterprises in Banking, Healthcare, and similar domains require strict data security standards by default, securing business-critical data is the highest priority for all enterprises.
At Fabric GA, we introduced the support of Entra conditional access policies that help secure inbound connectivity to Fabric using sophisticated policies based on user’s identity, device context, location, and network. Today, we are excited to announce the public preview of an enhanced networking feature, Azure Private Link for Microsoft Fabric, for securing access to your sensitive data in Microsoft Fabric by providing network isolation and applying required controls on your inbound network traffic.
Private Link in Fabric
Private Links enable secure connectivity to Fabric by restricting access to your Fabric tenant from an Azure VNet of your choice and blocking all public access. This ensures that only network traffic from that VNet is allowed to access Fabric experiences like Notebooks, Lakehouses, Warehouses in your tenant.
With Azure Private Link, you can:
- Restrict traffic from the internet to Fabric and route it through the Microsoft backbone network.
- Ensure only authorized client machines can access Fabric.
- Comply with regulatory and compliance requirements that mandate private access to your data and analytics services.
While Azure private links were supported in Power BI at a tenant level, we are now extending this feature to other Fabric workloads with this release. For example, connecting to your data in Onelake using the OneLake Explorer can be protected through Private Links. Similarly, you can access Warehouses and Lakehouse SQL endpoints in SQL Managed Studio via Private Links. A list of supported scenarios and limitations can be found at Use private link to access Fabric.
Private Link Setup
You can turn ON Private links for Fabric and restrict public access in the Fabric admin portal. In addition, you will need to follow a series of steps in the Azure portal to complete the setup. For detailed instructions, please refer to How to set up private endpoints to access Fabric.
Once the private link setup is complete, all Fabric endpoints including Onelake and Warehouse endpoints will resolve to private IPs.
And users who try to access Fabric from public networks will see the following error:
Get Started Today
We hope you are as excited as we are about this new security feature. Please do try it and share your feedback.
