Microsoft Fabric Updates Blog

Announcing Azure Private Link Support for Microsoft Fabric in Public Preview

Organizations today rely on cloud platforms for storage and analysis of data at scale and need to keep up with the accelerating volume of data while protecting sensitive information.  While enterprises in Banking, Healthcare, and similar domains require strict data security standards by default, securing business-critical data is the highest priority for all enterprises.

At Fabric GA, we introduced the support of Entra conditional access policies that help secure inbound connectivity to Fabric using sophisticated policies based on user’s identity, device context, location, and network.  Today, we are excited to announce the public preview of an enhanced networking feature, Azure Private Link for Microsoft Fabric, for securing access to your sensitive data in Microsoft Fabric by providing network isolation and applying required controls on your inbound network traffic.

Private Link in Fabric

Private Links enable secure connectivity to Fabric by restricting access to your Fabric tenant from an Azure VNet of your choice and blocking all public access. This ensures that only network traffic from that VNet is allowed to access Fabric experiences like Notebooks, Lakehouses, Warehouses in your tenant.

With Azure Private Link, you can:

  • Restrict traffic from the internet to Fabric and route it through the Microsoft backbone network.
  • Ensure only authorized client machines can access Fabric.
  • Comply with regulatory and compliance requirements that mandate private access to your data and analytics services.

While Azure private links were supported in Power BI at a tenant level, we are now extending this feature to other Fabric workloads with this release. For example, connecting to your data in Onelake using the OneLake Explorer can be protected through Private Links. Similarly, you can access Warehouses and Lakehouse SQL endpoints in SQL Managed Studio via Private Links. A list of supported scenarios and limitations can be found at Use private link to access Fabric.

Private Link Setup

You can turn ON Private links for Fabric and restrict public access in the Fabric admin portal. In addition, you will need to follow a series of steps in the Azure portal to complete the setup. For detailed instructions, please refer to How to set up private endpoints to access Fabric.

Once the private link setup is complete,  all Fabric endpoints including  Onelake and Warehouse endpoints will resolve to private IPs.

And users who try to access Fabric from public networks will see the following error:

Get Started Today

We hope you are as excited as we are about this new security feature. Please do try it and share your feedback.


Related blog posts

Announcing Azure Private Link Support for Microsoft Fabric in Public Preview

October 7, 2024 by Alex Lin

Introducing Managed VNet Support for Fabric Eventstream! By creating a Fabric’s Managed Private Endpoint, you can now securely connect Eventstream to your Azure services, such as Azure Event Hubs or IoT Hub, within a private network or behind a firewall. This integration ensures your data is securely transmitted over a private network, enabling you to … Continue reading “Secure Data Streaming with Managed Private Endpoints in Eventstream (Preview)”

October 4, 2024 by Jason Himmelstein

We had an incredible time in our host city of Stockholm for FabCon Europe! 3,300 attendees joined us from our international community, and it was wonderful to meet so many of you in person. Throughout the week of FabCon Europe, our teams published a wealth of valuable content, and we want to ensure you have … Continue reading “Fabric Community Conference Europe Recap”