Please enter your information to subscribe to the Microsoft Fabric Blog.

Thanks for subscribing to the Microsoft Fabric Blog. You’ll receive email notifications when we publish new posts.

Microsoft Fabric Updates Blog

  1. Updates
  2. Alex Lin

Seamlessly connect Azure Logic Apps to Fabric Eventstream using Managed Identity

Eventstream’s Custom Endpoint is a powerful feature that allows users to send and fetch data from Eventstream. It provides two authentication methods for integrating external application:  

  • Microsoft Entra ID
  • Shared access signature (SAS) Keys

While SAS Keys provide quick integration, they require users to store, rotate, and manage secrets manually, increasing security risks. On the other hand, Microsoft Entra ID authentication simplifies access by tying user permissions directly to Fabric workspace access, eliminating the need for secret management, enhancing security and simplifying access control.

In this blog, we’ll compare Entra ID and SAS Keys auth in Eventstream, explore use cases, and walk through how to connect Azure Logic Apps to Eventstream using managed identity authentication.

Entra ID authentication

Microsoft Entra ID authentication integrates seamlessly with Fabric workspace access, ensuring secure access without managing secrets. Users can grant permissions to security principal, which may be a user, a group, or an application service principal. It also supports Managed Identity authentication for Azure services like Logic Apps.

Key benefits of using Entra ID auth:

  • No need for secret management – Eliminates the need for storing, rotating and manage keys.
  • Stronger security – Access to Fabric items is identity-based and managed within Fabric permissions.
  • Simplified automation – Integrate seamlessly with Azure Managed Identities, enabling secure and automated connections.

SAS Keys authentication

Shared access signatures (SAS) keys provide a convenient way to grant temporary and limited access to Eventstream’s underlying Event Hub resource. Users can generate and revoke keys as needed.

Potential risks & Limitations:

  • Security vulnerability – If a SAS is leaked, anyone can use it to access Eventstream.
  • Expiration issues – Applications using an expired SAS key lose access unless a new key is manually retrieved.
  • Manual effort needed – Requires manual key rotation to maintain security.

Overall, using Entra ID authentication is recommended for a more secure and efficient connection when sending and retrieving data from Eventstream.

How to connect Eventstream via Managed Identity?

Let’s walk through the key steps to connect Azure Logic Apps to Eventstream using Managed Identity authentication.

Step 1: Enable Managed Identity in Azure Logic Apps

Open your Azure Logic App in the Azure Portal, navigate to the Identity section, and enable System-assigned managed identity.

Step 2: Assign Fabric Workspace Permissions

Open Manage access in your Fabric workspace and search for the Logic App’s Managed Identity (e.g., alex-logicapp2). Assign the Contributor or higher permission to the identity.

Step 3: Add a Custom Endpoint source to Eventstream

Open your Eventstream in Fabric and add a Custom Endpoint source. Select Entra ID authentication and copy the Event Hub information for later use.

Step 4:  Add an Event Hub action in Logic Apps

In your Logic Apps workflow, add an HTTP trigger (if not already added). Add an Event Hub action and select Send event. Create a new connection and choose Logic Apps Managed Identity as the authentication type. Enter the Event Hub information from the previous step and save your changes. 

You’re all set! Go back to Eventstream and select Data Preview to check for incoming data.

Conclusion

By leveraging Microsoft Entra ID authentication, you can securely connect Azure Logic Apps to Eventstream without worrying about manual secret management. This approach enhances security, simplifies permission management, and improves operational efficiency.

Start using Entra ID authentication in Eventstream today to enhance security and streamline your data streaming workflows. For more details, check out our Connect to Eventstream using Microsoft Entra ID authentication.

We value your feedback, so please send us your ideas and suggestions at askeventstreams@microsoft.com.

Related blog posts

Seamlessly connect Azure Logic Apps to Fabric Eventstream using Managed Identity

Blog's featured image

New in OneLake: Access your Delta Lake tables as Iceberg automatically (Preview)
July 10, 2025 by Matthew Hicks

Effortlessly read Delta Lake tables using Apache Iceberg readers Microsoft Fabric is a unified, SaaS data and analytics platform designed for the era of AI. All workloads in Microsoft Fabric use Delta Lake as the standard, open-source table format. With Microsoft OneLake, Fabric’s unified SaaS data lake, customers can unify their data estate across multiple … Continue reading “New in OneLake: Access your Delta Lake tables as Iceberg automatically (Preview)”

Read more
Blog's featured image

From Clicks to Code: SQL Operator under Fabric Eventstream (Preview)
July 10, 2025 by Vaibhav Shrivastava

A new feature has been added to Eventstream—the SQL Operator—which enables real-time data transformation within the platform. Whether you’re filtering, aggregating, or joining data streams, or handling complex data transformation needs like conditional logic, nested expression, string manipulation etc. SQL Operator gives you the flexibility and control to craft custom transformations using the language you … Continue reading “From Clicks to Code: SQL Operator under Fabric Eventstream (Preview)”

Read more