Introduzca su información para suscribirse al Blog de Microsoft Fabric.

Gracias por suscribirse al blog de Microsoft Fabric. Recibirá notificaciones por correo electrónico cuando publiquemos nuevas publicaciones.

Microsoft Fabric Updates Blog

  1. Actualizaciones
  2. Meenal Srivastva

Support for Workspace Identity Authentication and Trusted Access to ADLS Gen2 in Semantic Models

We are excited to announce support for workspace identity authentication to Azure Data Lake Storage Gen2 in semantic models. Semantic models in import mode can now leverage secure credential free authentication and trusted access to ADLS Gen2 storage accounts.

What is workspace identity?

Workspace identity in Fabric is an automatically managed service principal associated with workspaces (excluding My Workspaces). When you create a workspace identity, Fabric generates a service principal in Microsoft Entra ID, enabling seamless authentication and trusted access to firewall-enabled storage accounts.

Previously, workspace identity facilitated authentication and trusted access in OneLake shortcuts, data pipelines, and DW Copy scenarios. Now, we’re extending its capability to semantic models. Workspace identity support streamlines the authentication process, eliminates the need for managing secrets or certificates, and enhances security and credential management efficiency.

Using workspace identity in semantic models

Here are the steps to use workspace identity in semantic models for authentication and trusted access.

Step 1: Create the Workspace Identity

Creating a workspace identity is straightforward and can be done in the workspace settings of any workspace except personal workspaces (My Workspace):

  • Navigate to your workspace and open the workspace settings.
  • Select the Workspace identity tab.
  • Click on the + Workspace identity button.

You can also create the workspace identity using the Workspaces – Provision Identity REST API. Workspace admins can create and delete the workspace identity. Admins, members, and contributors can configure workspace identity as an authentication method in supported items, such as semantic models.

Step 2: Grant Permissions to the Storage Account

To enable the workspace identity to access ADLS Gen2 storage accounts:

  1. Sign in to the Azure portal and navigate to the storage account.
  2. Select the Access control (IAM) tab and click on Role assignments.
  3. Click the Add button and choose Add role assignment.
  4. Select the appropriate role (e.g., Storage Blob Data Reader) and assign it to the workspace identity.

Complete the assignment by selecting Review + assign.

Step 3: Create and configure a data connection with workspace identity authentication method

  1. Navigate to the Manage connections and gateways experience
  2. Click on the + New button
  3. Select Cloud connections and provide the connection name and type Azure data lake storage Gen 2
  4. Provide the Server and full path to the storage data
  5. Select workspace identity as the authentication method
  6. Click on Create to create the connection.

If the storage account is firewall-enabled, then you can only configure workspace identity as the authentication method in Manage connections and gateways experience. To use other authentication methods such as service principal and organizational account in connections to a firewall-enabled storage account, you can use shortcut or pipeline creation experiences to create the connection. Later, you can bind this connection to semantic models.

Step 4: Create a semantic model and bind it to the data connection

To create semantic models using workspace identity authentication:

  1. Create the semantic model in Power BI Desktop that connects to the ADLS Gen2 storage account using the steps listed in Analyze data in Azure Data Lake Storage Gen2 by using Power BI. You can use organizational account to connect to Azure Data Lake Storage Gen2 in PBI Desktop.
  2. Import the model to the workspace configured with the Workspace Identity.
  3. Navigate to the model settings and expand the Gateway and cloud connections section.
  4. Under Cloud connections, select the data connection created in the previous step for the ADLS Gen2 storage account.
  5. Click Apply and then refresh the model to finalize the configuration.

Workspace identity can be created in any type of workspace such as Pro, Premium, and Fabric capacity, except for personal workspaces (My workspace). However, trusted access is only supported in workspaces associated with Fabric capacities.

Next steps

We believe this enhancement will provide a seamless and secure authentication experience. You can learn more about this feature by reading about workspace identity authentication and trusted workspace access.

Stay tuned for more updates and innovations in Microsoft Fabric.

Entradas de blog relacionadas

Support for Workspace Identity Authentication and Trusted Access to ADLS Gen2 in Semantic Models

Imagen destacada del blog

Microsoft Fabric 2025 holiday recap: Unified Data and AI Innovation
diciembre 16, 2025 por Alex Powers

As 2025 ends, we’re taking a moment to reflect on Microsoft Fabric’s second year in the market and the collective progress made alongside our community, customers, and partners. What began as a unified vision for data and AI has grown into a platform adopted by more than 28,000 organizations worldwide, anchored by OneLake and shaped … Continue reading “Microsoft Fabric 2025 holiday recap: Unified Data and AI Innovation”

Más información
Imagen destacada del blog

Fabric Runtime 2.0 (Preview)
diciembre 15, 2025 por Arshad Ali

Fabric Runtime provides seamless integration within the Microsoft Fabric ecosystem, delivering a powerful environment for data engineering and data science projects built on Apache Spark. Fabric Runtime 2.0 is now available in Experimental Public Preview (EPP). This next-generation runtime is purpose-built for large-scale data computations in Microsoft Fabric and introduces key features and components that … Continue reading “Fabric Runtime 2.0 (Preview)”

Más información