Protecting Your Fabric Data Using Purview (Generally Available)
Microsoft Purview Data Loss Prevention policies for Fabric
This is a significant milestone for organizations looking to strengthen their data governance and security posture within the unified, end-to-end analytics platform that is Microsoft Fabric.
In today’s data-driven world, data is your most valuable asset. But with great data comes great responsibility – the responsibility to protect it from unauthorized exposure. Data Loss Prevention policies in Fabric empower you to proactively safeguard your sensitive information, ensuring it remains within the boundaries you define, no matter where it resides within your Fabric tenant.
Key Capabilities Now at Your Fingertips
You can now leverage powerful DLP capabilities tailored for Microsoft Fabric:
- Policy Creation and Management: Easily create, manage, and deploy DLP policies directly within the Microsoft Purview compliance portal. Define rules based on sensitive information types (SITs) and label assignment specific to your data.
- Sensitive Information Type (SIT) Detection: Leverage a vast library of pre-built SITs, or create your own, to accurately identify sensitive data such as credit card numbers, national identification numbers, financial records, and intellectual property within your Fabric workspaces.
- Policy Scope for Fabric: Define the scope of your DLP policies to target specific Fabric workspaces, ensuring that protections are applied precisely where needed.
- Actionable Alerts and Notifications: Configure alerts and notifications for policy violations, enabling security administrators to quickly identify and respond to potential data loss incidents. Users can also be notified in real-time with policy tips as they are interacting with their data, when attempting an action that may violate a policy.
- Auditing Controls: Monitor all policy results through Purview auditing, for compliance and investigation purposes.
Getting Started with DLP for Fabric
Ready to fortify your Fabric data estate? Getting started is straightforward:
- Understand Your Data: Begin by identifying where your most sensitive data resides within Fabric and the types of information you need to protect.
- Access the Microsoft Purview Compliance Portal: Navigate to the Microsoft Purview compliance portal.
- Create Your First DLP Policy: Go to Data loss prevention > Policies and click Create policy.
- Select Fabric as Your Location: When configuring the policy, choose Fabric as the location and define which workspaces you want the policy to run in.
- Define Your Rules and Actions: Configure your policy rules using sensitive information types and labels as conditions, and the actions you want to take (e.g., audit, notify users and alerts).
We encourage you to explore these new capabilities and integrate DLP policies into your data governance strategy for Microsoft Fabric. This release marks a significant step towards a more secure and compliant data environment for all your analytics needs.
Want to learn more? Check out our official documentation for detailed guidance on configuring and managing DLP policies for Microsoft Fabric.
Start protecting your valuable data in Fabric today!
As a reminder, Purview Data Loss Prevention Policies are acquired through the Purview new pay-as-you-go billing and are subject to consenting to the new business model.
Purview Protection Policies for Sensitivity Labels
Unleash Secure Collaboration: Information Protection Policies for Microsoft Fabric (Generally Available)! This is a game-changer for organizations seeking to extend their data classification and protection strategies directly into the heart of their analytics ecosystem – Microsoft Fabric.
In today’s dynamic data landscape, sensitive information flows across various tools and platforms. Ensuring this data remains classified and protected, no matter where it’s created, stored, or shared, is paramount. Information Protection policies in Fabric empower you to achieve this by seamlessly integrating Microsoft Purview Information Protection sensitivity labels, bringing a consistent and robust layer of security to your data assets within Fabric.
How do protection policies play into your security story? Configure policies that automatically enforce access restrictions and other protective actions based on the applied sensitivity label. For instance, a ‘Confidential’ label can automatically limit access to a specific security group.
The Transformative Value of Information Protection for Fabric
Information Protection policies in Fabric deliver immense value by:
- Enabling Persistent Data Protection: Apply sensitivity labels directly to Fabric items (like Lakehouses, Warehouses, KQL databases, etc.) ensuring that the classification and associated protection (encryption, access restrictions) travel with the data, even when it’s exported or moved.
- Automating Governance: Reduce the burden of manual security configurations. Once a sensitivity label is applied, the policy automatically enforces access controls, minimizing human error and ensuring consistent application of your organization’s data policies.
- Simplifying Compliance: Meet stringent regulatory requirements by providing a clear, auditable trail of data classification and protection. This proactive approach helps demonstrate adherence to data privacy and security mandates.
- Fostering Secure Collaboration: Empower users to work with sensitive data in Fabric confidently, knowing that built-in protections are in place. Labels make it clear what level of sensitivity a data asset holds, guiding appropriate usage and sharing.
- Centralizing Data Security: Extend your existing Microsoft Purview Information Protection framework to Fabric, creating a unified approach to data security across your entire data estate.
Domain-level Default Sensitivity Labels
Sensitivity labels in Fabric enable organizations to consistently classify and apply security policies, such as encryption and access restrictions, to data assets, ensuring protection that persists even when the data is moved or shared outside of the platform.
Using a domain-level sensitivity label in Microsoft Fabric allows you to apply a default level of data protection and governance to all new data items created within a specific domain. This provides significant value by centralizing and automating security policies, reducing the risk of human error and ensuring consistent data handling across the organization.
The Value of Domain-Level Labels
- Automated Protection: A domain-level sensitivity label ensures that any new Fabric item, like a lakehouse or KQL database, automatically inherits the security settings of that label. This means you don’t have to rely on individual users to remember to apply the correct label, reducing the chance of sensitive data being left unprotected.
- Centralized Governance: Instead of managing security policies on a per-item or per-workspace basis, a domain-level label allows administrators to delegate governance to the domain level. This empowers business units to manage their own data while still adhering to overall corporate compliance and security standards.
- Streamlined Compliance: By automatically classifying and protecting data, domain-level labels streamline compliance efforts. They provide a clear and auditable trail of how data is being handled, making it easier to demonstrate adherence to regulatory requirements and internal policies.
- Scalability: For large organizations with many domains and data products, this approach is far more scalable than manual labeling. It ensures that as the data estate grows, security and governance grow with it, maintaining a consistent level of protection without adding a significant administrative burden.
To learn more about Domain-level default sensitivity labels refer to the documentation.
As always, we welcome your comments or any feedback you may have regarding data protection in Fabric. For any suggestions, please fill out the feedback form.
