In times of data breaches and millions of customer entries breached, the security of your data platform is one of the things you need to consider upfront and – preferably in all your data solutions.
When Microsoft Fabric was announced the concepts of connecting to other parts of your already secured data platform in Azure was not possible. The options to (securely) connect Fabric to other parts of your Azure platform were not available initially.
February 2024 – Managed Private Endpoints and Trusted Workspace Access in Fabric… but…
In the past – when building data platforms in Azure – like using Synapse Analytics, Azure Data Factory, Azure SQL, Azure Data Lake Storage, … we implemented our platforms using private endpoints, managed vNets, .. and private connectivity between the involved data services. Especially in customer discussions we mentioned the importance of securing your data platform.
But Data Connection Security in Fabric? Well.. after public preview and GA, there were no options to use the security concepts we knew for several years now.
But in February 2024, the long awaited mechanism to use private endpoints for data connectivity were introduced (Feb 2024 – Introducing Managed Private Endpoints for Microsoft Fabric in Public Preview).
What are private endpoints in Microsoft Fabric?
Managed private endpoints allow secure and private access to other data services (in Azure) without using public access. (documentation). The connection is provided by dedicated managed virtual networks
What is Trusted Workspace Access in Fabric?
Trusted Workspace Access allows a secure access to ADLS Gen2 storage accounts using the concept of workspace identities. This concept was announced in February 2024.
And now comes the .. but .. section of the announcements
Although Microsoft Fabric got the features to securely connect to other data services there was one blocker to implement this needed security feature in the wild. The initial licensing blocked all the Fabric projects/implementations using Fabric capacities smaller than F64 (see Fabric SKU pricing).
Most of our customers are small-medium sized companies in Europe which do not require or use those kind of large(r) Fabric-capacities. Therefore – no entry to security beyond this point.
The same applied to the Trusted Workspace Access feature – same licensing requirements having a F64+ capacity in place.
This blocker was unfortunately one of the missing pieces for some of our customers to start the first Fabric PoC or even a Fabric project. And I was not the only one. The discussions in the Data community started immediately after the announcement but Microsoft enforced the decision with “security only for capacities larger than F64”.
#CommunityRocks – The big change in August 2024 – Security for everyone
Months of the initial announcements, many discussions, hints and suggestions how the networking security features in Microsoft Fabric can be brought to a broader audience – out of a sudden – a blog post was published.
And this blog post changed the licensing for Managed Private Endpoints and Trusted Workspace Access in Fabric completely.
- Trusted Workspace Access * and
- Managed Private Endpoints (MPE) **
.. in Fabric are available using any F capacity*
* trusted workspace Access (in any purchased F capacity)
** MPE in any purchased F capacity + Trial capacities.
In my session at Fabric Conference in Las Vegas (March 2024) – Anton Fritz and I – we talked about data security as a team sport. In the context of this session we discussed the different data roles – Data Analyst, Data Engineers, Fabric Admins, Security admins.
In the context of Security in Microsoft Fabric, the Game changed – it’s now a team sport for everyone. In the weeks of the olympic games in Paris, it changed from a team sport for the athlets and well-trained, well funded only to a highly needed foundation for powerful data architectures.
Thanks again to the Fabric leadership team that you changed your minds – we know that we directed our feedback in many, multiple, and even more ways. Data Security is key – and a Team sport everyone needs to have access to.her in future posts. In the meantime, if you have any comments or queries about this post feel free to reach out to me.
About the Author
Wolfgang Strasser
Data Consultant @ ACP CUBIDO | Microsoft Fabric, Synapse Analytics, Power BI
Reference:Fabric Security is a Team Sport Now – For Everyone | workingondata [Accessed: 10th May 2025].
