Edit

Workspace outbound access protection for Eventhouse (preview)

Workspace outbound access protection (OAP) helps safeguard your data by controlling outbound connections from Real-Time Intelligence items in your workspace to external data sources. When you enable this feature, items can't make outbound connections unless you explicitly grant access through approved data connection rules.

This article describes how outbound access protection applies to Real-Time Intelligence items and what scenarios are supported when the protection is enabled.

Note

Workspace outbound access protection settings apply at the workspace level. All Real-Time Intelligence items in the workspace follow the same outbound access rules.

Supported items

Workspace outbound access protection applies to the following Real-Time Intelligence items:

Outbound access protection for Eventhouse

Supported Eventhouse outbound access scenarios

Even with outbound access protection enabled, Eventhouse can connect to the following resources:

Resource type Location Supported items
External Azure Event Hubs
Fabric Same workspace Eventstream, OneLake, follower databases
Fabric Other workspaces (requires access rules) OneLake, follower databases

Unsupported Eventhouse outbound access scenarios

When you enable workspace OAP, the following Eventhouse outbound access scenarios are blocked:

  • Accessing Eventhouse databases directly, other than through OneLake shortcuts.
  • Connecting to external resources, other than Event Hubs.
  • Using Copilot to generate queries or analyze data.

Limitations

  • Eventhouse outbound access protection is in public preview.
  • All Eventhouse items in the workspace follow the same OAP.

Considerations

  • Workspace OAP is enforced per workspace.
  • All Real-Time Intelligence items in the workspace share the same OAP.

Next steps

Learn more about workspace outbound access protection Enable workspace outbound access protection Create an allow list using data connection rules

  • Last updated on