Security in manufacturing data solutions (preview)
Important
Some or all of this functionality is available as part of a preview release. The content and the functionality are subject to change.
Microsoft Cloud for Manufacturing data solutions in Microsoft Fabric (preview) is designed to help you meet your security and compliance needs. This article gives you an overview of the security features and capabilities of manufacturing data solutions.
Set up private links (Create private endpoints for Azure Data Manager for Manufacturing)
Azure Private Link provides private connectivity from a virtual network to Azure platform as a service (PaaS). It simplifies the network architecture and secures the connection between Azure endpoints by eliminating data exposure to the public internet.
Azure Private Link lets you connect to an Azure Data Manager for Manufacturing service from your virtual network via a private endpoint. A private endpoint is a set of private IP addresses in a subnet within the virtual network. You can then limit access to your Azure Data Manager for Manufacturing instance over these private IP addresses.
Important
To set up the private endpoints, there are a set of prerequisites. Connect with your GSI to setup and enable the private endpoints for secure Azure Data Manager for Manufacturing service access.
Set up managed identity (Associate managed identity in Azure Data Manager for Manufacturing to access other Azure services)
A managed identity from Microsoft Entra ID lets any application access other Microsoft Entra protected resources. Azure platform manages this identity for you. You don't have to create or rotate any secrets. Azure Data Manager for Manufacturing uses managed identities with specific Azure roles assigned. This way, you can enable role-based access to other Azure services.
To learn more about managed identities, see What are managed identities for Azure resources?
Currently, Azure Data Manager for Manufacturing doesn't support system-assigned managed identities. You can associate User managed Identities to Azure Data Manager for Manufacturing while resource provisioning.
Important
Contact your GSI to set up and enable managed identity. Then you can associate Azure Data Manager for Manufacturing to access other Azure services.
Data encryption
Azure Data Manager for Manufacturing uses Platform-managed keys (PMKs), with encryption keys generated, stored, and managed entirely by Azure.
PMKs can help organizations implement encryption with little operational overhead. Customers don't interact with PMKs. By default, the keys used for Azure Data Encryption at Rest in Azure Data Manager for Manufacturing are PMKs.
For more information, see Security in Microsoft Cloud for Manufacturing.
Compliance
For more information, see Governance and compliance in Microsoft Fabric and Compliance in Microsoft Cloud for Manufacturing.