Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Workspace outbound access protection helps safeguard your data by controlling outbound connections from Fabric IQ items in your workspace to external data sources. When this feature is enabled, items are restricted from making outbound connections unless access is explicitly granted through approved data connection rules.
Workspace outbound access protection for Fabric IQ currently supports only graph.
Understanding workspace outbound access protection for graph
Workspace outbound access protection enables secure data ingestion by allowing workspace admins to control which external sources can be connected to graph. When outbound access protection is enabled, graph can only connect to data sources that have been explicitly approved through data connection rules.
The following table summarizes the supported sources and destinations for graph:
| Category | Details |
|---|---|
| Supported sources | Cloud |
| Supported destinations | Lakehouse |
When outbound access protection is enabled, all outbound connections are blocked by default. The workspace admin must then configure data connection rules for cloud or gateway connection policies to specify which external sources graph can connect to. Once these policies are set, graph can connect only to the approved sources and the lakehouse that is set as the destination. All other outbound connections, including mirrored databases, are blocked.
Configuring outbound access protection for graph
You can only create an allow list using data connection rules; managed private endpoints aren't supported for graph. To configure outbound access protection for graph:
Follow the steps to enable outbound access protection.
After enabling outbound access protection, set up data connection rules for cloud or gateway connection policies to allow outbound access to other workspaces or external resources as needed.
Once configured, graph can connect only to the approved destinations specified in the data connection rules, while all other outbound connections remain blocked.