Azure Data Factory in Gov Cloud Linking to Fabric Data Warehouse in Azure Commercial

Daniel Treiman 20 Reputation points
2024-11-13T02:06:38.56+00:00

I have a tiered data architecture where:

  • controlled data gets processed in Gov Cloud using Azure Data Factory (ADF)
  • non-controlled data get processed in Commercial Cloud using Fabric I'm trying to write some aggregated data from a pipeline in ADF (gov cloud) to a table in Fabric (commercial cloud). To do this, I've created a service principal in commercial cloud, granted it Fabric contributor role, and added its secret to a key vault in Gov Cloud. I added a Credential in ADF for my service principal, but when I try to create the Microsoft Fabric Warehouse linked service I get this error:

Failed to get access token by using service principal. Error: invalid_request, Error Message: AADSTS90038: Tenant '<REDACTED>' request is being redirected to the National Cloud 'MicrosoftOnline.COM'. Trace ID: 489a945a-538f-4550-a49e-4bf2b94cda00 Correlation ID: edd84bad-4a15-4ec4-8d4a-4809c571fac2 Timestamp: 2024-11-13 01:15:34Z . AADSTS90038: Tenant '<REDACTED>' request is being redirected to the National Cloud 'MicrosoftOnline.COM'. Trace ID: 489a945a-538f-4550-a49e-4bf2b94cda00 Correlation ID: edd84bad-4a15-4ec4-8d4a-4809c571fac2 Timestamp: 2024-11-13 01:15:34Z

Is it possible for ADF in Azure Gov Cloud to use a data warehouse in Azure Commercial Cloud as a sink? If so, how can I make this work? Thanks!

Azure Data Factory
Azure Data Factory
An Azure service for ingesting, preparing, and transforming data at scale.
10,992 questions
0 comments No comments
{count} votes

Accepted answer
  1. Amira Bedhiafi 27,131 Reputation points
    2024-11-13T14:40:10.57+00:00

    I think that the Azure Gov Cloud environment is attempting to authenticate the service principal with the Commercial Cloud Azure Active Directory (AAD) endpoint, which is not supported directly due to the separate AAD authorities in Gov and Commercial clouds.

    You may need to verify the service principal for the Fabric Data Warehouse is created in the Commercial Cloud tenant and that the correct AzureCommercial AAD authority endpoint

    (https://login.microsoftonline.com) is specified when attempting to connect.

    One solution is to write the aggregated data from ADF in Gov Cloud to a secure Azure Blob Storage container (or Data Lake Storage) in the Commercial Cloud.

    Then, set up a separate process in Azure Fabric (Commercial) to read data from this storage location and load it into the Fabric Data Warehouse.

    1 person found this answer helpful.
    0 comments No comments

0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.