What's new and planned for Administration and governance in Microsoft Fabric
Important
The release plans describe functionality that may or may not have been released yet. The delivery timelines and projected functionality may change or may not ship. Refer to Microsoft policy for more information.
Microsoft Fabric is a unified SaaS platform that enables customers to build diverse projects, spanning from lakehouses to BI reports/dashboards consumed by business users. Microsoft Fabric admins require tools to govern user actions and for compliance management within their tenant. Workspace and capacity administrators need these tools to organize their content and manage costs. Integration with Purview allows visibility across the tenant and tools to manage user activity.
Microsoft Fabric empowers developers to automate user experiences, streamline business processes, and enhance efficiency through a user-friendly developer platform. This enables the creation of apps that use Microsoft Fabric as a data and analytics platform, ensuring seamless data processing and collaboration without the need for extensive infrastructure management, while benefiting from built-in governance and security features.
Today, you can automate the business intelligence activities in your organization with our REST APIs and SDKs. Which includes workspace content deployment between development, testing, and production stages. We plan to extend these capabilities to support other Microsoft Fabric experiences over time.
To learn more about how administrators can monitor and govern Microsoft Fabric, see the documentation and the announcement blog. We plan to support even more controls over networking, visibility, enterprise information management, and more as we approach general availability of the new Microsoft Fabric experiences.
Investment areas
Private Link support at a tenant level- Public preview
Estimated release timeline: Shipped
Organizations can enhance security by using private links, allowing users in their tenant to access Microsoft Fabric securely. This setup uses Azure Private Link and Azure Networking private endpoints to ensure data traffic travels privately via Microsoft's backbone network, instead if using public endpoints. The Private Link capability at the tenant level will expand from Power BI to other workloads in phases. Once Azure Private Link is configured and public internet access is restricted, all the supported scenarios for that Fabric tenant will be routed through private links.
Private Link support at a workspace level- Public preview
Estimated release timeline: Q4 2024
While private links at a tenant level enable secure connectivity to Fabric, we intend to provide granular support for this feature at a workspace level. Organizations can use this feature to secure inbound traffic to specific workspaces instead of the entire tenant and this allows them to secure production workspaces but let dev and test workspaces to be accessed over internet. This setup uses Azure Private Link and Azure Networking private endpoints to ensure data traffic travels privately via Microsoft's backbone network, instead if using public endpoints. The Private Link capability at the workspace level will start with few workloads and extend to others in phases. Once Azure Private Link is configured and public internet access is restricted, all the supported scenarios for that Fabric workspace will be routed through private links.
Managed VNet support for Spark - Public preview
Estimated release timeline: Shipped
Spark, as we know is a distributed processing system used for big data workloads. Hence, Spark in Fabric warrants access to data, at scale but also the ability to connect to protected data sources, as most business-critical data is secured in private networks. The Managed VNets feature allows Spark to seamlessly connect with protected data sources in a secure manner via Managed private endpoints in a Microsoft managed virtual network.
Fabric as a trusted service for Azure Storage - Public preview
Estimated release timeline: Shipped
You'll be able to add the Fabric workspace identity (FWI) as a trusted identity for a storage account. This allows seamless connectivity to Azure Storage accounts secured by a firewall. It also enables traffic using that Fabric workspace identity from the corresponding workspace to connect to the storage account. For instance, this feature will enable creating a shortcut to a storage account deployed behind a firewall. Once a shortcut is created, users can work with this data in all Fabric workloads
Disaster recovery support- GA
Shipped
The goal of Business Continuity and Disaster Recovery (BCDR) is to ensure uninterrupted access to data and services during data center outages or regional disasters. As we shift towards a self-service SaaS model for our cloud-scale analytics solutions, we understand the need for minimal configuration and planning for critical workloads. In our initial release, we'll provide cross-regional data availability in OneLake if there's a disaster. We also plan to enable capacity-level disaster recovery configuration, allowing you to select replication for essential workspace data while excluding dev and test workspaces.
Fabric Admin APIs - Public preview
Shipped
Admin APIs in Microsoft Fabric offers programmatic access to administrative functions within the Fabric service. Admin APIs play an important role in automating essential admin and governance tasks, including activities such as monitoring, auditing, compliance, access controls, etc. The existing PBI-only admin APIs have encountered issues like timeouts and slow performance while lacking coverage for non-PowerBI Fabric artifacts. In response to these challenges, the next-gen Fabric admin APIs were launched as part of the Fabric GA release in November 2023. The initial set of APIs focuses on the discovery and exploration of Workspaces, non-PowerBI Fabric items, and user access details at the workspace and item levels. To further enhance functionality, in Q1 2024, we are planning to extend these discovery and exploration APIs to include PowerBI items. Moreover, the Fabric API surface will be expanded to include APIs for adding and deleting users and workspaces. It's important to note that Microsoft will continue to support PowerBI-only Admin APIs to ensure a seamless transition to the new Fabric APIs.
Admin API to query delegated tenant settings - Public preview
Shipped
This API enables tenant administrators to track settings modifications made by other administrators at capacity, domain, or workspace levels. It scans and returns all the units of governance or a group of such units where the tenant admin settings have been overridden. In the initial release, we aim to include the ability to query tenant settings delegated to a capacity.
Workspace recovery- GA
Shipped
In the event of unintentional workspace deletions, this feature allows tenant admins to recover workspaces, including Fabric items. Admins can set recovery policies and recover the deleted workspaces within a specified timeframe. Deleted workspaces are soft deleted and recoverable by the tenant admins. Tenant admins will be able to configure the retention period via a setting in the Fabric admin portal. This capability, is already supported for workspaces with Power BI items, and it will extend to include workspaces with Fabric items.
Usage and adoption in admin monitoring- GA
Estimated release timeline: Q4 2024
Fabric tenant administrators need access to detailed audit logs and summarized views, to track usage and adoption growth, support audits, and ensure compliance. Analytical views built on the audit logs can help you understand user actions. You can govern Fabric by identifying specific trends, patterns, and activities. This report currently supports Power BI items and it will expand to cover other Fabric items this semester.
Fabric monitoring- Public Preview
Estimated release timeline: Q4 2024
Fabric workspace administrators and developers require access to detailed diagnostic logs and workload metrics to troubleshoot performance issues, capacity performance, and data downtime. As part of the Fabric Monitoring feature we intend to provide a read-only database of workspace logs that users can query ad-hoc, analyze for patterns and anomalies, or save drafted queries to as query sets. This helps drive investigations on root-cause analysis for errors, long running queries, refresh failures, and other issues. We will continue to enhance this feature by adding in-context monitoring and diagnostics experiences.
Purview Information Protection sensitivity labels - GA
Shipped
Microsoft Purview Information Protection sensitivity labels integration into Fabric introduces the familiar concept of sensitivity from Office. In Office, you can see confidential documents and emails, and you may not be authorized to export sensitive data. Similarly in Fabric you can easily identify and control confidential content using Information Protection sensitivity labels. When the owner assigns a sensitivity label to a lakehouse or any other item, the label is inherited with the data to all the downstream items. Additionally, when exporting data from Fabric to Office files, the label and protection settings are automatically applied on the Office files.
Purview Information Protection default sensitivity labels policy – GA
Shipped
Compliance and security admins can configure the label policy in Microsoft Purview compliance portal to automatically apply a sensitivity label to newly created Fabric items. This helps organizations meet compliance and regulatory requirements of having all their data in Fabric with sensitivity labels.
Require users to apply Purview Information Protection sensitivity labels – GA
Shipped
Compliance and security admins can configure the label policy in Microsoft Purview compliance portal to require users to apply sensitivity label to newly created Fabric items. This helps organizations meet compliance and regulatory requirements of having all their data in Fabric with sensitivity labels.
More users in the organization can edit and republish protected PBIX files in Power BI Desktop – Public preview
Estimated release timeline: Q1 2024
This feature allows users with a wider range of sensitivity permissions from the Microsoft Purview compliance portal to open, edit, and publish encrypted PBIX files in Power BI desktop. Some limitations apply.
Restrict access to content by using sensitivity labels access policies - Public preview
Estimated release timeline: Q2 2024
Compliance and security admins can restrict access to content for which the label will be applied to in Fabric policy in Microsoft Purview compliance portal. For example, with the Fabric access policies settings for a sensitivity label, you can protect content in the following ways:
- Only users within your organization can access data in a confidential Fabric item
- Only users specific users in the finance department can edit data items with financial data while other users in your organization can only read them.
Purview data loss prevention policies for schematized data in OneLake
Estimated release timeline: Q1 2024
Compliance admins can use Microsoft Purview Data Loss Prevention (DLP) policies to detect the upload of sensitive data (such as social security number) to OneLake. If such an upload is detected, the policies will trigger automatic policy tip that is visible to data owners and it can also trigger an alert for compliance admins. DLP policies can automate the compliance processes to meet enterprise-scale compliance and regulatory requirements in an effective way.
Purview hub for administrators and data owners – Public preview
Shipped
Fabric admins and data owners can gain valuable insights about sensitive data, certified and promoted items. They contain insights about sensitive data, certified and promoted items, and a gateway to advanced capabilities in Microsoft Purview portals.
Microsoft Fabric Reserved Instance offerings in Azure
Estimated release timeline: Q4 2023
Currently all the capabilities of Fabric are available for purchase within Azure with a Pay-as-you-go offering with lower purchase points. You can pause/resume and scale up/down on demand. Soon you can purchase a 1-year reservation for Fabric with large discounts for that commitment.
Microsoft Fabric user REST APIs
Estimated release timeline: Q4 2023
Deliver a user-friendly, standardized API for Fabric's core functionality and experience APIs, ensuring ease of use for developers. The well-documented Fabric REST API includes authentication, authorization, version control, policy enforcement, and error handling. Additionally, developers can use existing protocol-specific APIs like XMLA and TDS. Some examples include Workspace and capacity management, CRUD operations on items, and permission management.
Microsoft Fabric Git integration (ADO)
Estimated release timeline: Q2 2024
Git integration is offered to users connecting to Azure DevOps repositories, enabling synchronization between Microsoft Fabric workspace and the selected Git repository (for commits and updates). Additional Microsoft Fabric items will support source control - Data pipeline, Warehouse, Spark Environment and Spark Job Definition. We'll also provide public REST APIs for automating key git operations, such as connecting a workspace to a git branch, committing items, and updating items from git.
Deployment pipelines
Estimated release timeline: Q4 2023
As organizations increasingly adopt Deployment pipelines, there's a growing demand to add more stages to these pipelines. This year, we'll enable customers to define and customize the number of stages for each pipeline they create. Furthermore, certain Microsoft Fabric items will become deployable as part of a pipeline deployment processes - Data pipeline, Warehouse.