Overview of managed private endpoints for Fabric

Managed private endpoints are feature that allows secure and private access to data sources from certain Fabric workloads.

What are Managed Private Endpoints?

  • Managed private endpoints are connections that workspace admins can create to access data sources that are behind a firewall or that are blocked from public internet access.

  • Managed private endpoints allow Fabric workloads to securely access data sources without exposing them to the public network or requiring complex network configurations.

  • Microsoft Fabric creates and manages managed private endpoints based on the inputs from the workspace admin. Workspace admins can set up managed private endpoints from the workspace settings by specifying the resource ID of the data source, identifying the target subresource, and providing a justification for the private endpoint request.

  • Managed private endpoints support various data sources, such as Azure Storage, Azure SQL Database and many more.

Animated illustration showing the process of creating a managed private endpoint in Microsoft Fabric.

Note

Managed private endpoints are supported for Fabric trial capacity and all Fabric F SKU capacities.

For more information about supported data sources for managed private endpoints in Fabric, see Supported data sources.

Supported item types

Limitations and considerations

  • Tenant Region Compatibility: Managed private endpoints function only in regions where Fabric Data Engineering workloads are available. Creating them in unsupported Fabric Tenant home regions results in errors. These unsupported Tenant home regions include:

    Region
    Singapore
    Israel Central
    Switzerland West
    Italy North
    West India
    Mexico Central
    Qatar Central
    Spain Central
    Brazil South
  • Capacity Region Compatibility: Creating managed private endpoints in unsupported capacity regions results in errors. These unsupported regions include:

    Region
    West Central US
    Switzerland West
    Italy North
    Qatar Central
    West India
    France South
    Germany North
    Japan West
    Korea South
    South Africa West
    UAE Central
    Brazil South
    Singapore
    Central US
  • Limitations for specific workloads:

  • Workspace migration: Workspace migration across capacities in different regions is unsupported.

  • OneLake shortcuts do not yet support connections to ADLS Gen2 storage accounts using managed private endpoints.

  • Creating a managed private endpoint with a fully qualified domain name (FQDN) is not supported.

These limitations and considerations might affect your use cases and workflows. Take them into account before enabling the Azure Private Link tenant setting for your tenant.