What's new and planned for Administration, Governance and Security in Microsoft Fabric

Important

The release plans describe functionality that may or may not have been released yet. The delivery timelines and projected functionality may change or may not ship. Refer to Microsoft policy for more information.

Microsoft Fabric is a unified SaaS platform that enables customers to build diverse projects, spanning from lakehouses to BI reports/dashboards consumed by business users. Microsoft Fabric admins require tools to govern user actions and for compliance management within their tenant. Workspace and capacity administrators need these tools to organize their content and manage costs. Integration with Purview allows visibility across the tenant and tools to manage user activity.

Microsoft Fabric empowers developers to automate user experiences, streamline business processes, and enhance efficiency through a user-friendly developer platform. You can create apps that use Microsoft Fabric as a data and analytics platform, ensuring seamless data processing and collaboration without the need for extensive infrastructure management, while benefiting from built-in governance and security features.

Today, you can automate the Fabric activities in your organization with our REST APIs and SDKs. This includes workspace content deployment between development, testing, and production stages.

To learn more about how administrators can monitor and govern Microsoft Fabric, see the documentation.

Investment areas

Feature Estimated release timeline
Workspace monitoring Q4 2024
External data sharing enhancements Q1 2025
Take ownership of Fabric items Q1 2025
Fabric Capacity Metrics Cross-capacity insights Q1 2025
Capacity Metrics Chargeback Public Preview Q1 2025
Private Link support at a workspace level Q1 2025
Fabric Capacity Metrics Admin monitoring integration Q1 2025
Data exfiltration protection for Spark Q2 2025
Workspace Public IP Firewall Q2 2025
Usage and adoption in admin monitoring Q2 2025
Multi-tenant organzation (MTO) MVP Shipped (Q4 2024)
Microsoft Purview data loss prevention policies for Lakehouses in OneLake Shipped (Q4 2024)
Tags for fabric items Shipped (Q3 2024)
Enhancements for Domains in Fabric Shipped (Q3 2024)
Restrict access to content by using Microsoft Purview sensitivity labels to apply protection Shipped (Q3 2024)
Fabric items - Master data Shipped (Q3 2024)
Managed virtual network support for Spark Shipped (Q2 2024)
Fabric as a trusted service for Azure Storage Shipped (Q2 2024)
Private Link support at a tenant level Shipped (Q2 2024)
External data sharing public preview Shipped (Q2 2024)
Private Link support at a tenant Level Shipped (Q1 2024)
Fabric Admin APIs Shipped (Q1 2024)
More users in the organization can edit and republish protected PBIX files in Power BI Desktop Shipped (Q1 2024)
Microsoft Fabric Git integration (ADO) Shipped (Q1 2024)
Managed virtual network support for Spark Shipped (Q1 2024)
Fabric as a trusted service for Azure Storage Shipped (Q1 2024)
Admin API to query delegated tenant settings Shipped (Q1 2024)
Purview hub for administrators and data owners Shipped (Q1 2024)
Purview Information Protection sensitivity labels Shipped (Q1 2024)
Purview Information Protection default sensitivity labels policy Shipped (Q1 2024)
Workspace recovery Shipped (Q1 2024)
Require users to apply Purview Information Protection sensitivity labels Shipped (Q1 2024)
Disaster recovery support Shipped (Q1 2024)
Deployment pipelines Shipped (Q4 2023)
Microsoft Fabric Reserved Instance offerings in Azure Shipped (Q4 2023)

Workspace monitoring

Estimated release timeline: Q4 2024

Release Type: Public preview

Fabric workspace administrators and developers require access to detailed diagnostic logs and workload metrics to troubleshoot performance issues, capacity performance, and data downtime. As part of the Fabric Monitoring feature we intend to provide a read-only database of workspace logs that users can query ad-hoc, analyze for patterns and anomalies, or save drafted queries to as query sets. This helps drive investigations on root-cause analysis for errors, long running queries, refresh failures, and other issues. We will continue to enhance this feature by adding in-context monitoring and diagnostics experiences.

External data sharing enhancements

Estimated release timeline: Q1 2025

Release Type: Public preview

We will introduce additional enhancements to Fabric external data sharing, including Public APIs, the ability to share multiple tables, and to share eventhouse tables.

Take ownership of Fabric items

Estimated release timeline: Q1 2025

Release Type: General availability

This feature would allow permissioned users to take ownership of Fabric items in a workspace. It is useful in a situation where the item stops working due to the original item owner no longer being present in the company or their credentials becoming inactive.

Fabric Capacity Metrics Cross-capacity insights

Estimated release timeline: Q1 2025

Release Type: Public preview

Fabric Capacity Metrics Cross-capacity views simplify administration of Fabric capacities for anyone managing more than one capacity. This feature will let admins quickly identify the capacities across their tenant that are running hot, experiencing overages or in need of load balancing or resize.

Capacity Metrics Chargeback Public Preview

Estimated release timeline: Q1 2025

Release Type: Public preview

Capacity Metrics chargeback provides admins with turnkey insights to easily spread the costs of Fabric capacities to individual internal business units based on consumption trends by workspace or user.

Estimated release timeline: Q1 2025

Release Type: Public preview

While private links at a tenant level enable secure connectivity to Fabric, we intend to provide granular support for this feature at a workspace level. Organizations can use this feature to secure inbound traffic to specific workspaces instead of the entire tenant and this allows them to secure production workspaces but let dev and test workspaces to be accessed over internet. This setup uses Azure Private Link and Azure Networking private endpoints to ensure data traffic travels privately via Microsoft's backbone network, instead if using public endpoints. The Private Link capability at the workspace level will start with few workloads and extend to others in phases. Once Azure Private Link is configured and public internet access is restricted, all the supported scenarios for that Fabric workspace will be routed through private links.

Fabric Capacity Metrics Admin monitoring integration

Estimated release timeline: Q1 2025

Release Type: Public preview

This feature will allow Capacity Admins to directly access Capacity Metrics as part of the admin workspace experience to help unify all admin consumption experiences in one place without the need to download a seperate application from the app store.

Data exfiltration protection for Spark

Estimated release timeline: Q2 2025

Release Type: Public preview

Fabric administrators want to ensure that data in Fabric isnt exfiltrated to unpermitted destinations outside of Fabric unintentionally or by due to malicious intent . In this milestone, we will provide controls to ensure Spark in a Fabric workspace can only connect to specific data sources or endpoints outside of Fabric. In the future we will addData exfiltration support for other Fabric experiences

Workspace Public IP Firewall

Estimated release timeline: Q2 2025

Release Type: Public preview

Public IP firewall rules in Fabric provide a way to control workspace access based on the incoming request's IP address. This is especially useful for organizations allowing access over public networks while maintaining secure, controlled entry points. By setting IP-based access rules, administrators add a layer of network security to restrict inbound connections to only approved IP addresses. This ensures that access to Fabric workspaces from public networks remains protected, enhancing security without compromising flexibility.

Usage and adoption in admin monitoring

Estimated release timeline: Q2 2025

Release Type: General availability

Fabric tenant administrators need access to detailed audit logs and summarized views, to track usage and adoption growth, support audits, and ensure compliance. Analytical views built on the audit logs can help you understand user actions. You can govern Fabric by identifying specific trends, patterns, and activities. This report currently supports Power BI items and it will expand to cover other Fabric items this semester.

Shipped feature(s)

Multi-tenant organzation (MTO) MVP

Shipped (Q4 2024)

Release Type: Public preview

A Multi-Tenant Organization (MTO) is a single organization that has more than one Entra ID (formerly known as AAD) tenant. In an MTO, users from one tenant are added into another tenant as external members. An external member is authenticated by the owner tenant and is granted member level access in the member tenant.

We will support MTO in Fabric. This includes the ability for external members to:

  • Login to the Fabric portal
  • Be assigned licenses using the same logic as external guest users (B2B)
  • Access all Fabric workloads like regular Entra id users
  • Easily switch between the tenants in the organization using a tenant switcher control in the portal.

Microsoft Purview data loss prevention policies for Lakehouses in OneLake

Shipped (Q4 2024)

Release Type: Public preview

Security admins can create in Microsoft Purview Data Loss Prevention portal policies to detect the upload of sensitive data (such as social security number) to Fabric Lakehouse. If such an upload is detected, the policies will trigger automatic audit activity and can be configured to show a custom policy tip to data owners and it can also trigger an alert for security admins. DLP policies can help automate the compliance processes to meet enterprise-scale compliance and regulatory requirements in an effective way.

Note: Microsoft Purview data loss prevention policies for Fabric require Microsoft Purview license.

Tags for fabric items

Shipped (Q3 2024)

Release Type: Public preview

We are introducing the ability to apply tags on Fabric items, to enhance item discoverability and use. Tenant admins can define a list of tags, from which data owners can selects and apply the relevant tags to their items. Once applied, data consumers can view, search & filter by the applied tags across various experiences.

Enhancements for Domains in Fabric

Shipped (Q3 2024)

Release Type: Public preview

Domains and sub domains enable structuring the data in the organization while enabling optimized consumption experience per business needs. We plan to strengthen the governance controls such as delegated settings and defining default sensitivity label per domain, and to allow more consumption experiences such as the ability to search by domain/sub domain, filter the WS by domain/sub domain and see the domains details as part of the item location.

Restrict access to content by using Microsoft Purview sensitivity labels to apply protection

Shipped (Q3 2024)

Release Type: Public preview

In the Microsoft Purview Information Protection portal where security admins can create sensitivity labels and also restrict access to Fabric items that the label will be applied to, similar to how they can restrict access to Microsft 365 content (files ,emails, meetings, etc).

For example you can protect content in the following ways:

  • Only users within your organization can access items with "Confidential" sensitivity label in Fabric.
  • Only users in the finance department can edit data items with "Financial data" sensitivity label, while other users in your organization can only read them.

Limitation: This release will support restrict access to all Fabric item types except for Report, Paginated report, Scorecard, Dashboard, Dataflow, Datamart, Streaming dataset, Streaming dataflow, Mirrored items, Warehouse. Restrict access functionality for these items will made be available during next calendar year.

Note: Information Protection sensitivity labels require Microsoft Purview license.

Fabric items - Master data

Shipped (Q3 2024)

Release Type: Public preview

Previously, we introduced endorsement for Fabric items. Certified and promoted endorsements encouraged the use of standardized and trustworthy data. Now, we’re taking it a step further with the introduction of Master Data. This new endorsement stage empowers IT and data teams to define and establish the organization’s single source of truth. By defining master data, your organization can benefit from creating a repository of all critical organizational data, making it available to users with a variety of skills to discover and build upon.

Managed virtual network support for Spark

Shipped (Q2 2024)

Release Type: General availability

Spark, as we know is a distributed processing system used for big data workloads. Hence, Spark in Fabric warrants access to data, at scale but also the ability to connect to protected data sources, as most business-critical data is secured in private networks. The Managed virtual networks feature allows Spark to seamlessly connect with protected data sources in a secure manner via Managed private endpoints in a Microsoft managed virtual network.

Fabric as a trusted service for Azure Storage

Shipped (Q2 2024)

Release Type: General availability

You'll be able to add the Fabric workspace identity (FWI) as a trusted identity for a storage account. This allows seamless connectivity to Azure Storage accounts secured by a firewall. It also enables traffic using that Fabric workspace identity from the corresponding workspace to connect to the storage account. For instance, this feature will enable creating a shortcut to a storage account deployed behind a firewall. Once a shortcut is created, users can work with this data in all Fabric workloads

Shipped (Q2 2024)

Release Type: General availability

Organizations can enhance security by using private links, allowing users in their tenant to access Microsoft Fabric securely. This setup uses Azure Private Link and Azure Networking private endpoints to ensure data traffic travels privately via Microsoft's backbone network, instead if using public endpoints. The Private Link capability at the tenant level will expand from Power BI to other workloads in phases. Once Azure Private Link is configured and public internet access is restricted, all the supported scenarios for that Fabric tenant will be routed through private links.

External data sharing public preview

Shipped (Q2 2024)

Release Type: Public preview

Sharing data across organizations has become a standard part of day-to-day business for many of our customers. External data sharing, now in public preview is built on top of OneLake shortcuts,and enables seamless, in-place sharing of data across tenant boundaries. This can be used by retailers sharing data with suppliers, consumers sharing diagnostic data with manufacturers, healthcare providers sharing data to create better diagnostics, corporations sharing data with their consultants, or for any other business scenario in which data needs to be shared with users outside of the data provider's tenant.

Shipped (Q1 2024)

Release Type: Public preview

Organizations can enhance security by using private links, allowing users in their tenant to access Microsoft Fabric securely. This setup uses Azure Private Link and Azure Networking private endpoints to ensure data traffic travels privately via Microsoft's backbone network, instead if using public endpoints. The Private Link capability at the tenant level will expand from Power BI to other workloads in phases. Once Azure Private Link is configured and public internet access is restricted, all the supported scenarios for that Fabric tenant will be routed through private links.

Fabric Admin APIs

Shipped (Q1 2024)

Release Type: Public preview

Admin APIs in Microsoft Fabric offers programmatic access to administrative functions within the Fabric service. Admin APIs play an important role in automating essential admin and governance tasks, including activities such as monitoring, auditing, compliance, access controls, etc. The existing PBI-only admin APIs have encountered issues like timeouts and slow performance while lacking coverage for non-PowerBI Fabric artifacts. In response to these challenges, the next-gen Fabric admin APIs were launched as part of the Fabric GA release in November 2023. The initial set of APIs focuses on the discovery and exploration of Workspaces, non-PowerBI Fabric items, and user access details at the workspace and item levels. To further enhance functionality, in Q1 2024, we are planning to extend these discovery and exploration APIs to include PowerBI items. Moreover, the Fabric API surface will be expanded to include APIs for adding and deleting users and workspaces. It's important to note that Microsoft will continue to support PowerBI-only Admin APIs to ensure a seamless transition to the new Fabric APIs.

More users in the organization can edit and republish protected PBIX files in Power BI Desktop

Shipped (Q1 2024)

Release Type: Public preview

This feature allows users with a wider range of sensitivity permissions from the Microsoft Purview compliance portal to open, edit, and publish encrypted PBIX files in Power BI desktop. Some limitations apply.

Microsoft Fabric Git integration (ADO)

Shipped (Q1 2024)

Release Type: Public preview

Git integration is offered to users connecting to Azure DevOps repositories, enabling synchronization between Microsoft Fabric workspace and the selected Git repository (for commits and updates). Additional Microsoft Fabric items will support source control - Data pipeline, Warehouse, Spark Environment and Spark Job Definition. We'll also provide public REST APIs for automating key git operations, such as connecting a workspace to a git branch, committing items, and updating items from git.

Managed virtual network support for Spark

Shipped (Q1 2024)

Release Type: Public preview

Spark, as we know is a distributed processing system used for big data workloads. Hence, Spark in Fabric warrants access to data, at scale but also the ability to connect to protected data sources, as most business-critical data is secured in private networks. The Managed VNets feature allows Spark to seamlessly connect with protected data sources in a secure manner via Managed private endpoints in a Microsoft managed virtual network.

Fabric as a trusted service for Azure Storage

Shipped (Q1 2024)

Release Type: Public preview

You'll be able to add the Fabric workspace identity (FWI) as a trusted identity for a storage account. This allows seamless connectivity to Azure Storage accounts secured by a firewall. It also enables traffic using that Fabric workspace identity from the corresponding workspace to connect to the storage account. For instance, this feature will enable creating a shortcut to a storage account deployed behind a firewall. Once a shortcut is created, users can work with this data in all Fabric workloads

Admin API to query delegated tenant settings

Shipped (Q1 2024)

Release Type: Public preview

This API enables tenant administrators to track settings modifications made by other administrators at capacity, domain, or workspace levels. It scans and returns all the units of governance or a group of such units where the tenant admin settings have been overridden. In the initial release, we aim to include the ability to query tenant settings delegated to a capacity.

Purview hub for administrators and data owners

Shipped (Q1 2024)

Release Type: Public preview

Fabric admins and data owners can gain valuable insights about sensitive data, certified and promoted items. They contain insights about sensitive data, certified and promoted items, and a gateway to advanced capabilities in Microsoft Purview portals.

Purview Information Protection sensitivity labels

Shipped (Q1 2024)

Release Type: General availability

Microsoft Purview Information Protection sensitivity labels integration into Fabric introduces the familiar concept of sensitivity from Office. In Office, you can see confidential documents and emails, and you may not be authorized to export sensitive data. Similarly in Fabric you can easily identify and control confidential content using Information Protection sensitivity labels. When the owner assigns a sensitivity label to a lakehouse or any other item, the label is inherited with the data to all the downstream items. Additionally, when exporting data from Fabric to Office files, the label and protection settings are automatically applied on the Office files.

Purview Information Protection default sensitivity labels policy

Shipped (Q1 2024)

Release Type: General availability

Compliance and security admins can configure the label policy in Microsoft Purview compliance portal to automatically apply a sensitivity label to newly created Fabric items. This helps organizations meet compliance and regulatory requirements of having all their data in Fabric with sensitivity labels.

Workspace recovery

Shipped (Q1 2024)

Release Type: General availability

In the event of unintentional workspace deletions, this feature allows tenant admins to recover workspaces, including Fabric items. Admins can set recovery policies and recover the deleted workspaces within a specified timeframe. Deleted workspaces are soft deleted and recoverable by the tenant admins. Tenant admins will be able to configure the retention period via a setting in the Fabric admin portal. This capability, is already supported for workspaces with Power BI items, and it will extend to include workspaces with Fabric items.

Require users to apply Purview Information Protection sensitivity labels

Shipped (Q1 2024)

Release Type: General availability

Compliance and security admins can configure the label policy in Microsoft Purview compliance portal to require users to apply sensitivity label to newly created Fabric items. This helps organizations meet compliance and regulatory requirements of having all their data in Fabric with sensitivity labels.

Disaster recovery support

Shipped (Q1 2024)

Release Type: General availability

The goal of Business Continuity and Disaster Recovery (BCDR) is to ensure uninterrupted access to data and services during data center outages or regional disasters. As we shift towards a self-service SaaS model for our cloud-scale analytics solutions, we understand the need for minimal configuration and planning for critical workloads. In our initial release, we'll provide cross-regional data availability in OneLake if there's a disaster. We also plan to enable capacity-level disaster recovery configuration, allowing you to select replication for essential workspace data while excluding dev and test workspaces.

Deployment pipelines

Shipped (Q4 2023)

Release Type: General availability

As organizations increasingly adopt Deployment pipelines, there's a growing demand to add more stages to these pipelines. This year, we'll enable customers to define and customize the number of stages for each pipeline they create. Furthermore, certain Microsoft Fabric items will become deployable as part of a pipeline deployment processes - Data pipeline, Warehouse.

Microsoft Fabric Reserved Instance offerings in Azure

Shipped (Q4 2023)

Currently all the capabilities of Fabric are available for purchase within Azure with a Pay-as-you-go offering with lower purchase points. You can pause/resume and scale up/down on demand. Soon you can purchase a 1-year reservation for Fabric with large discounts for that commitment.