Microsoft Fabric: Workspace inbound/outbound access protection will be available by default (preview) [MC1070180]
Posted inPower BI

Microsoft Fabric: Workspace inbound/outbound access protection will be available by default (preview) [MC1070180]

1Posted inPower BI

Message ID: MC1070180

Microsoft Fabric will introduce two Preview features called Workspace-level private links and Outbound access protection at the Fabric workspace level. At the tenant level, the corresponding settings Configure workspace level inbound network rules and Configure workspace level outbound network rules will be in the Advanced networking section of the Fabric admin portal. The new tenant-level settings will be enabled by default, which will allow the workspace admins to configure Workspace-level private links and Outbound access protection. The workspace admin will then decide whether to configure these features at the workspace level. You (the tenant admin) can switch off the tenant toggle in the Fabric admin center if you decide not to make this feature available to your workspace admins.

[When this will happen:]

Public Preview (Worldwide): We will begin rolling out early June 2025 and expect to complete by mid-June 2025.

We will communicate the plan for General Availability in a future post.

[How this will affect your organization:]

Feature 1: Workspace-level private links

  • Private links provide secure inbound connectivity to Microsoft Fabric. Workspace admins can set up private links in Microsoft Azure to connect to a Fabric workspace from a specific virtual network.
  • In Fabric, workspace admins can choose to block inbound public access to your data to significantly reduce the risk of unauthorized access and potential data breaches. During Preview, admins can block inbound public access with the public REST API, which does not require a workspace-level private link set up in Azure. The corresponding-level tenant admin setting Configure workspace level inbound network rules will be available in the Fabric admin portal at Tenant settings > Advanced networking:

admin controls

Feature 2: Outbound access protection at the user workspace level

  • Data exfiltration is a concern for many enterprises that store sensitive data in the cloud. When used with other networking features in Fabric, the Outbound access protection feature can help secure your data from exfiltration. Workspace admins will be able to block all the outbound connectivity from the workspace. Once enabled, all outbound connections made by Fabric Spark artifacts from this workspace will be blocked. The only way to enable a connection is by first establishing a managed private endpoint (MPE) from the workspace to the destination. Workspace admins can control this feature in Workspace settings > Network security > Outbound access protection > Switch on the toggle for Block outbound public access:

admin controls

  • In this Preview, we will support OneLake and these Fabric items: Lakehouse, Notebook, Environment, and Spark Job Definition. We will also support Cross Workspace shortcuts.
  • Admin tenant-level setting for Configure workspace level outbound network rules in the Fabric admin portal at Tenant settings > Advanced networking:

admin controls

[What you need to do to prepare:]

After we release these features, please review these settings to assess the impact on your organization and adjust them as needed.

If you have questions or need further assistance, please do not hesitate to contact our support team.

Learn more: Microsoft Fabric security – Microsoft Fabric | Microsoft Learn

We will update this post with new documentation.

Source: Microsoft

How useful was this post?

Click on a star to rate it!

Average rating 0 / 5. Vote count: 0

No votes so far! Be the first to rate this post.

Tags:
Show 1 Comment

1 Comment

  1. Mike Rosoft
    Reply
    9 May 2025,

    The recent announcement regarding Microsoft Fabric’s new features, Workspace-level private links and Outbound access protection, is set to make quite a splash in the admin and user communities alike. By default, these features will empower workspace admins with enhanced control over data access and security, which is a welcome gift in today’s digital landscape.

    For admins, the ability to configure private links means they can establish secure connections from specific Azure virtual networks, effectively blocking unauthorized public access to sensitive data. This not only reduces the risk of data breaches but also helps in compliance with various regulatory requirements. The toggle option to enable or disable these features at the tenant level adds an additional layer of flexibility, allowing for tailored configurations based on organizational needs.

    On the user side, the Outbound access protection feature is a game changer. It provides peace of mind by blocking all outbound connectivity unless a managed private endpoint is established. This is particularly crucial for organizations that deal with sensitive information and are concerned about data exfiltration. Users can now feel more secure knowing that their data is better protected from potential leaks.

    The overall impact of these changes is significant. By enhancing security and offering more control, Microsoft Fabric is not just keeping up with the evolving demands of data protection; it’s setting a new standard. So, if you’re an admin, it might be time to roll up those sleeves and dive into the new settings once they go live in June 2025. And for users, this is a great opportunity to engage with your admins on how these changes can benefit your workflow.

    As we await these features, it would be interesting to hear your thoughts! How do you feel these updates will impact your organization? Share your comments below, and let’s spark a discussion! For more insights and updates, be sure to check out additional posts on mwpro.co.uk.

Leave a Reply

Your email address will not be published. Required fields are marked *