![Microsoft Fabric: Removing default contributor access for Workspace Identity [MC1102778]](https://mwpro.co.uk/wp-content/uploads/2024/08/pexels-joaojesusdesign-921294-1024x683.webp "Microsoft Fabric: Removing default contributor access for Workspace Identity [MC1102778] 1")
To strengthen security and align with customer feedback, Microsoft Fabric is updating how Workspace Identity permissions are handled. This change removes default Contributor access from Workspace Identities, reducing the risk of unintended access or misuse. This change will be on by default.
[When this will happen:]
General Availability (Worldwide): We will begin rolling out mid-July 2025 and expect to complete by early August 2025.
[How this will affect your organization:]
After this rollout, new Workspace Identities will no longer be granted default Contributor permissions.
We will also remove the default Contributor access from existing Workspace Identities.
Important: Modifying the application associated with a Workspace Identity is not supported and may cause the identity to stop functioning.
You can still manually assign Workspace Identity service principals to any workspace role (such as Contributor, Member) using role-based access control (RBAC). However, be aware that anyone with access to the identity can assume it.
To access this change:
- Navigate to the Fabric Workspace where you want to add RBAC role.
- Select Manage Access.
- Select Add people or groups.
- Enter the name of the Workspace identity (same as Workspace Name).
- Assign roles as appropriate.
NOTE: After this rollout, admins can still add Workspace identity service principles to any workspace RBAC role if needed. Consider the implications if you plan on doing so, as any individual given access to the identity—example through workspace roles such as member or contributor—is allowed to assume the identity. Learn more: Workspace identity – Microsoft Fabric | Microsoft Learn
[What you need to do to prepare:]
This rollout will happen automatically by the specified dates with no admin action required before the rollout. Review your current Workspace Identity configurations and evaluate whether any existing workflows rely on default Contributor access. You may want to notify your admins and/or users about this change and update internal documentation.
Source: Microsoft
Latest Posts
- Microsoft Fabric: Removing default contributor access for Workspace Identity [MC1102778]
- Microsoft Viva Amplify and SharePoint News: Videos will play in Microsoft Outlook instead of web browser [MC1102792]
- Microsoft Teams: Countdown timer for Teams Meetings [MC1102785]
- Microsoft 365 Backup: Protection unit-level offboarding (preview) [MC1102788]
