Administration, Security and Governance in Microsoft Fabric
See Arun Ulagaratchagan’s blog post to read the full Microsoft Fabric preview announcement.
We are excited to announce the preview of Microsoft Fabric. Fabric provides a unified intelligent data foundation for all analytics workloads and integrates Power BI, Data Factory, and the next generation of Synapse to offer customers an easy to manage, modern analytics solution.
While each of these experiences may cater to different personas pursuing specific tasks like a data integration engineer building a pipeline for data ingestion, a data scientist fine-tuning an ML experiment or a BI professional creating a Power BI report, they will all coexist within a single SaaS-ified product experience reducing the need for integration and facilitating better collaboration.
In addition to the intuitive and familiar experience, these Fabric experiences are unified through a common foundation which includes Microsoft OneLake that ensures one copy of your data, breaking data silos, AI capabilities which help accelerate productivity and discover insights with your data but most importantly industry leading capabilities that make Fabric Secure and Governed by default.
As more and more data is made accessible for analytics, along with it comes the risk of oversharing or unintended use of business-critical data. In Fabric we will provide you visibility into what is happening in your tenant, equip you with insights into usage and adoption and provide key capabilities to secure and govern your data end to end. Microsoft Fabric also provides built-in enterprise grade governance and compliance capabilities, powered by Microsoft Purview.
The Fabric Admin portal equips administrators with tenant-wide governance and empowers them to centrally manage, review, and apply configurations for their tenants and capacities. As a tenant admin, you can set security configurations for your entire tenant, so every data engineer or data scientist need not worry about it.
In addition to that, Capacity Settings provides you visibility and allows you to manage all capacities in your tenant including the newly introduced Fabric capacities. Tenant admins will also have visibility into all active Fabric trial capacities provisioned for users within the tenant. Similarly, as a capacity admin, you will be able to manage all capacities you are an admin of (including your own trial capacity).
Enabling Microsoft Fabric in your tenant
Fabric admins can control availability of Fabric preview workloads for users within your tenant using the Fabric tenant setting in the admin portal. To give Power BI administrators time to prepare, we have turned off the switch by default. You can choose to opt in or out of Fabric through the admin portal. You can also choose to enable Fabric for specific users or security groups withing your tenant. If no action is taken by the administrator, Microsoft Fabric will be turned on by default for all Power BI tenants starting on July 1, 2023.
Additionally, if customers would like to try Microsoft Fabric in one or more capacities before enabling it for the entire tenant, it can be enabled for specific capacities in the capacity settings tab within the admin portal. Like the tenant setting, this capacity setting can also be limited to specific users or security groups.
Admin Monitoring and Capacity Insights
As admins, to effectively govern, we understand that you need insights into usage, adoption, and activities within your tenant. Hence, we introduced the admin monitoring feature which is an in-product admin monitoring workspace with pre-created reports and datasets. This feature will soon extend to include Fabric artifacts and additional governance capabilities like who has access to what, unused artifacts and more.
Capacity Metrics provides Admins with insights from all Premium capacities so they can easily monitor performance of workloads and make data-driven capacity scale up decisions. Telemetry from all Fabric workloads along with the SaaS platform is delivered in a single set of turnkey analytics.
The utilization graph shows the amount of capacity that has been consumed compared to the amount that has been purchased based on SKU size or allocated via Trial. Aggregate views let users identify resource usage trends across workloads and operations and their impact to autoscale & throttling decisions by the SaaS platform. Drill-through experiences let users zoom into understanding detailed usage telemetry with full fidelity to enable performance optimization.
During the Fabric preview, Trial Capacities can run both preview and production workloads. The Metrics App shows both in one place so Admins can plan for capacity scale-up with confidence using data from their own organizations’ usage patterns.
Fabric governed and compliant with Microsoft Purview
Fabric governed and compliant with Microsoft Purview is deeply integrated into Fabric, providing enterprises with scalable governance and compliance capabilities, with the benefit of natively being built into the Fabric platform. These capabilities include sensitivity labels that persist as data flows from the lakehouse through Fabric and to Office, automatic detection of sensitive data through data loss prevention policies, end to end auditing and in near future will include Purview data catalog as well.
Microsoft Purview data catalog will empower users to easily browse and search for specific Fabric data assets. One of the significant advantages of the Purview-Fabric integration is that it will eliminate the need for additional Purview RBAC (Role-Based Access Control) configuration to discover Fabric artifacts in Microsoft Purview data catalog. The simplified user experience and reduced administrative overhead will allow organizations to quickly unlock the value of their data. Additionally, you will be able to annotate and curate Fabric data assets in Purview data catalog. With just a few clicks, users will be able to add descriptions, terms, tags, or other relevant metadata to enrich the information associated with a particular artifact. The additional business and technical context associated with Fabric artifact will enhance data understanding, promote collaboration, and improve the overall data governance practices within an organization.
Integration with Microsoft Purview Information Protection sensitivity labels brings into Fabric the well-known concept of sensitivity from Office, where you can see if the document or email is confidential, and you may not be authorized to export sensitive data. This is all done through Information Protection sensitivity labels, and these very same sensitivity labels are integrated into Fabric. When a data owner applies a sensitivity label to a lakehouse or any other Fabric item, the label will flow with the data to all downstream items in Fabric. Moreover, when exporting data from Fabric to Office files, the label and protection settings will automatically be applied to the Office files.
In addition to the above, Fabric admins can gain valuable insights into Fabric’s data estate with Fabric’s Microsoft Purview Hub (preview), which is available within the Fabric experience. Microsoft Purview Hub contains insights about sensitive data, certified and promoted items, and a gateway to advanced capabilities in Microsoft Purview portals.
Compliance admins can use Microsoft Purview Data loss prevention (DLP) policies to define DLP policies to detect the upload of sensitive data (such as social security number) to Power BI models in Fabric. If such an upload is detected, the policies will trigger automatic policy tip visible to data owners in Fabric and can also trigger an alert for compliance admins. DLP policies can automate the compliance processes to meet enterprise-scale compliance and regulatory requirements in an effective way.
Finally, Fabric is also integrated with Microsoft Purview audit which provides Fabric and compliance admins with end-to-end auditability of Fabric activities. All user and system operations are captured to the audit logs and made available in Microsoft Purview compliance portal.
Visit this link to learn more about how you can use Microsoft Purview to govern Fabric.
Lineage, Endorsement and Metadata scanning
Lineage and Impact analysis in Fabric
In modern business intelligence projects, understanding the flow of data from the data source to its destination can be a challenge. The challenge is even bigger if your team has built advanced analytical projects spanning multiple data sources, processes, data items and reports. Fabric data lineage and impact analysis helps you answer questions like “What happens if I change this data?” or “Why isn’t this report up to date?” and more. With Fabric data lineage and impact analysis, you can easily track the flow of your data from source to destination and understand how it impacts your business. This powerful tool helps you make informed decisions about your data and ensures that your reports are always up-to-date.
Certify and promote your Fabric items (Endorsement)
Organizations often have large amounts of data and processes available for sharing and reuse by their Fabric users, and identifying the trustworthy, authoritative items can be challenging. With Endorsement, items which should serve as sources of truth, or are recommended, can be marked accordingly, making it easier for users to find the high-quality data they need. Once content is endorsed, it is clearly labeled and receives priority across the various Fabric experiences, or in Analytic solutions when connecting to Fabric data (such Power BI Desktop). Thus, enabling more efficient, trustworthy creation, and better decision making.
Tenant metadata scanning
With the massive amounts of emerging data, it is key for administrators to gain visibility on the data artifacts being created and managed in their organizations. To that extent, Fabric introduces metadata scanning capabilities, in the set of Admin REST APIs (known as scanner APIs), enabling administrators to efficiently and automatically retrieve valuable information about their organization’s Fabric assets, such as inventory, metadata, and lineage. In turn, they can leverage this information for their own custom-made solutions and insights.
Enterprise promises – Security and more…
Securing your data is a non-negotiable priority for us. For your Fabric data stored at rest in your home region, or in one of your capacities possibly at a remote region of your choice, we ensure that data never leaves the region boundary and is compliant with data residency requirements We also support E2E auditability for Fabric, so all Fabric user and system operations are captured in audit logs and made available in Microsoft Purview.
For access control, the existing Power BI workspace roles now extend to cover Fabric artifacts as well with additional permissions which are specific to new Fabric artifacts. In addition to workspace roles, you will be able to share individual Fabric artifacts or provide direct access to them to specific users very soon.
OneLake is automatically provisioned for every Fabric tenant, and it provides out-of-the-box governance such as data lineage, data protection, certification, catalog integration, etc. All data is ultimately under the control of a tenant admin. Additionally domains allow for federated governance providing granular control by business area.
Get started with Microsoft Fabric
Microsoft Fabric is currently in preview. Try out everything Fabric has to offer by signing up for the free trial—no credit card information required. Everyone who signs up gets a fixed Fabric trial capacity, which may be used for any feature or capability from integrating data to creating machine learning models. Existing Power BI Premium customers can simply turn on Fabric through the Power BI admin portal. After July 1, 2023, Fabric will be enabled for all Power BI tenants.
If you want to learn more about Microsoft Fabric, consider:
- Signing up for the Microsoft Fabric free trial
- Visiting the Microsoft Fabric website
- Reading the more in-depth Fabric experience announcement blogs:
- Data Factory experience in Fabric blog
- Synapse Data Engineering experience in Fabric blog
- Synapse Data Science experience in Fabric blog
- Synapse Data Warehousing experience in Fabric blog
- Synapse Real-Time Analytics experience in Fabric blog
- Power BI announcement blog
- Data Activator experience in Fabric blog
- OneLake in Fabric blog
- Microsoft 365 data integration in Fabric blog
- Dataverse and Microsoft Fabric integration blog
- Exploring the Fabric technical documentation
- Reading the free e-book on getting started with Fabric
- Exploring the Fabric learn modules
- Exploring Fabric through the Guided Tour
- Watching the free Fabric webinar series
- Joining the Fabric community to post your questions, share your feedback, and learn from others
- Visiting Microsoft Fabric Ideas to submit suggestions for improvements and vote on your peers’ ideas
We are enhancing governance capabilities and security, at data, workspace, and network layers as we progress towards general availability of Fabric. For additional details please review our release notes. In the meantime, we hope you can try these new capabilities and provide us with feedback on how we can ensure Fabric meets your organization’s requirements.