Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

The Power BI Data Visualization World Championships is back! Get ahead of the game and start preparing now! Learn more

Reply
BharathKumarS
New Member

Can we use DefaultAzureCredential with Workspace Identity inside a Fabric Notebook?

‎12-29-2025 02:31 AM

Hi, 

 

I’m trying to authenticate to Azure AD–protected resources (e.g., Microsoft Graph) from a Microsoft Fabric notebook using Workspace Identity, without secrets or certificates.

My requirement is to use only DefaultAzureCredential (or supported identity-based credentials).

 

What I have done

  • Enabled Workspace Identity at the Fabric workspace level.
  • Granted the workspace identity’s service principal the required permissions (e.g., Microsoft Graph access).
  • Restarted the notebook session after enabling workspace identity.
  • Attempted authentication from a Fabric notebook using:
    credential = DefaultAzureCredential()
    token = credential.get_token("https://graph.microsoft.com/.default")

Error: ManagedIdentityCredential: ManagedIdentityCredential authentication unavailable, no response from the IMDS endpoint.

My question:

Is it currently supported to use DefaultAzureCredential with Workspace Identity inside a Fabric notebook?

If not supported:

  • Is this a known limitation?
  • Is there an official roadmap for identity injection into Fabric notebook runtimes?

If supported:

What exact configuration is required to make Workspace Identity available to azure-identity inside notebooks?

Thanks,
Bharath Kumar S

 

Labels:
Message 1 of 3
186 Views
0
1 ACCEPTED SOLUTION
Shreya_Barhate
Advocate II
Advocate II

‎12-29-2025 06:29 AM

Hi @BharathKumarS 

Currently, using DefaultAzureCredential with Workspace Identity inside a Microsoft Fabric notebook is not supported. Workspace Identity is enabled at the workspace level, but it is not injected into the notebook runtime environment, which is why ManagedIdentityCredential fails with the IMDS endpoint error. This is a known limitation, and Microsoft has indicated plans to support identity injection for notebook runtimes in the future, though no official timeline has been announced. Until native support is available, the recommended approach is to use alternative authentication methods such as InteractiveBrowserCredential for user-based login or ClientSecretCredential with a service principal, storing secrets securely in Azure Key Vault or Fabric Key Vault. These methods provide a secure way to access Azure AD–protected resources like Microsoft Graph from Fabric notebooks.

Thanks and regards,
Shreya

View solution in original post

Message 3 of 3
145 Views
2 REPLIES 2
Shreya_Barhate
Advocate II
Advocate II

‎12-29-2025 06:29 AM

Hi @BharathKumarS 

Currently, using DefaultAzureCredential with Workspace Identity inside a Microsoft Fabric notebook is not supported. Workspace Identity is enabled at the workspace level, but it is not injected into the notebook runtime environment, which is why ManagedIdentityCredential fails with the IMDS endpoint error. This is a known limitation, and Microsoft has indicated plans to support identity injection for notebook runtimes in the future, though no official timeline has been announced. Until native support is available, the recommended approach is to use alternative authentication methods such as InteractiveBrowserCredential for user-based login or ClientSecretCredential with a service principal, storing secrets securely in Azure Key Vault or Fabric Key Vault. These methods provide a secure way to access Azure AD–protected resources like Microsoft Graph from Fabric notebooks.

Thanks and regards,
Shreya

Message 3 of 3
146 Views
deborshi_nag
Advocate IV
Advocate IV

‎12-29-2025 04:05 AM

Hi @BharathKumarS 

 

No — today a Fabric notebook’s runtime does not expose the Workspace Identity to azure-identity, so DefaultAzureCredential() can’t succeed via ManagedIdentityCredential inside the notebook. That’s why you’re seeing “no response from the IMDS endpoint”—there is no managed‑identity endpoint wired into the Spark session. Workspace Identity is currently supported in Fabric connections/activities (pipelines, shortcuts, semantic models, Dataflows Gen2), not inside the notebook process itself.
 

Workspace Identity is used as an authentication method for connections used by OneLake shortcuts, pipelines (incl. Copy), semantic models, and Dataflows Gen2. 

 

Hope this helps! If it helps kindly indicate with a kudos or accepting as a solution. 

Message 2 of 3
172 Views

Helpful resources

Announcements
December Fabric Update Carousel

Fabric Monthly Update - December 2025

Check out the December 2025 Fabric Holiday Recap!

FabCon Atlanta 2026 carousel

FabCon Atlanta 2026

Join us at FabCon Atlanta, March 16-20, for the ultimate Fabric, Power BI, AI and SQL community-led event. Save $200 with code FABCOMM.

View All