March 31 - April 2, 2025, in Las Vegas, Nevada. Use code MSCUST for a $150 discount! Early bird discount ends December 31.
Register NowBe one of the first to start using Fabric Databases. View on-demand sessions with database experts and the Microsoft product team to learn just how easy it is to get started. Watch now
Hello,
We're working on a task to upload CSV files to an Azure storage account using Fabric Python notebooks. However, we've encountered an issue where the connection fails unless we grant public access.
Below is a brief of our approach:
Here's the code snippet:
The code runs without errors, but the upload fails unless we give the container public access. We'd like to avoid setting our container to public.
Any guidance on resolving this issue while maintaining the security of our storage account would be greatly appreciated.
Thank you!
Solved! Go to Solution.
Hi @banafsh ,
Apologies for the issue you have been facing.
You cannot mount an Azure storage account without public access without using a private endpoint. Once you disable public access to a storage account, it can only be accessed from within a virtual network (VNet) using a private endpoint.
Private endpoints provide a secure way to connect to Azure services from within a VNet. They use a private IP address from the VNet address space for each storage account service, and network traffic between the clients on the VNet and the storage account traverses over the VNet and a private link on the Microsoft backbone network.
Currently private endpoints are not supported in Fabric. But they are on road map.
You can refer to planned timeline here Link1
Hope this helps. Please let us know if you have any further queries.
Hi @v-nikhilan-msft,
Thank you for your response. I tried your suggested solution and it works when access is enabled from all networks, but as soon as I change the storage account access to "Enabled from selected virtual networks and IP addresses" it fails to upload the csv file. Any suggestions?
Thank you!
Hi @banafsh ,
Apologies for the issue you have been facing.
You cannot mount an Azure storage account without public access without using a private endpoint. Once you disable public access to a storage account, it can only be accessed from within a virtual network (VNet) using a private endpoint.
Private endpoints provide a secure way to connect to Azure services from within a VNet. They use a private IP address from the VNet address space for each storage account service, and network traffic between the clients on the VNet and the storage account traverses over the VNet and a private link on the Microsoft backbone network.
Currently private endpoints are not supported in Fabric. But they are on road map.
You can refer to planned timeline here Link1
Hope this helps. Please let us know if you have any further queries.
Hi @banafsh ,
Glad that your issue got resolved. Please continue using Fabric Community for any help regarding your queries.
Hi @banafsh ,
Thanks for using Fabric Community.
You can ingest the dataframe into the Azure Storage account by creating a mountpoint. I have created a repro and attached the screenshots for your reference.
1) Create a mountpoint by giving the names of your storage account and container.
from notebookutils import mssparkutils
mssparkutils.fs.mount(
"abfss://mycontainer@<accountname>.blob.core.windows.net")
2) I have created a dataframe with some random names and ingested the data into storage account using df._csv() function.
3) The file got placed in the container.
4) To perform this make sure you have the RBAC - Storage Blob Data Contributor role enabled.
Please refer to this document for more information: Link1
Hope this helps. Please let me know if you have any further questions.
User | Count |
---|---|
6 | |
2 | |
2 | |
1 | |
1 |