Starting December 3, join live sessions with database experts and the Microsoft product team to learn just how easy it is to get started
Learn moreGet certified in Microsoft Fabric—for free! For a limited time, get a free DP-600 exam voucher to use by the end of 2024. Register now
Hi,
I have been trying to access a Storage Account (ADLS gen2) from Fabric workspace. I have created managed private endpoints in the workspace setting and approved the request on the Storage Account.
As soon as I disable the "public network access" on the storage account, the existing connection goes into failed status and if I try to create new connection "invalid credentials" is prompted.
I know we dont need to, but I also tried using "privatelink" in the server url.
Just to be double sure, I also tried lisiting the content of the storage account using notebooks. I got the same results again, when the public access is enabled, I am able to list the content but when it is deisabled I am not.
Is there something I am missing? I have gone through all the documentations for managed private endpoints and have not found much help.
Solved! Go to Solution.
As mentioned earlier, Fabric's managed private endpoints cannot currently access storage accounts that have public network access disabled. While the current implementation doesn't fully utilize managed private endpoints for storage accounts with disabled public access, could be possible in near future while we don't have any ETA. For now, using firewall rules on your storage account provides a secure alternative.
However, your suggestion is definitely valuable! We use customer feedback like yours to prioritize future features. The more users who request the ability to customize backgrounds, the higher it moves on our list.
Appreciate if you could share the feedback on our Microsoft Fabric Ideas. Which would be open for the user community to upvote & comment on. This allows our product teams to effectively prioritize your request against our existing feature backlog and gives insight into the potential impact of implementing the suggested feature.
I hope this information helps.
Thank you
Thanks for using Microsoft Fabric Community.
As I understand that you are having trouble accessing a Storage Account (ADLS gen2) from your Fabric workspace using managed private endpoints.
Yes, disabling public network access for your ADLS gen2 storage account cuts off access from Microsoft Fabric it is a expected behavior, currently doesn't support Virtual Network (VNet) integrations with private endpoints.
Public Network Access: Fabric workspaces that have a workspace identity can securely access ADLS Gen2 accounts with public network access enabled from selected virtual networks and IP addresses. If you disable public network access on the storage account, it might cause the connection to fail because disabling public network access on the storage account blocks all connections from the public internet, including those from Fabric workspace by default.
For more details please refer : Trusted workspace access in Microsoft Fabric - Microsoft Fabric | Microsoft Learn
Re-enable Public Network Access (with Firewall Rules): You can re-enable public network access and configure firewall rules on the storage account. However, remember to configure firewall rules to restrict access only to trusted sources (like Fabric workspace IP addresses). This allows access only from specific IP addresses or virtual networks, including the one where your Fabric workspace resides. While there isn't a direct solution using managed private endpoints within Fabric at the moment.
Refer to Microsoft's documentation on configuring Azure Storage firewalls for details: Configure Azure Storage firewalls and virtual networks | Microsoft Learn
I hope this information helps.
Thank you.
Microsoft does a terrible job on Microsoft Fabric releases, so many new features in GA are not working. Workspace Identity to access Azure Storage Account With Firewall Enabled does not work, and shows a nonintuitive error message: 'You are not authorized to perform these operations....'
Hi, @v-cboorla-msft
But if that is so, then what is even the point of creating Managed Private Endpoint in Fabric (for Storage account). I could simply use the 'selected virtual network and IP addresses' in the Storage Account's firewall and use ADLS in my notebooks and pipelines like that. Isn't the entire concept of creating managed private endpoint to allow secure access to resources?
Even if Fabric is using the managed private endpoint over private link to connect to Storage Account, I have to allow public access on the storage account anyway.
Please let me know what am I missing?
Regards,
Rajat
As mentioned earlier, Fabric's managed private endpoints cannot currently access storage accounts that have public network access disabled. While the current implementation doesn't fully utilize managed private endpoints for storage accounts with disabled public access, could be possible in near future while we don't have any ETA. For now, using firewall rules on your storage account provides a secure alternative.
However, your suggestion is definitely valuable! We use customer feedback like yours to prioritize future features. The more users who request the ability to customize backgrounds, the higher it moves on our list.
Appreciate if you could share the feedback on our Microsoft Fabric Ideas. Which would be open for the user community to upvote & comment on. This allows our product teams to effectively prioritize your request against our existing feature backlog and gives insight into the potential impact of implementing the suggested feature.
I hope this information helps.
Thank you
We haven’t heard from you on the last response and was just checking back to see if you have a resolution yet. In case if you have any resolution please do share that same with the community as it can be helpful to others. Otherwise, will respond back with the more details and we will try to help.
Thank you.
We haven’t heard from you on the last response and was just checking back to see if you have a resolution yet. In case if you have any resolution please do share that same with the community as it can be helpful to others .
If you have any question relating to the current thread, please do let us know and we will try out best to help you.
In case if you have any other question on a different issue, we request you to open a new thread.
Thank you.
Starting December 3, join live sessions with database experts and the Fabric product team to learn just how easy it is to get started.
Check out the November 2024 Fabric update to learn about new features.
User | Count |
---|---|
5 | |
5 | |
2 | |
2 | |
1 |
User | Count |
---|---|
16 | |
11 | |
7 | |
6 | |
6 |