Description:

Currently, Fabric Pipelines connect to native Fabric Lakehouses and Warehouses using user-bound tokens that expire approximately every 90 days.

When these tokens expire, pipelines that invoke Warehouse or Lakehouse activities fail with authentication errors. The only workaround today is to manually open and re-save each pipeline, which regenerates the token.

This approach becomes impractical and error-prone as the number of pipelines and workspaces grows across enterprise environments.

Impact:

• Pipelines fail unpredictably in production after token expiry.

• Requires manual intervention across dozens or hundreds of pipelines.

• Causes disruption to scheduled ETL/ELT workflows.

• Inconsistent behavior compared to external connectors, which already support Workspace Identity.

  ---

  Typical Error Message:

  ErrorCode=UserAuthFailedToGetToken 
  Message=Failed to get User Auth access token. 
  AADSTS700003: Device object was not found in the tenant directory. 
  This occurs after token expiration and causes pipelines to fail until re-saved.

  ---

  Proposed Enhancement:

  Add support for Workspace Identity Authentication for native Fabric Lakehouse and Warehouse connections in Pipelines.

  This would allow Fabric pipelines to:

  • Authenticate using the workspace’s managed identity (non-user-dependent).

  • Automatically renew tokens without user re-login.

  • Align authentication behavior with Dataflows Gen2, Notebooks, and other Fabric connectors that already support Workspace Identity.

    ---

    Business Justification:

    Enterprise tenants typically operate multiple Fabric workspaces and dozens of pipelines per domain. Removing token dependencies will:

    • Ensure reliable, unattended execution of production data pipelines.

    • Eliminate recurring manual maintenance.

    • Improve operational scalability and governance consistency.