Problem Statement

Currently, Office 365 Mail connections in Microsoft Fabric rely on OAuth 2.0 for authentication. For security reasons, these connections are tied to the specific user who created them and cannot be shared with other developers.

While this model enhances individual security, it creates significant overhead in a professional enterprise environment:

1. Redundancy: If multiple developers are working on the same project/pipeline that requires a specific "Service Account" or "Shared Mailbox" to send notifications, every single developer must manually create their own connection to the same account.

2. Maintenance Complexity: Managing multiple identical connections across different developers is prone to error and makes auditing difficult.

3. Deployment Friction: When moving projects between environments, the hard-coded dependency on a specific owner's connection breaks the "build once, run anywhere" principle.

Proposed Solution

I suggest introducing a "Shared Connection" or "Service Principal" support for Office 365 Mail connections within Fabric Workspaces.

• Connection Sharing: Allow an administrator or connection owner to "share" a connection with specific workspace members with "Use only" permissions, without exposing the underlying credentials.

• Service Principal Integration: Enable the use of Azure Service Principals (App Registrations) for mail connections, allowing the connection to exist at the workspace/tenant level rather than the user level.

• Centralized Management: Provide a way to rotate or update the connection in one place, which automatically propagates to all pipelines or items using that connection.

Conclusion

Enabling shared mail connections would significantly improve developer productivity and align Fabric's connectivity model with enterprise-grade DevOps practices, while still maintaining the security standards required by OAuth 2.0.