Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Data Days is here! Join us now for 60+ days of learning, challenges, and connection. Learn more

Santhosh_Ravin1
Microsoft Employee
‎05-20-2026 10:00 AM

Notebook export controls in Microsoft Fabric

Author: Santhosh Kumar Ravindran, Principal Product Manager

 

Enterprise data engineering teams rely on notebooks for fast iteration, exploration, and transformation of sensitive data. But with that flexibility comes risk: notebooks can expose schemas, connection details, and rich data previews that allow data to be downloaded outside governed boundaries. 

 

Notebook Export Control in Microsoft Fabric is a new tenant-level and workspace-level security capability that allows admins to block notebook downloads and rich DataFrame export operations—closing a critical data exfiltration vector for regulated and security conscious organizations. 

 

Santhosh_Ravin1_0-1778943417990.png

Figure: Notebook Export Control settings in the Fabric Admin Portal under Tenant Settings > Export and sharing. 

 

_____________________________________________________________

 

Impact 

 

In many enterprises—especially in finance, healthcare, and government—data engineers work with highly sensitive datasets directly inside notebooks. While Fabric already offers strong isolation through OneLake and network protections, export paths from notebooks remained a concern:

  • Notebooks can be downloaded as files containing logic, metadata, and connection details. 
    • Rich DataFrame previews allow inline exploration and local download of table data. 

 

Any local export creates an ungoverned copy of sensitive data outside Fabric’s security boundary. 

Customers explicitly asked for fine-grained export controls to meet compliance requirements and achieve parity with platforms like Databricks and Snowflake. Notebook Export Control directly addresses this gap. 

 

Santhosh_Ravin1_1-1778943492458.png

Figure: New data export tenant setting enabled. 

 

_____________________________________________________________

 

What is Notebook Export Control? 

Notebook Export Control introduces admin-managed switches that govern whether users can: 

  • Download notebooks from Fabric workspaces. 

 

Export or download data from rich DataFrame previews inside notebooks. 

These controls are designed to prevent accidental or malicious data exfiltration, while still allowing teams to collaborate securely within Fabric. 

 

_____________________________________________________________

 

How it works 

 

Fabric now includes a tenant-level setting under Tenant Settings → Export and sharing, allowing tenant admins to control notebook export behavior across the organization. 

 

When enabled, users with appropriate permissions can download notebooks and export data from notebook outputs. 

When disabled, Notebook download is blocked and Rich DataFrame export and table download options are removed for all users, including workspace admins. 

 

This ensures that organizational security policy overrides workspace-level intent, which is critical for regulated environments. 

 

Santhosh_Ravin1_2-1778943492459.png

Figure: Notebook with download controls disabled due to tenant-level enforcement. 

 

_____________________________________________________________

 

Blocked and supported scenarios

  

Blocked when export control is disabled: 

  • Downloading notebooks as files 
    • Downloading tables from rich DataFrame previews. 
    • Exporting notebook-rendered data to local systems. 

Not impacted: 

  • In-workspace collaboration 
    • Notebook execution and transformation logic.
    • Reading and writing data within OneLake.
    • Secure downstream consumption through governed Fabric experiences. 
    • This ensures that developer productivity remains intact, while data stays protected. 

 

_____________________________________________________________

 

Designed for enterprise security teams 

Notebook Export Control is part of a broader Fabric security model that recognizes notebooks as powerful, code-first artifacts that require explicit governance. 

 

Key enterprise benefits: 

  • Reduces insider-risk and accidental leakage 
    •  Supports regulatory compliance and audit readiness 
    • Centralized enforcement through tenant settings 
    • Consistent with Fabric’s Zero Trust and DEP strategy 

By removing ungoverned export paths, Fabric enables enterprises to confidently onboard sensitive data engineering workloads at scale. 

 

_____________________________________________________________

 

Getting started 

Tenant admins can configure Notebook Export Control from the Fabric Admin Portal: 

  1. Navigate to Tenant Settings 
  2. Open Export and sharing 
  3. Locate the notebook export toggle 
  4. Enable or disable based on organizational policy 
  5. Once disabled, export restrictions apply immediately across all Fabric workspaces. 

 

For more information, refer to the Notebook data export controls documentation.

Comments