Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Did you hear? There's a new SQL AI Developer certification (DP-800). Start preparing now and be one of the first to get certified. Register now

mk_sunitha
Microsoft Employee
‎03-24-2026 03:30 PM

Tenant level private link support for Microsoft Fabric API for GraphQL (Generally Available)

If you haven’t already, check out Arun Ulag’s hero blog “FabCon and SQLCon 2026: Unifying databases and Fabric on a single, complete platform” for a complete look at all of our FabCon and SQLCon announcements across both Fabric and our database offerings. 

Microsoft Fabric API for GraphQL now supports Tenant Level Private Link, delivering enterprise-grade network security to your data APIs. This highly requested feature enables organizations to access their GraphQL APIs through private connectivity, ensuring that data traffic never traverses the public internet.

Secure your data access layer

Microsoft Fabric API for GraphQL has revolutionized how developers access data across warehouses, lakehouses, mirrored databases, and SQL databases. With its ability to query multiple data sources through a single, flexible API, it's become an essential tool for building modern data applications. Now, with Private Link support, you can extend these capabilities with the security and compliance controls your organization's demands.

When you enable Private Link for your Fabric tenant, your GraphQL API endpoints benefit from the same private network connectivity as other Fabric services. API traffic flows through Microsoft's private backbone network instead of the public internet, providing an additional layer of protection for your sensitive data.

Why private link matters for API for GraphQL

  • Enhanced security: Private Link ensures that all GraphQL API requests flow through a secured network path. This is particularly critical for organizations handling sensitive data, as it eliminates exposure to public internet threats and reduces your attack surface.
  • Regulatory compliance: Many industries require private network connectivity for data access. With Private Link support, organizations in healthcare, finance, and government sectors can now leverage GraphQL APIs while meeting strict compliance requirements for data isolation and network security.
  • Simplified network architecture: Rather than managing complex firewall rules, VPN configurations, or IP allowlists, Private Link provides a straightforward way to secure API access. Your network administrators can ensure that GraphQL API calls only come through approved private endpoints, making governance simpler and more reliable.
  • Enterprise integration: For organizations already using Azure Private Link across their infrastructure, adding GraphQL APIs to your private network topology is seamless. Your APIs integrate naturally with your existing virtual networks, making it easier to build comprehensive data architectures that maintain consistent security standards.

Designed for enterprise workloads

This feature is built with enterprise needs in mind. Whether you're building internal dashboards, powering business intelligence applications, or creating customer-facing analytics, Private Link support ensures your GraphQL APIs meet the security standards your organization requires.

When Private Link is enabled at the tenant level, your GraphQL APIs automatically participate in the secure network environment. Combined with Microsoft Entra ID authentication and the flexible security options already available—like single sign-on or saved credentials—you have a comprehensive security model for controlling data access.

Getting started

Enabling Private Link for your GraphQL APIs is straightforward through your Fabric tenant settings. Once configured at the tenant level, your existing GraphQL APIs will automatically leverage the private network connectivity. You can continue using the same API endpoints and authentication patterns you've already established, with the added confidence that traffic flows through your organization's secured network path.

The_image_displays_a_configuration_page_for_enabling_Azure_Private_Link_within_aThe_image_displays_a_configuration_page_for_enabling_Azure_Private_Link_within_a

Figure: Enable tenant level setting for private link.

For organizations using the "Block Public Internet Access" tenant setting, GraphQL APIs now work seamlessly within your locked-down environment, giving you complete control over how data is accessed.

Current limitations

As we launch Private Link support for API for GraphQL, there are two limitations to be aware of:
  • API monitoring dashboard and logging based on Workspace Monitoring is not currently supported. While your APIs will function securely through Private Link, workspace-level monitoring capabilities are not yet available in this configuration.
  • Service Principal (SPN) access with saved credentials is not currently supported. Service Principals (SPN) are supported as clients however it's not possible to use a service principal to create a saved credential for access between the API and data source.

Learn more

0