Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Did you hear? There's a new SQL AI Developer certification (DP-800). Start preparing now and be one of the first to get certified. Register now

A_Karthikeyan
‎03-25-2026 10:00 AM

Workspace level IP firewall rules in Microsoft Fabric (Generally Available)

If you haven’t already, check out Arun Ulag’s hero blog “FabCon and SQLCon 2026: Unifying databases and Fabric on a single, complete platform” for a complete look at all of our FabCon and SQLCon announcements across both Fabric and our database offerings. 

In today’s increasingly connected data landscape, protecting access to sensitive data is more important than ever. Microsoft Fabric provides a comprehensive set of network security capabilities to secure both inbound and outbound connectivity, including Workspace and Tenant Private Links, Microsoft Entra Conditional Access, and Outbound Access Protection. With workspace level IP firewall rules, customers now have an additional, lightweight network-based control to restrict inbound access to Fabric workspaces using trusted public IP addresses helping reduce exposure to the public internet while maintaining flexibility at the workspace level.

Workspace level IP firewall rules help customers reduce exposure to the public internet when private connectivity isn’t feasible. With this capability, workspace administrators can define IP allowlists at the individual workspace level, ensuring that only requests originating from approved IP addresses can access workspace data.

Diagram_illustrating_network_access_control_for_Fabric_Tenant_Workspace_A_showinDiagram_illustrating_network_access_control_for_Fabric_Tenant_Workspace_A_showin

Figure: Workspace IP Firewall feature restricting Fabric workspace access to approved public IP address.

This feature complements Fabric’s existing network and identity security capabilities including workspace level Private Link, tenant level Private Link, Microsoft Entra Conditional Access, and role-based access controls allowing customers to apply the right level of protection based on workload and access requirements.

Workspace level IP firewall rules are opted in and have no impact unless explicitly configured. Fabric Tenant administrators control whether this feature is available to the users through a tenant level setting. Once Tenant Admins have configured access to this feature, workspace admins can manage IP address allowlists directly in workspace settings.

For detailed set-up of Workspace IP firewall rules, its limitations and supported artifacts, please refer to the Setup and use Workspace-level IP Firewall rules documentation.

0