Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

The Power BI Data Visualization World Championships is back! It's time to submit your entry. Live now!

Reply
wchanus
New Member

Microsoft Fabric Workload Governance Best Practices in Azure Landing Zone

‎06-26-2025 08:19 AM

What are the best practices for implementing governance for Microsoft Fabric, which operates under a SaaS model, within a new management group and subscription in Azure Landing Zone? Are there any specific guidelines or resources available for this scenario?

Labels:
Message 1 of 4
1,307 Views
0
1 ACCEPTED SOLUTION
v-aatheeque
Community Support
Community Support
In response to nxross

‎06-27-2025 02:40 AM

Hi @wchanus 

Thanks @nxross  for your prompt response. In addition to that let me add some insights here:

  • Implementing governance for Microsoft Fabric within a new Azure Management Group and Subscription under an Azure Landing Zone (ALZ) requires aligning with core principles of security, cost control, and operational efficiency. While Fabric operates as a SaaS platform and differs from traditional IaaS/PaaS models.
  • It still benefits from the structured governance offered by Landing Zone practices. To ensure effective governance, it's important to establish standardized naming conventions, tagging policies, and resource management practices. Additionally, leverage Azure Policy and role-based access control (RBAC) to enforce compliance, maintain security, and ensure consistent management across the environment.

    For official documentation on Microsoft Fabric governance, you can explore the following resources:

    1. Governance and compliance in Microsoft Fabric - Microsoft Fabric | Microsoft Learn  Microsoft - Provides a comprehensive overview of governance strategies.

      Hope this helps !!

      If this post was helpful, please consider marking Accept as solution to assist other members in finding it more easily.

      If you continue to face issues, feel free to reach out to us for further assistance!

     

View solution in original post

Message 3 of 4
1,248 Views
3 REPLIES 3
nxross
Regular Visitor

‎06-26-2025 02:28 PM

Is this of any help to you? - https://community.fabric.microsoft.com/t5/Fabric-platform-Community-Blog/Microsoft-Fabric-CAF-Config... 

Message 2 of 4
1,284 Views
v-aatheeque
Community Support
Community Support
In response to nxross

‎06-27-2025 02:40 AM

Hi @wchanus 

Thanks @nxross  for your prompt response. In addition to that let me add some insights here:

  • Implementing governance for Microsoft Fabric within a new Azure Management Group and Subscription under an Azure Landing Zone (ALZ) requires aligning with core principles of security, cost control, and operational efficiency. While Fabric operates as a SaaS platform and differs from traditional IaaS/PaaS models.
  • It still benefits from the structured governance offered by Landing Zone practices. To ensure effective governance, it's important to establish standardized naming conventions, tagging policies, and resource management practices. Additionally, leverage Azure Policy and role-based access control (RBAC) to enforce compliance, maintain security, and ensure consistent management across the environment.

    For official documentation on Microsoft Fabric governance, you can explore the following resources:

    1. Governance and compliance in Microsoft Fabric - Microsoft Fabric | Microsoft Learn  Microsoft - Provides a comprehensive overview of governance strategies.

      Hope this helps !!

      If this post was helpful, please consider marking Accept as solution to assist other members in finding it more easily.

      If you continue to face issues, feel free to reach out to us for further assistance!

     

Message 3 of 4
1,249 Views
wchanus
New Member
In response to v-aatheeque

‎06-27-2025 09:02 PM

This is one of the key insights I’ve been seeking. I am currently working to identify which Azure Policies should be applied to the dedicated management group—for example: Root Tenant > Contoso > Landing Zones > new created <Data & Analytics> > new subscription <Fabric 16, 32, or 64>.

Based on this management group structure, it’s important to evaluate which Azure components should be included as part of the design. These may include:

  • Azure Policy at Data & Analytic and subscription level 

  • Entra ID for identity management and workspace-level access control

  • Network security for managing endpoints and enforcing access restrictions

  • Data transfer mechanisms between source systems and the target Fabric data stores

  • External access control for internet-facing endpoints, if required

  • Log Analytics workspace to collect and monitor related telemetry and audit logs

These considerations must be addressed within the Azure platform, as Power BI has its own independent management and governance model.

If anyone has implemented a similar setup or has related experience, I’d greatly appreciate your insights—I’m keen to learn more.

Message 4 of 4
1,217 Views

Helpful resources

Announcements
December Fabric Update Carousel

Fabric Monthly Update - December 2025

Check out the December 2025 Fabric Holiday Recap!

FabCon Atlanta 2026 carousel

FabCon Atlanta 2026

Join us at FabCon Atlanta, March 16-20, for the ultimate Fabric, Power BI, AI and SQL community-led event. Save $200 with code FABCOMM.

View All