Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

The Power BI Data Visualization World Championships is back! Get ahead of the game and start preparing now! Learn more

Reply
workdata
Frequent Visitor

Securing Fabric

‎12-05-2025 08:00 AM

Hi Guys, I need help securing Fabric for a client.  The ultimate goal is to only allow VPN or On-Prem users to access the Fabric Portal in any way shape or form. At first, we wanted to configure a Private instance.  However, if you check the Disable Public Access checkbox, a lot of things break, like CoPilot. Second, we looked at Conditional Access Policies.  However, there is no Enterprise Application for Fabric!  So a simple Block CAP Policy will not work without having to lump in Power BI Service, Azure Data Explorer, Azure SQL Database, Azure Storage, and Azure Cosmos DB. (per this article https://learn.microsoft.com/en-us/fabric/security/security-conditional-access) We don't want to block PowerBI behind the same rules, because some external clients use our PowerBI instance. The main concern is accidental leakage of data, not nuclear-secret hardening . What can we do to help mitigate public access to their Fabric instance in a reasonable but substantial way while preserving most of the features?Securing Fabric

Labels:
Message 1 of 3
247 Views
0
1 ACCEPTED SOLUTION
tayloramy
Community Champion
Community Champion

‎12-05-2025 08:09 AM

Hi @workdata

 

If you want full functionality, I don't think this is possible for just fabric. This would be a fantastic idea to post over at  Fabric Ideas - Microsoft Fabric Community

Right now the only two methods of controlling access are private links (which break a lot of things right now) and conditional access. 
Protect inbound traffic - Microsoft Fabric | Microsoft Learn

 

Conditional access - Microsoft Fabric | Microsoft Learn

 

Conditional access explicitly states that the policy needs to be applied to: 

  • Power BI Service
  • Azure Data Explorer
  • Azure SQL Database
  • Azure Storage
  • Azure Cosmos DB

which is far wider than just Fabric itself. 

 

 

If you found this helpful, consider giving some Kudos. If I answered your question or solved your problem, mark this post as the solution.

If you found this helpful, consider giving some Kudos. If I answered your question or solved your problem, mark this post as the solution.

View solution in original post

Message 2 of 3
239 Views
2 REPLIES 2
tayloramy
Community Champion
Community Champion

‎12-05-2025 08:09 AM

Hi @workdata

 

If you want full functionality, I don't think this is possible for just fabric. This would be a fantastic idea to post over at  Fabric Ideas - Microsoft Fabric Community

Right now the only two methods of controlling access are private links (which break a lot of things right now) and conditional access. 
Protect inbound traffic - Microsoft Fabric | Microsoft Learn

 

Conditional access - Microsoft Fabric | Microsoft Learn

 

Conditional access explicitly states that the policy needs to be applied to: 

  • Power BI Service
  • Azure Data Explorer
  • Azure SQL Database
  • Azure Storage
  • Azure Cosmos DB

which is far wider than just Fabric itself. 

 

 

If you found this helpful, consider giving some Kudos. If I answered your question or solved your problem, mark this post as the solution.

If you found this helpful, consider giving some Kudos. If I answered your question or solved your problem, mark this post as the solution.
Message 2 of 3
240 Views
workdata
Frequent Visitor
In response to tayloramy

‎12-05-2025 01:15 PM

Thanks @tayloramy 

Message 3 of 3
193 Views
0

Helpful resources

Announcements
December Fabric Update Carousel

Fabric Monthly Update - December 2025

Check out the December 2025 Fabric Holiday Recap!

FabCon Atlanta 2026 carousel

FabCon Atlanta 2026

Join us at FabCon Atlanta, March 16-20, for the ultimate Fabric, Power BI, AI and SQL community-led event. Save $200 with code FABCOMM.

View All