In this post I want to cover my first impressions of the Microsoft Fabric security white paper. Which you can access by clicking on the link in the first sentence or on the image below.
I want to cover this white paper for a variety of reasons. Including the fact that I want to raise awareness about the fact that the Microsoft Fabric security white paper exists and my first impressions of it.
Plus, I wanted to see if it contained anything relating to my previous post. Where I shared my thoughts about the great “number of workspaces for medallion architecture in Microsoft Fabric” debate.
By the end of this post, you will know my initial thoughts about this white paper. Including how it relates to the DP-600 exam. Plus, how it relates to my previous post.
Along the way I also share plenty of links.
Overview of the Microsoft Fabric security white paper
To manage expectations, Microsoft do openly state during the introduction that this white paper was created by combining multiple online security documents together.
Which probably explains some of the repetition. However, multiple references are better than none.
Plus, in the introduction they provide a link to the main Microsoft Fabric security page. Which is good starting point if you know what security feature you are looking for.
Anyway, the content itself is good. It provides some really good explanations and diagrams relating to certain areas. To help demystify certain aspects of security for some people.
For example, it shows a good high-level representation of the Fabric security architecture whilst covering the Fabric platform. Before focusing on other areas in more detail.
Other areas
It goes on to cover network security. Providing details about various aspects such as conditional access policies and managed private endpoints for Fabric. Accompanied by diagrams to help visualize various concepts.
After it covers networking, it then goes into detail about various aspects of workload specific security. Which describes security mechanisms for the various elements of Power BI.
Plus, details about the on-premises data gateway and virtual network (VNet) data gateways. I like the amount of detail in this section for Power BI. Hopefully in-depth details about other workloads will be added over time where required.
It then goes on to cover data storage. It reiterates the role capacities play in the location of your storage in Microsoft Fabric. Something I think is crucial for everybody to understand.
It is one of the sections that covers Multi-Geo support for Fabric. Which I suspect is to improve awareness about it.
Afterwards, it covers how to secure data within Microsoft Fabric. Which provides a nice amount of detail about where you can apply security for your data at various levels.
Governing data
Once the white paper has covered how to secure data it then goes on to cover governing data.
One thing I like about this section is that it provides a really nice introduction to Purview. Plus, it highlights the fact that the default Fabric objects you see in the new Purview portal are known as a Live view.
You can see an example of a Live view in a one of my previous posts. Where I covered accessing the new Microsoft Purview portal in your own Microsoft Fabric environment.
After governance has been covered, the white paper covers various aspects relating to administration.
Going into detail about various features you can use to administer and monitor Microsoft Fabric. Even going as far as to mention elements outside of Microsoft Fabric. Such as the Microsoft 365 admin center and Microsoft Purview.
Its final in-depth section covers reliability in Microsoft Fabric. Which is an important aspect to consider when dealing with environments that requires uptime.
In this section you can read about what Microsoft offer in terms of availability support for Microsoft Fabric in certain regions. Including an overview of a disaster recovery plan.
Plus, it manages expectations for customers whose home region do not have an Azure pair region. Which is something people need to be aware of.
I think a lot of people will appreciate the amount of detail this section goes into for disaster recovery.
References to the Medallion architecture
As I was going towards the end of the document, I discovered that the end-to-end scenario was based on the medallion architecture. After my last post I was curious about what guidance it provided.
It highlights various network and authentication topics mentioned in the white paper. Which is to be expected.
Rather interestingly, in this particular scenario three workspaces were created. One for each of the different layers.
In addition, for this particular scenario two Lakehouses were created in the gold layer.
With the first Lakehouse containing the data so that a Direct Lake semantic model can connect to it for reporting purposes.
Whilst the second Lakehouse contains a shortcut to the first Lakehouse and is used to enforce data permissions for business analyst who connect to it through the SQL analytics endpoint.
To help visualize this, here is a modified version of the diagram from my previous post.
First impressions of the Microsoft Fabric security white paper
My initial first impressions of the Microsoft Fabric security white paper are that it contains enough information to get a good understanding of what is required. Just like this post it contains plenty of links to go deeper into certain areas as well.
I think the effort to compile it was worth it. Because it is going to help a lot of people understand the security concepts within Microsoft Fabric a lot better.
Plus, it contains plenty of links for people to find out more details about specific features. Like what set-up is required and any additional cost/capacity requirements there are.
In addition, this white paper provides some interesting insights for those studying for the DP-600 exam. Because it contains various items which are mentioned in the DP-600 study guide.
Of course, if you have any comments or queries about this post feel free to reach out to me.
[…] Kevin Chant takes a look: […]