MC1070180 – (Updated) Microsoft Fabric: Workspace inbound/outbound access protection will be available by default (preview)

Product:

Fabric, Microsoft 365 admin center, Power BI

Platform:

Online, World tenant

Status:

Change type:

Admin impact, New feature, Updated message, User impact

Links:

Details:

Summary:
Microsoft Fabric will introduce Workspace-level private links and Outbound access protection in late June 2025 (preview). These features will enhance network security by allowing workspace admins to block inbound and outbound public access. Tenant admins can configure these settings in the Fabric admin portal and disable them if necessary.

Details:
Updated May 30, 2025: We have updated the timeline below. Thank you for your patience.
Microsoft Fabric will introduce two Preview features called Workspace-level private links and Outbound access protection at the Fabric workspace level. At the tenant level, the corresponding settings Configure workspace level inbound network rules and Configure workspace level outbound network rules will be in the Advanced networking section of the Fabric admin portal. The new tenant-level settings will be enabled by default, which will allow the workspace admins to configure Workspace-level private links and Outbound access protection. The workspace admin will then decide whether to configure these features at the workspace level. You (the tenant admin) can switch off the tenant toggle in the Fabric admin center if you decide not to make this feature available to your workspace admins.
[When this will happen:]
Public Preview (Worldwide): We will begin rolling out in late June 2025 (previously early June).
We will communicate the plan for General Availability in a future post.

Change Category:
XXXXXXX ... free basic plan only

Scope:
XXXXXXX ... free basic plan only

Release Phase:

Created:
2025-05-09

updated:
2025-05-31

Task Type

XXXXXXX ... free basic plan only

Docu to Check

XXXXXXX ... free basic plan only

MS How does it affect me

XXXXXXX ... free basic plan only

MS Preperations

XXXXXXX ... free basic plan only

MS Urgency

XXXXXXX ... free basic plan only

MS workload name

XXXXXXX ... free basic plan only

Pictures

XXXXXXX ... free basic plan only

summary for non-techies**

Microsoft Fabric is introducing Workspace-level private links and Outbound access protection to enhance network security by allowing secure private connections and monitoring outbound data access, with these features currently in a preview phase for tenant admins to enable or disable.

Direct effects for Operations**

Workspace-level private links
Blocking inbound public access may lead to connectivity issues for users who rely on public APIs for data access, potentially disrupting workflows and data retrieval processes.
   - roles: Workspace Admin, Data Analyst
   - references: https://learn.microsoft.com/fabric/security/

Outbound access protection
Enabling outbound access protection could prevent users from accessing necessary external resources, leading to interruptions in data processing and analysis tasks.
   - roles: Workspace Admin, Data Scientist
   - references: https://learn.microsoft.com/fabric/security/

Tenant-level settings configuration
If tenant admins do not prepare for the new settings, it may result in unintentional data exposure or access issues, affecting overall data governance and compliance.
   - roles: Tenant Admin, Compliance Officer
   - references: https://learn.microsoft.com/fabric/security/

Configutation Options**

XXXXXXX ... paid membership only

Opportunities**

Enhanced Data Security through Private Links
Implementing workspace-level private links will allow for secure inbound connectivity, significantly reducing the risk of unauthorized access and potential data breaches. This enhancement can protect sensitive data stored in Microsoft Fabric, aligning with organizational compliance requirements.
   - next-steps: Evaluate the existing network architecture to identify potential virtual networks for private link setup. Train workspace admins on how to configure and manage private links effectively.
   - roles: IT Security Manager, Compliance Officer, Workspace Admin
   - references: https://learn.microsoft.com/fabric/security/

Data Exfiltration Prevention via Outbound Access Protection
The Outbound access protection feature will enable workspace admins to block all outbound connectivity from the workspace, mitigating risks associated with data exfiltration. This is particularly crucial for organizations handling sensitive or regulated data.
   - next-steps: Conduct a risk assessment to identify sensitive data flows and determine necessary outbound access controls. Develop training materials for workspace admins on managing outbound access protection settings.
   - roles: Data Protection Officer, IT Security Manager, Workspace Admin
   - references: https://learn.microsoft.com/fabric/security/

Streamlined Administrative Control with Tenant-Level Settings
The introduction of tenant-level settings for configuring workspace-level inbound and outbound network rules will simplify the administrative process, allowing for centralized management of security policies across multiple workspaces.
   - next-steps: Create a governance framework to define roles and responsibilities for managing these settings. Set up a monitoring system to regularly review and audit compliance with the established network rules.
   - roles: IT Administrator, Compliance Officer, Network Administrator
   - references: https://learn.microsoft.com/fabric/security/

Potentional Risks**

XXXXXXX ... paid membership only

IT Security**

XXXXXXX ... paid membership only

explanation for non-techies**

XXXXXXX ... free basic plan only