check before: 2024-08-01
Product:
Entra, Fabric, Power BI
Platform:
Online, World tenant
Status:
Change type:
Admin impact, New feature, Updated message, User impact
Links:
Details:
Summary:
The message details the live feature of short-lived user-delegated SAS tokens in Microsoft Fabric, with new tenant settings available in the Fabric Admin portal. It outlines the rollout timeline, effects on organizations, supported scenarios, new settings, and preparation actions required for tenant and workspace admins.
Details:
Updated September 26, 2024: This feature is now live and is active in your tenant.
Coming soon for Microsoft Fabric: Two new settings in the Fabric Admin portal that are designed to enhance security and flexibility for applications interacting with Microsoft OneLake.
[When this will happen:]
Public Preview: We will begin rolling out late September 2024 and expect to complete by late September 2024. You can start saving your settings in late August 2024.
When the General Availability release timeline is known, we will update you.
Change Category:
XXXXXXX ... free basic plan only
Scope:
XXXXXXX ... free basic plan only
Release Phase:
Created:
2024-08-27
updated:
2024-09-27
Task Type
XXXXXXX ... free basic plan only
Docu to Check
XXXXXXX ... free basic plan only
MS How does it affect me
XXXXXXX ... free basic plan only
MS Preperations
XXXXXXX ... free basic plan only
MS Urgency
XXXXXXX ... free basic plan only
MS workload name
XXXXXXX ... free basic plan only
summary for non-techies**
Microsoft Fabric has introduced short-lived user-delegated SAS tokens for Microsoft OneLake, enhancing security and flexibility by allowing admins to create temporary access keys tied to a specific user and valid for up to one hour. Two settings in the Fabric Admin portal manage this feature: enabling the creation of these tokens by default and allowing workspace admins to decide if their workspace will accept them as a valid authentication method.
Direct effects for Operations**
Security Risks
If tenant settings are not reviewed and adjusted, enabling short-lived user-delegated SAS tokens by default may lead to unauthorized access to sensitive data, as workspace admins can enable SAS authentication without tenant admin oversight.
- roles: Tenant Admin, Workspace Admin
- references: https://learn.microsoft.com/fabric/, https://learn.microsoft.com/rest/api/storageservices/create-user-delegation-sas
User Experience Disruption
Users may experience disruptions in accessing data if the new SAS token settings are not properly configured, leading to potential downtime or inability to perform necessary tasks.
- roles: End User, Workspace Admin
- references: https://app.fabric.microsoft.com/admin-portal/tenantSettings?experience=power-bi, https://learn.microsoft.com/fabric/
" target="_blank" rel="nofollow noopener noreferrer">https://learn.microsoft.com/fabric/
Compliance Issues
Failure to manage the new SAS token settings could result in non-compliance with data protection regulations, as unauthorized access may expose sensitive information.
- roles: Compliance Officer, Tenant Admin
- references: https://learn.microsoft.com/fabric/, https://learn.microsoft.com/rest/api/storageservices/create-user-delegation-sas
Configutation Options**
XXXXXXX ... paid membership only
Opportunities**
Enhanced Security through Short-lived SAS Tokens
Implementing short-lived user-delegated SAS tokens will significantly improve security by minimizing the risk of token misuse. Tokens will expire after one hour, limiting the window of opportunity for unauthorized access.
- next-steps: Review and enable the 'Use Short-lived user-delegated SAS tokens' setting in the Fabric Admin portal to enhance security protocols across the organization.
- roles: IT Security Manager, Data Governance Officer, Workspace Admins
- references: https://learn.microsoft.com/fabric/, https://learn.microsoft.com/rest/api/storageservices/create-user-delegation-sas
Streamlined Data Access for External Applications
The ability to generate SAS tokens allows external applications to access OneLake data temporarily. This is particularly beneficial for data integration tasks and for ISVs who need to provide their users with scoped access to data.
- next-steps: Evaluate the use cases for external applications and enable the 'Authenticate with OneLake user-delegated SAS tokens' setting to facilitate secure data sharing.
- roles: Data Integration Specialists, Application Developers, Workspace Admins
- references: https://learn.microsoft.com/fabric/, https://app.fabric.microsoft.com/admin-portal/tenantSettings?experience=power-bi
Improved User Experience for Workspace Admins
By allowing workspace admins to control the acceptance of SAS tokens, the organization can enhance the user experience for those managing data access, enabling more tailored access control based on workspace needs.
- next-steps: Communicate the changes to workspace admins and provide training on managing SAS token settings effectively.
- roles: Workspace Admins, IT Training Coordinators, Data Managers
- references: https://learn.microsoft.com/fabric/, https://app.fabric.microsoft.com/admin-portal/tenantSettings?experience=power-bi
Potentional Risks**
XXXXXXX ... paid membership only
IT Security**
XXXXXXX ... paid membership only
explanation for non-techies**
XXXXXXX ... free basic plan only
** AI generated content. This information must be reviewed before use.
a free basic plan is required to see more details. Sign up here
A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.
change history
Date | Property | old | new |
2024-09-27 | MC Messages | Coming soon for Microsoft Fabric: Two new settings in the Fabric Admin portal that are designed to enhance security and flexibility for applications interacting with Microsoft OneLake.
[When this will happen:] Public Preview: We will begin rolling out late September 2024 and expect to complete by late September 2024. You can start saving your settings in late August 2024. When the General Availability release timeline is known, we will update you. | Updated September 26, 2024: This feature is now live and is active in your tenant.
Coming soon for Microsoft Fabric: Two new settings in the Fabric Admin portal that are designed to enhance security and flexibility for applications interacting with Microsoft OneLake. [When this will happen:] Public Preview: We will begin rolling out late September 2024 and expect to complete by late September 2024. You can start saving your settings in late August 2024. When the General Availability release timeline is known, we will update you. |
2024-09-27 | MC Title | Microsoft Fabric: New tenant settings for short-lived user-delegated SAS tokens (Preview) | (Updated) Microsoft Fabric: New tenant settings for short-lived user-delegated SAS tokens (Preview) |
2024-09-27 | MC Last Updated | 08/27/2024 00:46:33 | 2024-09-27T00:21:07Z |
2024-09-27 | MC MessageTagNames | New feature, User impact, Admin impact | Updated message, New feature, User impact, Admin impact |
2024-09-27 | MC Summary | Microsoft Fabric introduces new settings for short-lived user-delegated SAS tokens, enhancing security for applications using Microsoft OneLake. Public Preview begins late September 2024, with settings available in late August. Admins can control token generation and workspace admins manage token acceptance. Tokens have a one-hour lifetime and require an Entra ID. Preparation involves reviewing settings and deciding on enabling features. | The message details the live feature of short-lived user-delegated SAS tokens in Microsoft Fabric, with new tenant settings available in the Fabric Admin portal. It outlines the rollout timeline, effects on organizations, supported scenarios, new settings, and preparation actions required for tenant and workspace admins. |
Last updated 1 week ago