MC873746 – (Updated) Microsoft Fabric: New tenant settings for short-lived user-delegated SAS tokens (Preview)

Power BI icon

check before: 2024-08-01

Product:

Entra, Fabric, Power BI

Platform:

Online, World tenant

Status:

Change type:

Admin impact, New feature, Updated message, User impact

Links:

Details:

Summary:
The message details the live feature of short-lived user-delegated SAS tokens in Microsoft Fabric, with new tenant settings available in the Fabric Admin portal. It outlines the rollout timeline, effects on organizations, supported scenarios, new settings, and preparation actions required for tenant and workspace admins.

Details:
Updated September 26, 2024: This feature is now live and is active in your tenant.
Coming soon for Microsoft Fabric: Two new settings in the Fabric Admin portal that are designed to enhance security and flexibility for applications interacting with Microsoft OneLake.
[When this will happen:]
Public Preview: We will begin rolling out late September 2024 and expect to complete by late September 2024. You can start saving your settings in late August 2024.
When the General Availability release timeline is known, we will update you.

Change Category:
XXXXXXX ... free basic plan only

Scope:
XXXXXXX ... free basic plan only

Release Phase:

Created:
2024-08-27

updated:
2024-09-27

Task Type

XXXXXXX ... free basic plan only

Docu to Check

XXXXXXX ... free basic plan only

MS How does it affect me

XXXXXXX ... free basic plan only

MS Preperations

XXXXXXX ... free basic plan only

MS Urgency

XXXXXXX ... free basic plan only

MS workload name

XXXXXXX ... free basic plan only

summary for non-techies**

Microsoft Fabric has introduced short-lived user-delegated SAS tokens for Microsoft OneLake, enhancing security and flexibility by allowing admins to create temporary access keys tied to a specific user and valid for up to one hour. Two settings in the Fabric Admin portal manage this feature: enabling the creation of these tokens by default and allowing workspace admins to decide if their workspace will accept them as a valid authentication method.

Direct effects for Operations**

Security Risks
If tenant settings are not reviewed and adjusted, enabling short-lived user-delegated SAS tokens by default may lead to unauthorized access to sensitive data, as workspace admins can enable SAS authentication without tenant admin oversight.
   - roles: Tenant Admin, Workspace Admin
   - references: https://learn.microsoft.com/fabric/, https://learn.microsoft.com/rest/api/storageservices/create-user-delegation-sas

User Experience Disruption
Users may experience disruptions in accessing data if the new SAS token settings are not properly configured, leading to potential downtime or inability to perform necessary tasks.
   - roles: End User, Workspace Admin
   - references: https://app.fabric.microsoft.com/admin-portal/tenantSettings?experience=power-bi, https://learn.microsoft.com/fabric/ " target="_blank" rel="nofollow noopener noreferrer">https://learn.microsoft.com/fabric/

Compliance Issues
Failure to manage the new SAS token settings could result in non-compliance with data protection regulations, as unauthorized access may expose sensitive information.
   - roles: Compliance Officer, Tenant Admin
   - references: https://learn.microsoft.com/fabric/, https://learn.microsoft.com/rest/api/storageservices/create-user-delegation-sas

Configutation Options**

XXXXXXX ... paid membership only

Opportunities**

Enhanced Security through Short-lived SAS Tokens
Implementing short-lived user-delegated SAS tokens will significantly improve security by minimizing the risk of token misuse. Tokens will expire after one hour, limiting the window of opportunity for unauthorized access.
   - next-steps: Review and enable the 'Use Short-lived user-delegated SAS tokens' setting in the Fabric Admin portal to enhance security protocols across the organization.
   - roles: IT Security Manager, Data Governance Officer, Workspace Admins
   - references: https://learn.microsoft.com/fabric/, https://learn.microsoft.com/rest/api/storageservices/create-user-delegation-sas

Streamlined Data Access for External Applications
The ability to generate SAS tokens allows external applications to access OneLake data temporarily. This is particularly beneficial for data integration tasks and for ISVs who need to provide their users with scoped access to data.
   - next-steps: Evaluate the use cases for external applications and enable the 'Authenticate with OneLake user-delegated SAS tokens' setting to facilitate secure data sharing.
   - roles: Data Integration Specialists, Application Developers, Workspace Admins
   - references: https://learn.microsoft.com/fabric/, https://app.fabric.microsoft.com/admin-portal/tenantSettings?experience=power-bi

Improved User Experience for Workspace Admins
By allowing workspace admins to control the acceptance of SAS tokens, the organization can enhance the user experience for those managing data access, enabling more tailored access control based on workspace needs.
   - next-steps: Communicate the changes to workspace admins and provide training on managing SAS token settings effectively.
   - roles: Workspace Admins, IT Training Coordinators, Data Managers
   - references: https://learn.microsoft.com/fabric/, https://app.fabric.microsoft.com/admin-portal/tenantSettings?experience=power-bi

Potentional Risks**

XXXXXXX ... paid membership only

IT Security**

XXXXXXX ... paid membership only

explanation for non-techies**

XXXXXXX ... free basic plan only

** AI generated content. This information must be reviewed before use.

a free basic plan is required to see more details. Sign up here


A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.



change history

DatePropertyoldnew
2024-09-27MC MessagesComing soon for Microsoft Fabric: Two new settings in the Fabric Admin portal that are designed to enhance security and flexibility for applications interacting with Microsoft OneLake.
[When this will happen:]
Public Preview: We will begin rolling out late September 2024 and expect to complete by late September 2024. You can start saving your settings in late August 2024.
When the General Availability release timeline is known, we will update you.
Updated September 26, 2024: This feature is now live and is active in your tenant.
Coming soon for Microsoft Fabric: Two new settings in the Fabric Admin portal that are designed to enhance security and flexibility for applications interacting with Microsoft OneLake.
[When this will happen:]
Public Preview: We will begin rolling out late September 2024 and expect to complete by late September 2024. You can start saving your settings in late August 2024.
When the General Availability release timeline is known, we will update you.
2024-09-27MC TitleMicrosoft Fabric: New tenant settings for short-lived user-delegated SAS tokens (Preview)(Updated) Microsoft Fabric: New tenant settings for short-lived user-delegated SAS tokens (Preview)
2024-09-27MC Last Updated08/27/2024 00:46:332024-09-27T00:21:07Z
2024-09-27MC MessageTagNamesNew feature, User impact, Admin impactUpdated message, New feature, User impact, Admin impact
2024-09-27MC SummaryMicrosoft Fabric introduces new settings for short-lived user-delegated SAS tokens, enhancing security for applications using Microsoft OneLake. Public Preview begins late September 2024, with settings available in late August. Admins can control token generation and workspace admins manage token acceptance. Tokens have a one-hour lifetime and require an Entra ID. Preparation involves reviewing settings and deciding on enabling features.The message details the live feature of short-lived user-delegated SAS tokens in Microsoft Fabric, with new tenant settings available in the Fabric Admin portal. It outlines the rollout timeline, effects on organizations, supported scenarios, new settings, and preparation actions required for tenant and workspace admins.

Last updated 2 months ago

Share to MS Teams

Login to your account

Welcome Back, We Missed You!