check before: 2025-07-01
Product:
Fabric, Microsoft 365 Apps, Power BI
Platform:
Online, World tenant
Status:
Change type:
Admin impact, Feature update, Updated message, User impact
Links:
Details:
Summary:
Microsoft Fabric will remove default Contributor access from Workspace Identities starting late July 2025 to enhance security. Existing and new Workspace Identities will no longer have this access by default. Admins can manually assign roles via RBAC. No action is required before rollout, but review current configurations.
Details:
Updated July 23, 2025: We have updated the timeline. Thank you for your patience.
To strengthen security and align with customer feedback, Microsoft Fabric is updating how Workspace Identity permissions are handled. This change removes default Contributor access from Workspace Identities, reducing the risk of unintended access or misuse. This change will be on by default.
[When this will happen:]
General Availability (Worldwide): We will begin rolling out late July 2025 (previously mid-July) and expect to complete by early August 2025.
Change Category:
XXXXXXX ... free basic plan only
Scope:
XXXXXXX ... free basic plan only
Release Phase:
Created:
2025-06-25
updated:
2025-07-24
Task Type
XXXXXXX ... free basic plan only
Docu to Check
XXXXXXX ... free basic plan only
MS How does it affect me
XXXXXXX ... free basic plan only
MS Preperations
XXXXXXX ... free basic plan only
MS Urgency
XXXXXXX ... free basic plan only
MS workload name
XXXXXXX ... free basic plan only
summary for non-techies**
XXXXXXX ... free basic plan only
Direct effects for Operations**
Removal of Default Contributor Access
Users will lose automatic access to contribute in workspaces, potentially disrupting ongoing projects and workflows that rely on this access.
- roles: Workspace Admin, Data Analyst
- references: https://learn.microsoft.com/fabric/security/workspace-identity
Increased Administrative Overhead
Admins will need to manually assign roles to Workspace Identities, increasing the workload and potential for errors during the transition period.
- roles: IT Administrator, Workspace Admin
- references: https://learn.microsoft.com/fabric/security/workspace-identity
Potential Workflow Disruptions
Existing workflows that depend on default Contributor access may fail, leading to delays in project timelines and user frustration.
- roles: Data Analyst, Project Manager
- references: https://learn.microsoft.com/fabric/security/workspace-identity
User Confusion and Frustration
Users may be unaware of the change and find themselves unable to perform tasks they previously could, leading to confusion and decreased productivity.
- roles: End User, Data Analyst
- references: https://learn.microsoft.com/fabric/security/workspace-identity
Security Risks with Manual Role Assignments
If not managed properly, manual role assignments could lead to unauthorized access or misuse of Workspace Identities, increasing security vulnerabilities.
- roles: IT Security Officer, Workspace Admin
- references: https://learn.microsoft.com/fabric/security/workspace-identity
Configutation Options**
XXXXXXX ... paid membership only
Opportunities**
XXXXXXX ... free basic plan only
Potentional Risks**
XXXXXXX ... paid membership only
IT Security**
XXXXXXX ... paid membership only
explanation for non-techies**
Microsoft Fabric is making a change to enhance security by removing the default Contributor access from Workspace Identities. Think of Workspace Identities like keys to a building. Previously, every key (Workspace Identity) automatically came with the ability to open most doors (Contributor access). However, to prevent unauthorized access or accidental misuse, Microsoft has decided that these keys will no longer come with such broad access by default.
Starting from late July 2025, when you create a new Workspace Identity, it won't automatically have the ability to open all doors. Similarly, existing keys will have their broad access removed. This means that if you want a Workspace Identity to have certain permissions, you'll need to manually assign them using role-based access control (RBAC). It's like giving specific keys to specific people based on the rooms they need to access.
For those managing these changes, you don't need to do anything before the rollout. However, it's a good idea to review your current setup. Check if any of your workflows depend on the default Contributor access and adjust accordingly. You might also want to inform your team about this change and update any internal guides or documentation.
If you need to assign specific roles to a Workspace Identity, you can do so by navigating to the Fabric Workspace, selecting "Manage Access," and then adding people or groups to the appropriate roles. Just remember, anyone with access to the identity can assume it, so assign roles carefully.
This change will be implemented automatically, so there's no need for immediate action, but being prepared will help ensure a smooth transition.
** AI generated content. This information must be reviewed before use.
a free basic plan is required to see more details. Sign up here
A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.
change history
| Date | Property | old | new |
| 2025-07-24 | MC prepare | This rollout will happen automatically by the specified dates with no admin action required before the rollout. Review your current Workspace Identity configurations and evaluate whether any existing workflows rely on default Contributor access. You may want to notify your admins and/or users about this change and update internal documentation. | This rollout will happen automatically by the specified dates with no admin action required before the rollout. Review your current Workspace Identity configurations and evaluate whether any existing workflows rely on default Contributor access. You may want to notify your admins and/or users about this change and update internal documentation.
https://learn.microsoft.com/fabric/security/workspace-identity |
| 2025-07-24 | MC Summary | Microsoft Fabric is removing default Contributor access for Workspace Identities to enhance security. This change will be rolled out from mid-July to early August 2025. Admins can still manually assign roles using RBAC. Review and update your configurations and notify relevant personnel. Learn more [here](https://learn.microsoft.com/fabric/security/workspace-identity). | Microsoft Fabric will remove default Contributor access from Workspace Identities starting late July 2025 to enhance security. Existing and new Workspace Identities will no longer have this access by default. Admins can manually assign roles via RBAC. No action is required before rollout, but review current configurations. |
| 2025-07-24 | MC Last Updated | 06/25/2025 02:11:46 | 2025-07-23T23:34:25Z |
| 2025-07-24 | MC Messages | To strengthen security and align with customer feedback, Microsoft Fabric is updating how Workspace Identity permissions are handled. This change removes default Contributor access from Workspace Identities, reducing the risk of unintended access or misuse. This change will be on by default.
[When this will happen:] General Availability (Worldwide): We will begin rolling out mid-July 2025 and expect to complete by early August 2025. | Updated July 23, 2025: We have updated the timeline. Thank you for your patience.
To strengthen security and align with customer feedback, Microsoft Fabric is updating how Workspace Identity permissions are handled. This change removes default Contributor access from Workspace Identities, reducing the risk of unintended access or misuse. This change will be on by default. [When this will happen:] General Availability (Worldwide): We will begin rolling out late July 2025 (previously mid-July) and expect to complete by early August 2025. |
| 2025-07-24 | MC Title | Microsoft Fabric: Removing default contributor access for Workspace Identity | (Updated) Microsoft Fabric: Removing default contributor access for Workspace Identity |
| 2025-07-24 | MC MessageTagNames | Feature update, User impact, Admin impact | Updated message, Feature update, User impact, Admin impact |
Last updated 4 months ago ago
