check before: 2025-07-15
Product:
Fabric, Microsoft 365 Apps, Power BI
Platform:
Online, World tenant
Status:
Change type:
Feature update, User impact, Admin impact
Links:
Details:
Summary:
Microsoft Fabric is removing default Contributor access for Workspace Identities to enhance security. This change will be rolled out from mid-July to early August 2025. Admins can still manually assign roles using RBAC. Review and update your configurations and notify relevant personnel. Learn more [here](https://learn.microsoft.com/fabric/security/workspace-identity).
Details:
To strengthen security and align with customer feedback, Microsoft Fabric is updating how Workspace Identity permissions are handled. This change removes default Contributor access from Workspace Identities, reducing the risk of unintended access or misuse. This change will be on by default.
[When this will happen:]
General Availability (Worldwide): We will begin rolling out mid-July 2025 and expect to complete by early August 2025.
Change Category:
XXXXXXX ... free basic plan only
Scope:
XXXXXXX ... free basic plan only
Release Phase:
Created:
2025-06-25
updated:
2025-06-25
Task Type
XXXXXXX ... free basic plan only
Docu to Check
XXXXXXX ... free basic plan only
MS How does it affect me
XXXXXXX ... free basic plan only
MS Preperations
XXXXXXX ... free basic plan only
MS Urgency
XXXXXXX ... free basic plan only
MS workload name
XXXXXXX ... free basic plan only
summary for non-techies**
Microsoft Fabric is removing the default Contributor access for new Workspace Identities to enhance security, requiring admins to manually assign access using role-based access control (RBAC), with this change occurring automatically between mid-July and early August 2025.
Direct effects for Operations**
Loss of Default Contributor Access
Workspace Identities will no longer have default Contributor access, potentially disrupting workflows that rely on this access.
- roles: Admins, Data Analysts
- references: https://learn.microsoft.com/fabric/security/workspace-identity
Increased Administrative Overhead
Admins will need to manually assign roles to Workspace Identities, increasing the workload and potential for errors.
- roles: Admins, IT Support
- references: https://learn.microsoft.com/fabric/security/workspace-identity
User Access Issues
Users may experience access issues if their workflows depend on default Contributor permissions, leading to delays in project timelines.
- roles: End Users, Project Managers
- references: https://learn.microsoft.com/fabric/security/workspace-identity
Potential Security Risks
If roles are not assigned correctly post-change, there may be unintended access or misuse of Workspace Identities, increasing security vulnerabilities.
- roles: Security Officers, Admins
- references: https://learn.microsoft.com/fabric/security/workspace-identity
Need for Internal Communication
Organizations will need to communicate changes to users and update documentation, which may lead to confusion if not managed properly.
- roles: Communications Team, Admins
- references: https://learn.microsoft.com/fabric/security/workspace-identity
Configutation Options**
XXXXXXX ... paid membership only
Opportunities**
Enhanced Role-Based Access Control (RBAC) Management
With the removal of default Contributor access, organizations can take this opportunity to implement a more granular RBAC strategy. This will enhance security by ensuring that only necessary personnel have access to specific resources, thereby minimizing the risk of data breaches or unauthorized access.
- next-steps: Conduct a review of current RBAC configurations and identify roles that require adjustment. Develop a training session for admins on how to effectively manage RBAC in the new environment.
- roles: IT Administrators, Security Officers, Compliance Managers
- references: https://learn.microsoft.com/fabric/security/workspace-identity
User Awareness and Training Programs
As this change may impact users who previously relied on default Contributor access, there is an opportunity to develop training programs to educate users about the new permissions model and how to request access as needed. This will help mitigate confusion and ensure smooth transitions post-rollout.
- next-steps: Create training materials that outline the new permissions model and provide guidelines on how to request access. Schedule training sessions and distribute materials to relevant users.
- roles: End Users, Team Leaders, Project Managers
- references: https://learn.microsoft.com/fabric/security/workspace-identity
Documentation and Compliance Updates
The change necessitates an update to internal documentation regarding Workspace Identity configurations and access management. This presents an opportunity to enhance documentation practices and ensure compliance with security policies.
- next-steps: Review existing documentation to identify sections that need updates. Assign team members to revise and enhance documentation, ensuring it reflects the new permissions model and compliance requirements.
- roles: IT Administrators, Compliance Managers, Documentation Specialists
- references: https://learn.microsoft.com/fabric/security/workspace-identity
Potentional Risks**
XXXXXXX ... paid membership only
IT Security**
XXXXXXX ... paid membership only
explanation for non-techies**
XXXXXXX ... free basic plan only
** AI generated content. This information must be reviewed before use.
a free basic plan is required to see more details. Sign up here
A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.
Last updated 2 weeks ago
