MC873746 – Microsoft Fabric: New tenant settings for short-lived user-delegated SAS tokens (Preview)

Power BI icon

check before: 2024-08-01

Product:

Entra, Fabric, Power BI

Platform:

Online, World tenant

Status:

Change type:

New feature, User impact, Admin impact

Links:

Details:

Summary:
Microsoft Fabric introduces new settings for short-lived user-delegated SAS tokens, enhancing security for applications using Microsoft OneLake. Public Preview begins late September 2024, with settings available in late August. Admins can control token generation and workspace admins manage token acceptance. Tokens have a one-hour lifetime and require an Entra ID. Preparation involves reviewing settings and deciding on enabling features.

Details:
Coming soon for Microsoft Fabric: Two new settings in the Fabric Admin portal that are designed to enhance security and flexibility for applications interacting with Microsoft OneLake.
[When this will happen:]
Public Preview: We will begin rolling out late September 2024 and expect to complete by late September 2024. You can start saving your settings in late August 2024.
When the General Availability release timeline is known, we will update you.

Change Category:
XXXXXXX ... free basic plan only

Scope:
XXXXXXX ... free basic plan only

Release Phase:

Created:
2024-08-27

updated:
2024-08-27

Task Type

XXXXXXX ... free basic plan only

Docu to Check

XXXXXXX ... free basic plan only

MS How does it affect me

XXXXXXX ... free basic plan only

MS Preperations

XXXXXXX ... free basic plan only

MS Urgency

XXXXXXX ... free basic plan only

MS workload name

XXXXXXX ... free basic plan only

Direct effects for Operations**

Short-lived SAS Token Generation
If tenant admins do not review and disable the default ON setting for short-lived user-delegated SAS tokens, it may lead to unintended access permissions being granted to applications, potentially compromising data security.
   - roles: Tenant Admin, Workspace Admin
   - references: https://learn.microsoft.com/fabric/, https://learn.microsoft.com/rest/api/storageservices/create-user-delegation-sas

Authentication with SAS Tokens
If the setting for authenticating with OneLake user-delegated SAS tokens is left OFF by default and not reviewed, workspace admins may face issues in granting necessary access to applications that require SAS token authentication, leading to operational disruptions.
   - roles: Workspace Admin, End User
   - references: https://learn.microsoft.com/fabric/, https://app.fabric.microsoft.com/admin-portal/tenantSettings?experience=power-bi

Lack of Preparedness for Changes
Without proper preparation and communication regarding the new settings, users may experience confusion and frustration due to unexpected changes in access protocols, impacting their productivity and user experience.
   - roles: End User, Tenant Admin
   - references: https://learn.microsoft.com/fabric/, https://app.fabric.microsoft.com/admin-portal/tenantSettings?experience=power-bi

Configutation Options**

Use Short-lived user-delegated SAS tokens (Preview)
This setting allows the creation of short-lived user-delegated SAS tokens by turning on the user delegation key API for the entire tenant.
   - technical instructions: To disable this feature, navigate to the Fabric Admin portal, locate the tenant settings, and turn OFF the 'Use Short-lived user-delegated SAS tokens' option.
   - references: https://app.fabric.microsoft.com/admin-portal/tenantSettings?experience=power-bi, https://learn.microsoft.com/fabric/

Authenticate with OneLake user-delegated SAS tokens (Preview)
This setting enables authentication using OneLake user-delegated SAS tokens and is automatically delegated to workspace admins.
   - technical instructions: To restrict this feature, ensure that the 'Authenticate with OneLake user-delegated SAS tokens' setting is OFF in the Fabric Admin portal.
   - references: https://app.fabric.microsoft.com/admin-portal/tenantSettings?experience=power-bi, https://learn.microsoft.com/fabric/

Review and Decide on Settings
Admins should review the implications of the new settings and decide whether to enable or disable them based on organizational policies.
   - technical instructions: Regularly assess the tenant settings in the Fabric Admin portal and make necessary adjustments to align with security policies before the public preview rollout.
   - references: https://app.fabric.microsoft.com/admin-portal/tenantSettings?experience=power-bi, https://learn.microsoft.com/fabric/

Opportunities**

XXXXXXX ... free basic plan only

Potentional Risks**

XXXXXXX ... paid membership only

IT Security**

XXXXXXX ... paid membership only

** AI generated content. This information is not reliable.

a free basic plan is required to see more details. Sign up here


A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.



Share to MS Teams

Login to your account

Welcome Back, We Missed You!