In the era of AI, data has become the cornerstone of analytics platforms. With the ever-increasing volume of data being collected across various applications, data lakes, databases, and data warehouses within an enterprise data estate, the need for secure access to enterprise data sources has become critical. This is particularly important given the growth of sensitive data and the need for stricter network and data access policies. Ensuring that private and sensitive data remains within the safe boundaries of enterprise virtual private networks is essential for maintaining the security and integrity of enterprise data.
We are excited to announce the public preview of Managed Private Endpoints for Microsoft Fabric. This feature allows secure connections to data sources that are behind a firewall or not accessible from the public internet. Managed Private Endpoints enable Fabric Data Engineering items to access data sources securely without exposing them to the public network or requiring complex network configurations. These private endpoints provide a secure way to connect and access data from sources like Azure SQL DB or Storage account blocked from public access from your Fabric Spark Notebooks or Spark Job Definitions.
Workspaces with managed private endpoints have network isolation through a dedicated managed virtual network. These managed virtual networks (Managed VNETs) separate the Spark compute clusters from the shared virtual network and enable network security features such as private links and managed private endpoints. Microsoft Fabric takes care of the provisioning and management of the virtual networks and private endpoints, so users do not have to create or manage these network infrastructure resources themselves.
Connect to Data Sources Securely and Easily from your Fabric Workspace
Users can create and delete managed private endpoints from the workspace settings of a Fabric Workspace.
By just providing connection details, your managed private endpoint is instantly provisioned in the Managed VNET and a request for private endpoint access is submitted to the data source administrator for approval.
Users can track the status and approval process of the managed private endpoints from the Network security section of the Workspace settings.
Managed Private Endpoints support various data sources, including Azure Storage, Azure SQL Database, Azure Synapse Analytics, Azure Cosmos DB, Application gateway, Azure Key Vault, and many more.
Note: Managed private endpoints are only supported for Fabric Trial capacity and Fabric capacities F64 or higher SKUs.
To learn more about the benefits, detailed steps of setup and limitations of managed private endpoints in Microsoft Fabric, please refer to our documentation Overview of managed private endpoints in Fabric.
To learn more about network isolation offered by managed virtual networks, please refer to Overview of managed virtual networks in Fabric.
To learn more about the Private link support for Microsoft Fabric, please refer to Overview of private links.