Administration and Governance in Microsoft Fabric

What is Microsoft Fabric?

Microsoft Fabric is the new Microsoft branded analytics platform that integrates data warehousing, data integration and orchestration, data engineering, data science, real-time analytics, and business intelligence into a single product. This new one-stop shop for analytics brings a set of innovative features and capabilities by providing a transformative tool for data professionals and business users. With Microsoft Fabric, we can leverage the power of data and AI to transform organizations and create new opportunities from data.

For more Microsoft Fabric topics 👉 Microsoft Fabric | element61

To explain Fabric administration as best as possible, let's make sure we know what Microsoft Fabric is. Microsoft Fabric is a product that lets you do everything with data, from collecting it to analyzing it to visualizing it. It’s like a Swiss Army knife for data but without the risk of cutting yourself (with good administration and governance) 😉

Sounds incredibly promising already, now how do we set up proper administration to get the most out of it?


What is Fabric administration and governance?

Effective administration is crucial for ensuring the smooth operation of your data landscape. Properly setting up and managing the organization-wide settings is essential in controlling how Microsoft Fabric functions. As an administrator, you have the ability to configure, monitor, and provision the necessary resources for your organization. This creates a secure data environment where individuals can work with their data without interfering with others.

Assigning different roles to users allows everyone to work together in an organized manner within the workspaces. This functionality was already available in Power BI, and Microsoft Fabric follows the same logic on a per-workspace basis. You can also monitor and manage capacities, workspaces, and workloads to optimize performance and budget allocation together with the developers.

Microsoft Fabric administration assists in maintaining data security and compliance through the Purview hub. The Purview hub is also available in Power BI, ensuring compatibility with Power BI licenses. By establishing policies and rules for data access, classification, loss prevention, and auditing in O365, you can monitor them within Microsoft Fabric. In the future, Microsoft Fabric will also support the direct assignment of these labels through OneSecurity, although the release timeline for OneSecurity is currently undisclosed. Additionally, Azure Active Directory can be used to configure conditional access to Microsoft Fabric resources. The ultimate goal of effective Fabric administration is to create a data playground that operates smoothly.
As a Fabric administrator, it is important to have a solid understanding of the Fabric architecture, security and governance features, and analytics capabilities, as well as the various deployment and licensing options available.

How do I become a Fabric Administrator?

Now that I have convinced you of the benefits of good administration, let's see how you can become a Fabric administrator. 😎

For that, you'll need to know a few things. There are several roles that work together to administer Microsoft Fabric inside your organization. Most of the admin roles are assigned in the Microsoft 365 Portal or by using PowerShell (click here to know how to do this). To become a Fabric admin, you need to be assigned one of the following roles: 

Power Platform and Power BI Admin roles

  • Power Platform administrators or Power BI administrators, now called Fabric administrator can enable and disable Microsoft Fabric features, report on usage and performance, review and manage auditing, and create capacities. All Microsoft Fabric management tasks are fully accessible, except for licensing. 

Capacity admin roles

  • Capacity administrator can assign workspaces to the capacity you're the admin of, manage user permission and manage workloads on that capacity 

For a complete picture of roles and corresponding tasks, you can click here.

How do I enable Microsoft Fabric for my organization?

If you're already an organization that uses Power BI, that's great! You can just opt into Microsoft Fabric whenever you feel like it. How does Microsoft Fabric licensing compare to Power BI licensing, you can check this excellent insight
 
To enable Microsoft Fabric, you have 2 options:

  • Enable for your tenant to be an early adaptor of Microsoft Fabric. This feature will be dismissed after the trial period.
  • Enable it for a specific capacity to try out Microsoft Fabric

 
Enable it for your tenant

When you enable Microsoft Fabric for your tenant, you can enable it for:

  • The entire organization so everyone has access to Microsoft Fabric
  • Specific security groups so only a selected few people can access Microsoft Fabric

Visit https://learn.microsoft.com/en-us/fabric/admin/fabric-switch to implement this step-by-step.
 

Enable for a capacity

Because Microsoft Fabric is still in preview, this can be a reason to not directly enable it on your tenant. What you then can do is enable it for a capacity to experiment with it. A guide on how you can do this can be found here.

With great admin power comes great responsibility, but what responsibility? 🕸️

Now that we've set up Microsoft Fabric and we are Microsoft Fabric admins, what can we do? As an admin, you have a wide range of responsibilities to design Fabric as a well-oiled machine. These tasks include:

Managing security and access control is crucial in Fabric administration to ensure authorized access to sensitive data. Role-based access control (RBAC) can be deployed to determine content viewing and editing permissions in the workspaces. Secure connections to on-premises data sources can be established through data gateways, and Azure Active Directory (Azure AD) can be utilized for user access management.

Understanding data governance principles is essential for effective Fabric administration. This includes monitoring usage and performance metrics, and implementing data governance policies to restrict data access to authorized users only.

Monitoring and optimization are vital responsibilities of a Fabric admin. This entails monitoring platform performance and usage, optimizing resource allocation, and troubleshooting issues. Activities may include configuring monitoring and alerting preferences, managing capacity and managing scalability. Next to that, the Fabric admin can alert the data engineers when there is an issue with query performance, data refresh problems or connectivity problems.

How can I use my admin powers? 💪

The Admin Portal 

Now it's time to use your newly acquired power. For that, you'll have to get familiar with your new (digital) home: the admin portal. You can access the admin portal by signing into Microsoft Fabric and selecting the cog symbol. There you can select Admin Portal from the menu. You'll see that the Power BI admin portal has now been extended to become the Fabric admin portal.

You can apply settings for the entire organization (tenant level) or on the capacity level to centrally manage, review and apply settings. You can also manage users, admins and groups, access audit logs, and monitor usage and performance.

Given that there are numerous options and configurations in the Fabric Admin Portal, we won't be tackling all of them. For a full list of capabilities and settings, you can check this link. We will, however, go over the most important ones to ensure you're well on your way. 

Fabric Admin Portal

PowerShell cmdlets

If you're tired of common administrative tasks, you can opt to use PowerShell cmdlets in Fabric. These are simple commands that can be executed in PowerShell and configured in Microsoft Fabric in a code-based way. Some examples to use PowerShell cmdlets include creating and managing groups, configuring data sources and monitoring usage and performance. Visit https://learn.microsoft.com/en-us/powershell/power-bi/overview?view=powerbi-ps for more information on how why and when to use them.

Admin Monitoring Workspace

Fabric tenant administrators can access the newly introduced admin monitoring workspace. You have the option to grant access to this workspace as a whole or select specific items within it to share with other users within your organization. Within the admin monitoring workspace, you will find the Feature Usage and Adoption dataset and report. These resources work together to offer valuable insights into the usage and performance of your Fabric environment. By leveraging this information, you can effectively identify trends, and patterns, and promptly troubleshoot any issues that may arise. You can also track the usage of every capacity, the most active users and the most active items there.

Image
Admin Monitoring Workspace

Which actions can I take?

As a Fabric administrator, you can act in several ways. Let's put these actions in a couple of categories and elaborate on them.

Capacity

A Microsoft Capacity is a pool of resources that determines the amount of computational power your organization gets. You can create different capacities according to your needs. A dev environment for example might want to have a capacity that you can turn on or off, while a prod environment might want to have a reserved capacity associated with it, allowing for predictable and lower costs. We'll elaborate on this in a future insight.
To find more relevant information about Fabric capacities, please visit https://learn.microsoft.com/en-us/fabric/enterprise/licenses.

Domains

With the ever-growing data landscape inside organizations, we need a way to organize and manage that data landscape in a logical way. To help achieve this, Microsoft Fabric introduced the concept of domains. A domain is a logical grouping of data in an organization that is relevant to a particular area or field. By associating workspaces to specific domains, we can achieve just that. In the background, all items inside that workspace will then receive a domain attribute as part of their metadata, which will enable you to filter content by domain to find what's relevant to you. There are three roles involved in domains, namely:

  • The Fabric Admin (or higher) have total control over creating, deleting and editing domains, next to assigning domain admins and domain contributors.
  • The Domain Admin can't create or delete domains but can edit the domains they're the admin of, next to assigning domain contributors.
  • The Domain Contributor is a workspace admin who can associate the workspace they're the admin of to a specific domain.

To find more relevant information about Fabric domains, please visit https://learn.microsoft.com/en-us/fabric/governance/domains.

Workspaces

At the heart of Microsoft Fabric there are workspaces, where data, Fabric items and teams come together. How to set up which workspace is essential for seamless development. In a future blog post, we'll describe what the ideal setup is and why, considering different teams and departments, as well as the added CICD for incremental updates for your Fabric datasets and reports and the git integration for version control. The role of the administrator lies in giving and restricting access to who can create workspaces and distribute apps. Workspace admins can then manage their workspaces themselves according to the designed best practices. Fabric admins can also manage, recover and even delete workspaces.

To find more relevant information about Fabric workspaces, please visit https://learn.microsoft.com/en-us/fabric/get-started/workspaces.

Purview hub report    

Once everything is set in place, an ongoing task of the Fabric administrator will be to manage and govern their data estate. The Microsoft Purview hub report allows you to check reports about sensitive data and item endorsement inside Fabric. It also acts as a gateway between Fabric and Microsoft Purview to govern items outside of Fabric as well.
To find more relevant information about the Microsoft Purview hub, please visit https://learn.microsoft.com/en-us/fabric/governance/use-microsoft-purview-hub.

Monitoring hub

Next to having a view on the sensitivity item endorsements of your data, you'll also want to monitor various Microsoft Fabric activities. Dataset refreshes, Spark Job runs and many other Microsoft Fabric items can be monitored from this one central location. For each activity, you'll get some metadata to monitor like status, item type, duration, location, and capacity,...
To find more relevant information about Microsoft Monitoring Hub, please visit https://learn.microsoft.com/en-us/fabric/admin/monitoring-hub.

Feature Usage and Adoption Report

The Feature Usage and Adoption report lets the Microsoft Fabric administrator monitor the activities inside the Fabric data landscape. The report lets you track the total activities over time, by user, by Fabric item,... to get a sense of the life inside your Microsoft Fabric data estate and to investigate strange patterns. Admins can share this report and the dataset with others inside the organization to show and monitor daily activities, trends, actively used capacities, underused capacities, workspaces, and the overall pulse of your organization. 

How do these things intertwine?

To correctly assign capacities, domains, workspaces and items in Microsoft Fabric, the Microsoft Fabric admin should have a clear view of the 'skeleton' of Microsoft Fabric. In the figure below, you'll find how these things work together. In one tenant, you can have multiple capacities according to the organization's needs. A domain can use different capacities since not all workspaces in one domain need to have the same high or low capacity. The Microsoft Fabric admin can play with these capacities to make sure all resources are used efficiently. A workspace, however, can only be assigned to one capacity, as do all Microsoft Fabric items within them. In future insights, we'll go over some best practices on how to construct this in a real-life environment.

Image
Structure of Microsoft Fabric