How Microsoft Fabric governance protects your data


Microsoft Fabric is the new Microsoft branded analytics platform that integrates data warehousing, data integration and orchestration, data engineering, data science, real-time analytics, and business intelligence into a single product. This new one-stop shop for analytics brings a set of innovative features and capabilities by providing a transformative tool for data professionals and business users. With Microsoft Fabric, you can leverage the power of data and AI to transform your organization and create new opportunities.
For more Microsoft Fabric topics 👉 Microsoft Fabric | element61

We all know it, but why is protecting your data so important? 

Managing, protecting, and monitoring your data is crucial in today's digital landscape. That's why everyone keeps hammering about it, and with good reason, because data is susceptible to external threats and internal vulnerabilities, which require our attention to keep it healthy and secure. Without proper management and governance, data can become fragmented, duplicated, lost, or stolen, leading to confusion, inefficiency, and security breaches. Confusion and inefficiency can, in turn, lead to extra costs, longer development times, and frustration. At the same time, business data breaches can cause severe reputational damage, financial repercussions, and legal liabilities. Proper data protection measures, like access controls and sensitivity labels, protect against these potential disasters.

As a watchman, data monitoring and governing in Microsoft Fabric help detect anomalies, unauthorized access, and suspicious patterns. Early detection allows for quick action, mitigating potential damage and minimizing the impact of security breaches.

How does Microsoft Fabric enable data protection?

Microsoft Fabric has features to ensure your sensitive business data is secure, accessible to the right people and monitored. Below, you'll find a set of these capabilities to get the most out of data protection in Microsoft Fabric.

A.    Information Protection 🛡️

In Microsoft Fabric, information protection means that you can discover, classify, and protect Fabric data using sensitivity labels. Compliance officers can apply sensitivity labels to Microsoft Fabric items, including datasets, reports, dashboards, and dataflows, which means your data remains protected even when exported via supported export paths. Admins and compliance officers can then monitor activities on sensitivity labels in Microsoft Purview Audit. The foundation for Microsoft Fabric's data protection is mainly based on the data protection provided by Power BI and since Microsoft Fabric is relatively new, it is currently less supported than Power BI. A complete list of Microsoft Fabric's information protection capabilities can be found here.

ln the Microsoft Fabric Admin Portal, you can alter information protection settings under the Tenant settings. These will let you control who can apply sensitivity labels, inheritance of sensitivity labels, overrides of sensitivity labels, and sharing of sensitive content.

MS Fabric Tenant settings


B.    Data Loss Prevention 💾

Data Loss Prevention (DLP) policies are like the guardians of your sensitive data. They help you detect and protect your data from being exposed or misused by unauthorized users. Note that this currently is only supported for Power BI datasets, not yet for other Microsoft Fabric items. For example, suppose you have a Power BI dataset containing confidential information like credit card numbers or mail addresses. In that case, you can use DLP policies to prevent users from uploading or sharing that data with other services or apps. You can also use the Microsoft Fabric Purview hub to monitor and manage your DLP policies. In short, DLP policies are not only good for your data security but also for your peace of mind.
For more information about data loss prevention for Power BI datasets, visit Data loss prevention policies for Power BI.

C.    Endorsement 🎖️

There are cases in which you'll have loads of Microsoft Fabric items, but not all are ready for consumption because of ongoing work or unreliable data. Endorsement acts like a stamp of approval for these Microsoft Fabric items, such as reports, datasets, dataflows, and processes. Item owners can promote qualitative Microsoft Fabric items, and organizations can certify items that meet quality and standards. It helps you and other users to identify and find trustworthy and high-quality items inside your data estate. In the Microsoft Purview Hub, admins can see the endorsed items in their organization's data estate to guide users to better quality content. Endorsement helps you protect your data and the use of your data by ensuring that you only use reliable and verified sources of information.

As you probably noticed, I mentioned two actions to endorse Microsoft Fabric items: promoting and certifying. 

In common sense, promotion means advancing to a higher level, primarily with greater responsibilities. The same thing happens when you promote Microsoft Fabric items. They are an acknowledgement of the value and a sign that the information inside is interesting so others can use it. This, in turn, enables the spread of trustworthy information inside the company.

Certification, in turn, means that the item is trustworthy, reliable, and meets the organization's quality standards. Users can readily use this item to retrieve quality information. 

D.    Metadata Scanning 🕵🏻

Having a bird's view of your data landscape and its metadata enables admins to catalog and report on the metadata of your Microsoft Fabric items. Through a set of Admin REST APIs (known as scanner APIs), you can extract information such as item name, owner, sensitivity label, and endorsement status. More specifically, you can extract tables, column names, measures, DAX expressions, and so on for Power BI datasets. 

A couple of use cases of metadata scanning can be to report on the sensitive information inside a business unit or domain, to have an overview of the endorsements inside a domain or the company, and even go as exotic to unleash AI to generate an explanation of DAX measures.

For information on what sort of information you can further extract, you can visit Admin - WorkspaceInfo GetScanResult.

How you set up metadata scanning for your organization can be found here: Metadata scanning overview.

E.    Lineage ↔

Microsoft Fabric's lineage feature lets you quickly identify the relationships between your data, including their origins, usage, and dependencies. Lineage can help you to protect your data by ensuring its quality, accuracy, and compliance. For example, if you have a report that shows sales information, you might want to know where this data came from, what transformations took place, and what other reports or dashboards use the same information. Lineage can also answer questions about impact analysis when the source changes or failed refreshes of datasets. Another advantage of the linage in Microsoft Fabric is tracking your sensitive data throughout the ETL chain. 
For more information about Microsoft Fabric lineage, you can visit Lineage in Fabric.

F.    Microsoft Purview Hub 🔬

We can look at the Microsoft Purview Hub to bring all of the endorsement, sensitivity, and so on together. Here, we can track the use and health of our data landscape. It contains reports that provide insights about sensitive data and item endorsement and also serves as a gateway to more advanced capabilities such as information protection and data loss prevention. Data stewards and Fabric admins will mainly use the Microsoft Purview hub to protect Microsoft Fabric data using sensitivity labels, policies, and rules.


Microsoft Fabric stands as a comprehensive solution, offering robust data protection features alongside its analytics capabilities. In today's digital landscape, safeguarding data is more important than ever, and Microsoft Fabric addresses this need effectively.

Through Information Protection, it allows organizations to classify and secure their data using sensitivity labels. While initially based on Power BI's data protection, it promises a strong foundation for safeguarding data within Microsoft Fabric.

Data Loss Prevention (DLP) policies act as vigilant guardians, preventing unauthorized data exposure, and providing peace of mind, primarily for Power BI datasets.

Endorsement adds trustworthiness to data items, ensuring reliable and verified sources and enhancing data protection.

Metadata Scanning and Lineage functionalities provide administrators with a comprehensive view of data, improving data quality, accuracy, and compliance.

The Microsoft Purview Hub serves as a central repository for managing data protection measures and offers insights into the health and use of your data landscape, making it an essential tool for data stewards and administrators.

In a data-centric world, Microsoft Fabric provides the necessary tools to answer today's questions surrounding integrity and availability, next to its data analytics offering.