One of the weak points of Fabric compared to Synapse Analytics is that it didn't support Service Principal or Managed Identity authentication when connecting to third-party sources.

Fabric now has the support for Service Principal authentication. You can now connect to an Azure resource using a Tenant ID, a Client ID, and the Service Principal Key (Client Secret). The following Azure resources are supported:

• Azure Synapse Analytics
• Azure SQL Database
• Azure Data Lake Store Gen2 & Gen1
• Azure Blob Storage
• Web (through Web activity)
• Microsoft Dataverse (and subsequently to Dynamics 365)
• SharePoint Online

What does this mean for you?

Previously you needed to use your Organisation Account, which would act on your behalf to accomplish tasks within your specific Workspace permissions. Or, you needed to use alternative methods. Here are some example changes in your authentication experience:

• Azure Blob Storage: Instead of account keys or SAS tokens, you can now use Azure AD auth, allowing RBAC model and Blob Data Reader/Contributor roles to be used.
• ADLS Gen2: Same as blob storage, but now you can also apply POSIX rules to your Azure AD credential.
• Azure SQL Database: Instead of a SQL user or the current user's Azure AD credentials, now you can use GRANTs on Azure AD Service Principals.

Here's a screenshot from Dataflows Gen2 for the Blob Storage connection that I captured:

Cross-tenant connectivity

Whilst this is exciting for better security, it also unlocks another possibility: Now, you can connect to Azure resources on other tenants using Azure AD authentication. Suppose you have a multi-tenant organisation or you're working with multiple clients. In that case, you can now connect to the resources under that tenant with the Tenant ID support of the Service Principal authentication type.

Here's the link for Microsoft's announcement for further details:

Service principal support to connect to data in Dataflow, Datamart, Dataset and Dataflow Gen 2 | Microsoft Fabric Blog | Microsoft Fabric

Today I am very excited to announce that Azure service principal has been added as an authentication type for a set of data sources that can be used in Dataset, Dataflow, Dataflow Gen2 and Datamart.  Azure service principal is a security identity that is application based and can be assigne…

FabricMiquella de Boer

What do you think about the expanded Azure AD support in Fabric? What other pain points that it will relieve in your organisation? Let us know in the comments.

Remember to subscribe to our TBC Weekly newsletter! You'll get a summary of the latest articles from us and the Fabric and Azure communities.