🏭🗒️Microsoft Fabric: Workspaces [Notes]

Disclaimer: This is work in progress intended to consolidate information from various sources for learning purposes. For the latest information please consult the documentation (see the links below)! 

Last updated: 13-Mar-2025

[Microsoft Fabric] Workspace

• {def} a collection of items that brings together different functionality in a single environment designed for collaboration
• {default} created in organization's shared capacity
• workspaces can be assigned to other capacities
• includes My Workspaces
• via Workspace settings >> Premium
• components
• header
• contains
• name 
• brief description of the workspace
• links to other functionality
• toolbar 
• contains 
• controls for managing items to the workspace 
• controls for managing files
• view area
• enables selecting a view
• {type} list view
• {subitem} task flow
• area in which users can create or view a graphical representation of the data project [3]
• ⇐ shows the logical flow of the project [3]
• ⇐ it doesn't show the flow of data [3]
• can be hided via Show/Hide arrows
• {subitem} items list
• area in which the users can see the items and folders in the workspace [3]
• one can filter the items list by selecting the tasks, if any defined [3]
• {subitem} resize bar
• elements that allow to resize the task flow and items list by dragging the resize bar up or down [3]
• {type} lineage view
• shows the flow of data between the items in the workspace [3]
• {feature} workspace settings 
• allows to manage and update the workspace [3]
• {feature} contact list 
• allows to specify which users receive notification about issues occurring in the workspace [3] 
• {default} contains workspace's creator [3]
• {feature} SharePoint integration 
• allows to configure a M365 Group whose SharePoint document library is available to workspace users [3]
• ⇐ the group is created outside of MF first [3]
• restrictions may apply to the environment
• {best practice} give access to the workspace to the same M365 Group whose file storage is configured [3]
• MF doesn't synchronize permissions between users or groups with workspace access, and users or groups with M365 Group membership [3]
• {feature} workspace identity
• an automatically managed service principal that can be associated with a Fabric workspace [6]
• workspaces with a workspace identity can securely read or write to firewall-enabled ADSL Gen2 accounts through trusted workspace access for OneLake shortcuts [6]
• Fabric creates a service principal in Microsoft Entra ID to represent the identity [6]
• ⇐ an accompanying app registration is also created [6]
• Fabric automatically manages the credentials associated with workspace identities [6]
• ⇒ prevents credential leaks and downtime due to improper credential handling [6]
• used to obtain Microsoft Entra tokens without the customer having to manage any credentials [6]
• Fabric items can use the identity when connecting to resources that support Microsoft Entra authentication [6]
• can be created in the workspace settings of any workspace except My workspaces
• automatically assigned to the workspace contributor role and has access to workspace items [6]
• {feature} workspace roles
• allows to manage who can do what in a workspace [4]
• sit on top of OneLake and divide the data lake into separate containers that can be secured independently [4]
• extend the Power BI workspace roles by associating new MF capabilities 
• e.g. data integration, data exploration
• can be assigned to 
• individual users
• security groups
• Microsoft 365 groups
• distribution lists
• {role} Admin
• {role} Member
• {role} Contributor
• {role} Viewer
• user groups
• members get the role(s) assigned
• users existing in several group get the highest level of permission that's provided by the roles that they're assigned [4]
• {concept} [nested group]
• {concept} current workspace
• the active open workspace
• {action} create new workspace
• {action} pin workspace
• {action} delete workspace
• everything contained within the workspace is deleted for all group members [3]
• the associated app is also removed from AppSource [3]
• {warning} if the workspace has a workspace identity, that workspace identity will be irretrievably lost [3]
• this may cause Fabric items relying on the workspace identity for trusted workspace access or authentication to break [3]
• only admins can perform the operation
• {action} manage workspace
  
• {action} take ownership of Fabric items
• Fabric items may stop working correctly [5]
• {scenario} the owner leaves the organization [5]
• {scenario}the owner don't sign in for more than 90 days [5]
• in such cases, anyone with read and write permissions on an item can take ownership of the item [5]
• become the owner of any child items the item might have
• {limitation} one can't take over ownership of child items directly [5]
• ⇐ one can take ownership only through the parent item [5]
• {limitation} can contain a maximum of 1000 items
• Fabric and Power BI
• {limitation} certain special characters aren't supported in workspace names when using an XMLA endpoint [3]
• {limitation} a user or a service principal can be a member of up to 1000 workspaces [3]
• {feature} auditing
• several activities are audited for workspaces [3]
• CreateFolder
• DeleteFolder
• UpdateFolder
• UpdateFolderAccess
• {feature} workspace monitoring 
• Eventhouse secure read-only database that collects and organizes logs and metrics from a range of Fabric items in the workspace [1]
• accessible only to workspace users with at least a contributor role [1]
• users can access and analyze logs and metrics [1]
• the data is aggregated or detailed [1]
• can be queried via KQL or SQL [1]
• supports both historical log analysis and real-time data streaming [1]
• accessible from the workspace [1]
• one can build and save query sets and dashboards to simplify data exploration [1]
• use the workspace settings to delete the database [1]
•  wait about 15 minutes before recreating a deleted database [1]
• {action} share the database
• users need workspace member or admin role [1]
• {limitation} one can enable either 
• workspace monitoring 
• log analytics
• if enabled, the log analytics configuration must be deleted first before enabling workspace monitoring [1]
• one should wait for a few hours before enabling workspace monitoring [1]
• {limitation} retention period for monitoring data: 30 days [1]
• {limitation}the ingestion can't be configured to filter for specific log type or category [1]
• e.g. error or workload type.
• {limitation} user data operation logs aren't available even though the table is available in the monitoring database [1]
• {prerequisite} Power BI Premium or Fabric capacity [1]
• {prerequisite} workspace admins can turn on monitoring for their workspaces tenant setting is enabled [1]
• enabling the setting, requires Fabric administrator rights [1]
• {prerequisite} admin role in the workspace [1]

Previous Post <<||>> Next Post

References:
[1] Microsoft Learn (2024) Fabric: What is workspace monitoring (preview)? [link]

[2] Microsoft Fabric Update Blog (2024) Announcing preview of Workspace Monitoring? [link]
[3] Microsoft Learn (2024) Fabric: Workspaces in Microsoft Fabric and Power BI [link]
[4] Microsoft Learn (2024) Fabric: Roles in workspaces in Microsoft Fabric [link]
[5] Microsoft Learn (2024) Fabric: Take ownership of Fabric items [link]
[6] Microsoft Learn (2024) Fabric: Workspace identity [link]

Acronyms:
ADSL Gen2 - Azure Data Lake Storage Gen2
KQL - Kusto Query Language
M365 - Microsoft 365
MF - Microsoft Fabric

SQL - Structured Query Language