Disclaimer: This is work in progress intended to consolidate information
from various sources for learning purposes. For the latest information
please consult the documentation (see the links below)!
Last updated: 5-May-2026
[Microsoft Fabric] Workspace
-
{def} a collection of items that brings together different functionality in
a single environment designed for collaboration
- provides a method to organize resources, and granular security that allows to segment off various users and projects [9]
- {default} created in organization's shared capacity
- workspaces can be assigned to other capacities
- includes My Workspaces
- via Workspace settings >> Premium
- shared environment that holds live items
- any changes made directly within the workspace immediately take effect and impact all users
- components
- header
- contains
- name
- brief description of the workspace
- links to other functionality
- toolbar
- contains
- controls for managing items to the workspace
- controls for managing files
- view area
- enables selecting a view
- {type} list view
- {subitem} task flow
-
area in which users can create or view a graphical representation of
the data project [3]
- ⇐ shows the logical flow of the project [3]
- ⇐ it doesn't show the flow of data [3]
- can be hided via Show/Hide arrows
- {subitem} items list
-
area in which the users can see the items and folders in the
workspace [3]
-
one can filter the items list by selecting the tasks, if any defined
[3]
- {subitem} resize bar
-
elements that allow to resize the task flow and items list by
dragging the resize bar up or down [3]
- {type} lineage view
- shows the flow of data between the items in the workspace [3]
- {feature} workspace settings
- allows to manage and update the workspace [3]
- {feature} contact list
-
allows to specify which users receive notification about issues occurring
in the workspace [3]
- {default} contains workspace's creator [3]
- {feature} SharePoint integration
-
allows to configure a M365 Group whose SharePoint document library is
available to workspace users [3]
- ⇐ the group is created outside of MF first [3]
- restrictions may apply to the environment
-
{best practice} give access to the workspace to the same M365 Group whose
file storage is configured [3]
-
MF doesn't synchronize permissions between users or groups with
workspace access, and users or groups with M365 Group membership [3]
- {feature} workspace identity
-
an automatically managed service principal that can be associated with a
Fabric workspace [6]
-
workspaces with a workspace identity can securely read or write to
firewall-enabled ADSL Gen2 accounts through trusted workspace access for
OneLake shortcuts [6]
-
Fabric creates a service principal in Microsoft Entra ID to represent
the identity [6]
- ⇐ an accompanying app registration is also created [6]
-
Fabric automatically manages the credentials associated with workspace
identities [6]
-
⇒ prevents credential leaks and downtime due to improper credential
handling [6]
-
used to obtain Microsoft Entra tokens without the customer having to
manage any credentials [6]
-
Fabric items can use the identity when connecting to resources that
support Microsoft Entra authentication [6]
-
can be created in the workspace settings of any workspace except My
workspaces
-
automatically assigned to the workspace contributor role and has access to
workspace items [6]
- {feature} workspace roles
- allows to manage who can do what in a workspace [4]
-
sit on top of OneLake and divide the data lake into separate containers
that can be secured independently [4]
-
extend the Power BI workspace roles by associating new MF
capabilities
- e.g. data integration, data exploration
- can be assigned to
- individual users
- security groups
- Microsoft 365 groups
- distribution lists
- {role} Admin
- {role} Member
- {role} Contributor
- {role} Viewer
- user groups
- members get the role(s) assigned
-
users existing in several group get the highest level of permission
that's provided by the roles that they're assigned [4]
- {concept} [nested group]
- {concept} current workspace
- the active open workspace
- {action} create new workspace
- {action} pin workspace
- {action} reassign workspace to another capacity [10]
- workspace admins can move the data contained in a workspace by reassigning the workspace to a different capacity [10]
- via the workspace type option [10]
- the capacity can be in the same or a different region [10]
- done individually or in bulk [10]
- required workspace global or Fabric admin permissions [10]
- cancels all jobs related to items in the workspace [10]
- only movable item types can move between regions [10]
- all non-movable items must be removed first otherwise reassignment fails[10]
- incl.
- the items can be recreated in the new locations [10]
- only Power BI items can move from Premium capacity or Fabric to Power BI Pro or PPU workspace type [10]
- {warning} a workspace might appear to be successfully reassigned to a new capacity, but some or all of its items remain attached to the original capacity [10]
- see warning banner [10]
- {recommendation} check all items that remain attached to a different capacity than the workspace [10]
- {risk} items are at risk of becoming unavailable if their attached capacity is deleted or paused [10]
- {recommendation} don't delete or pause the source capacity [10]
- items that failed to migrate remain attached to their original capacity [10]
- {recommendation} retry the assignment
- failures may result from transient errors [10]
- {recommendation} consider same-region migration first[10]
- allows to rule out cross-region migration limitations [10]
- the workspace may contain items or configurations that can't be migrated automatically [10]
- e.g. Private Link networking is enabled for the workspace [10]
- CMK configuration issues [10]
- {action} delete workspace
-
everything contained within the workspace is deleted for all group members
[3]
- the associated app is also removed from AppSource [3]
-
{warning} if the workspace has a workspace identity, that workspace
identity will be irretrievably lost [3]
-
this may cause Fabric items relying on the workspace identity for
trusted workspace access or authentication to break [3]
- only admins can perform the operation
- the workspace enters a retention period [11]
- {default} retention period for collaborative workspaces is 7 days [11]
- see Define workspace retention period
- during the retention period, a deleted workspace can be restored or permanently deleted [1]1
- {action} recover workspace
- deleted workspaces and items enter a retention period during during which they can be restored [11]
- helps protect against accidental deletions [11]
- by giving the opportunity to recover deleted content before it's permanently removed [11]
- personal workspaces have a fixed 30-day retention period [11]
- {action} downgrade workspace
- a workspace is moved from a Fabric capacity to Power BI (Pro/Premium) [11]
- {warning} Fabric-specific items are removed/inaccessible
- Power BI artifacts (reports, datasets) remain unaffected
- the underlying Fabric data may be deleted or retained temporarily depending on retention
- {warning} moving between capacities can trigger deletion of unsupported items
- {recommendation} review workspace's content before downgrade (or other operations that might impact its integrity)
- Fabric-specific items are removed/inaccessible, and with this might be lost
- artifacts inside may still depend on the previous capacity or state, which may lead to broken items, access issues or inconsistent behavior
- internal references didn’t migrate cleanly
- {recommendation} reassign workspace back to Fabric capacity immediately
- even an immediate rollback may cause disruption
- {recommendation} open a Microsoft support ticket immediately
- sometimes intermittent workspace failures are typically tied to backend updates or service incidents, and only the product team can fully validate and resolve them [link]
- {recommendation} check retention guidance
- when something goes wrong, recovery depends on the workspace’s retention state
- {recommendation} increase the retention period
- in case something goes wrong, it allows more time for troubleshooting
- {recommendation} avoid direct downgrades without backup
- allows to minimize the impact of such operations and alleviate risks
- {recommendation} test workspace moves in non-production environments
- allows to minimize the impact of such operations and alleviate risks
- {action} recover workspace
- {action} reassign workspace back to Fabric capacity
- {warning} there is no native “workspace rollback” feature
- {action} recover from retention (soft-delete scenario)
- Fabric artifacts are not preserved indefinitely after
- {action} restore from backups (if available)
- {action} recreate Fabric items manually
- {recommendation} take a periodic backup of the items
- allows to minimize the impact when something goes wrong
- {action} manage workspace
- {action} take ownership of Fabric items
- Fabric items may stop working correctly [5]
- {scenario} the owner leaves the organization [5]
- {scenario}the owner don't sign in for more than 90 days [5]
-
in such cases, anyone with read and write permissions on an item can
take ownership of the item [5]
- become the owner of any child items the item might have
-
{limitation} one can't take over ownership of child items
directly [5]
- ⇐ one can take ownership only through the parent item [5]
- {limitation} workspace retention
- personal workspace
- collaborative workspace
- {default} 7 days [8]
- configurable between 7 to 90 days [8]
- via Define workspace retention period setting [8]
- during the retention period, Fabric administrators can restore, respectively delete permanently the workspace [8]
- after that, the workspace is deleted permanently and it and its contents are irretrievably lost [8]
- {limitation} can contain a maximum of 1000 items [8]
- includes both parent and child items [8]
- refers to Fabric and Power BI items [8]
- workspaces with more items have 180-day extension period applied automatically as of 10-Apr-2025 [8]
-
{limitation} certain special characters aren't supported in workspace names
when using an XMLA endpoint [3]
-
{limitation} a user or a service principal can be a member of up to 1000
workspaces [3]
- {feature} auditing
- several activities are audited for workspaces [3]
- CreateFolder
- DeleteFolder
- UpdateFolder
- UpdateFolderAccess
- {feature} workspace monitoring
-
Eventhouse
secure read-only database that collects and organizes logs and metrics
from a range of Fabric items in the workspace [1]
-
accessible only to workspace users with at least a contributor role [1]
- users can access and analyze logs and metrics [1]
- the data is aggregated or detailed [1]
- can be queried via KQL or SQL [1]
-
supports both historical log analysis and real-time data streaming [1]
- accessible from the workspace [1]
-
one can build and save query sets and dashboards to simplify data
exploration [1]
- use the workspace settings to delete the database [1]
-
wait about 15 minutes before recreating a deleted database [1]
- {action} share the database
- users need workspace member or admin role [1]
- {limitation} one can enable either
- workspace monitoring
- log analytics
-
if enabled, the log analytics configuration must be deleted first
before enabling workspace monitoring [1]
-
one should wait for a few hours before enabling workspace monitoring
[1]
- {limitation} retention period for monitoring data: 30 days [1]
-
{limitation}the ingestion can't be configured to filter for specific log
type or category [1]
- e.g. error or workload type.
-
{limitation} user data operation logs aren't available even though the
table is available in the monitoring database [1]
- {prerequisite} Power BI Premium or Fabric capacity [1]
-
{prerequisite} workspace admins can turn on monitoring for their
workspace's tenant setting is enabled [1]
- enabling the setting, requires Fabric administrator rights [1]
- {prerequisite} admin role in the workspace [1]
- workspace permissions
- the first security boundary for data within OneLake [7]
- each workspace represents a single domain or project area where teams can collaborate on data [7]
- security is managed through Fabric workspace roles [7]
- items can have permissions configured separately from the workspace roles [7]
- permissions can be configured either by [7]
- sharing an item
- managing the permissions of an item
References:[1] Microsoft Learn (2024) Fabric: What is workspace monitoring
(preview)? [
link]
[2] Microsoft Fabric Update Blog (2024) Announcing preview of Workspace
Monitoring? [
link]
[3] Microsoft Learn (2024) Fabric: Workspaces in Microsoft
Fabric and Power BI [
link]
[4] Microsoft Learn (2024) Fabric: Roles in workspaces in Microsoft
Fabric [
link]
[5] Microsoft Learn (2024) Fabric: Take ownership of Fabric items
[
link]
[6] Microsoft Learn (2024) Fabric: Workspace identity [
link]
[7] Microsoft Learn (2024) Fabric: Role-based access control (RBAC) [
link]
[8] Microsoft Learn (2024) Fabric: Manage workspaces [
link]
[9] Bob Ward (2025) SQL Server 2025 Unveiled: The AI-Ready Enterprise Database with Microsoft Fabric Integration
[10] Microsoft Learn (2026) Capacity reassignment restrictions and common issues [
link]
[11] Microsoft Learn (2026) Retention and recovery in Fabric [
link]
Resources:
[R1] Microsoft Learn (2025) Fabric: What's new in Microsoft Fabric? [
link]
Acronyms:
ADSL Gen2 - Azure Data Lake Storage Gen2
CMK - Customer-Managed Key
KQL - Kusto Query
Language
M365 - Microsoft 365
MF - Microsoft Fabric
PPU - Premium Per-User (PPU)
SQL - Structured Query Language
