Securing Microsoft Fabric: Implementing Outbound Access Protection for Semantic Models
These articles are AI-generated summaries. Please check the original sources for full details.
Outbound Access Protection for semantic models
Microsoft has introduced a preview of Outbound Access Protection for semantic models within Fabric. This feature blocks outbound public access by default at the workspace level, requiring explicit allow-lists for destinations.
Why This Matters
Traditional BI security focuses on report-level permissions and RLS, but fails to address the semantic model as a data movement boundary. In composite models, sensitive values from one source can be pushed into queries against another endpoint or logged externally, creating a security gap where the semantic layer becomes an unintended path between disparate data sources.
Key Insights
- Enforcement occurs on the model’s bound data connection (2026 Preview), ensuring that M expressions and Power Query transformations cannot route around policy.
- Workspace network security is managed via a specific configuration path: Workspace settings > Network security > Outbound access protection > Block outbound public access.
- Local workspace connections, such as those using SQL analytics endpoints or OneLake ADLS Gen2 paths, may still require explicit exceptions despite appearing internal.
Practical Applications
References:
Continue reading
Next article
2026 Software EOL Calendar: Critical Migration Dates for Engineers
Related Content
AWS NACL — Subnet-Level Security in AWS 🔐
AWS Network Access Control Lists (NACLs) provide subnet-level security, controlling inbound and outbound traffic for enhanced VPC protection.
CLAIIM: Governance Layer for AI Agent Actions Blocks Production Deploys in Preview
CLAIIM preview enforces policy gates for AI agent actions, blocking production deploys in seconds.
Securing .NET Applications with JWT Refresh Token Rotation
Prevent 7-day unauthorized access windows in .NET applications by implementing automated JWT refresh token rotation and lineage tracking.