Skip to main content

Set up Microsoft Fabric

Configure Microsoft Fabric authentication and permissions to enable metadata extraction and lineage tracking with Atlan.

Prerequisites

Before you begin, make sure you have:

  • Access to Azure portal and Microsoft Fabric admin portal
  • Cloud Application Administrator or Application Administrator role in Microsoft Entra ID
  • Fabric Administrator privileges in Microsoft Fabric

Register application in Microsoft Entra ID

Create an application registration to enable service principal authentication with Microsoft Fabric.

  1. Log in to the Azure portal.
  2. Search for Microsoft Entra ID and select it.
  3. Click App registrations from the left menu.
  4. Click + New registration.
  5. Enter a name for your client application and click Register.
  6. From the Overview screen, copy and securely store:
    • Application (client) ID
    • Directory (tenant) ID
  7. Click Certificates & secrets from the left menu.
  8. Under Client secrets, click + New client secret.
  9. Enter a description, select an expiry time, and click Add.
  10. Copy and securely store the client secret Value. The client secret value is only displayed once, so make sure to copy and store it securely before leaving this page.

Create security group in Microsoft Entra ID

Create a security group to manage permissions for your application registration.

  1. In the Azure portal, navigate to Microsoft Entra ID.
  2. Click Groups under the Manage section.
  3. Click New group.
  4. Set the Group type to Security.
  5. Enter a Group name and optional description.
  6. Click No members selected.
  7. Search for the application registration created earlier and select it.
  8. Click Select and then Create.

Configure service principal authentication

Grant the service principal the necessary permissions to access Microsoft Fabric resources.

Assign workspace permissions

  1. Open the Microsoft Fabric homepage.
  2. Navigate to Workspaces and select the workspace you want to access from Atlan.
  3. Click Manage Access.
  4. Click Add people or groups.
  5. Enter the name of your service principal where it says Enter name or email.
  6. Choose Viewer as the role.
  7. Click Add.

Repeat these steps for each workspace you want Atlan to access.

Enable admin API access

  1. Log in to the Fabric admin portal.

  2. Click the Settings icon on the top panel.

  3. Click Admin Portal under the Governance and insights section.

  4. Select Tenant Settings from the sidebar.

  5. Under Admin API settings, configure the following:

    • Service principals can access read-only admin APIs:

      • Set to Enabled
      • Add your security group under Specific security groups
      • Click Apply

    • Enhance admin APIs responses with detailed metadata:

      • Set to Enabled
      • Add your security group
      • Click Apply

    • Enhance admin APIs responses with DAX and mashup expressions:

      • Set to Enabled
      • Add your security group
      • Click Apply

After making these changes, you typically need to wait 15-30 minutes for the settings to take effect across Microsoft's services.

Next steps