what is role assignment id in azure

This browser is no longer supported.

Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.

Understand Azure role assignments

• 3 contributors

Role assignments enable you to grant a principal (such as a user, a group, a managed identity, or a service principal) access to a specific Azure resource. This article describes the details of role assignments.

Role assignment

Access to Azure resources is granted by creating a role assignment, and access is revoked by removing a role assignment.

A role assignment has several components, including:

• The principal , or who is assigned the role.
• The role that they're assigned.
• The scope at which the role is assigned.
• The name of the role assignment, and a description that helps you to explain why the role has been assigned.

For example, you can use Azure RBAC to assign roles like:

• User Sally has owner access to the storage account contoso123 in the resource group ContosoStorage .
• Everybody in the Cloud Administrators group in Microsoft Entra ID has reader access to all resources in the resource group ContosoStorage .
• The managed identity associated with an application is allowed to restart virtual machines within Contoso's subscription.

The following shows an example of the properties in a role assignment when displayed using Azure PowerShell :

The following shows an example of the properties in a role assignment when displayed using the Azure CLI , or the REST API :

The following table describes what the role assignment properties mean.

When you create a role assignment, you need to specify the scope at which it's applied. The scope represents the resource, or set of resources, that the principal is allowed to access. You can scope a role assignment to a single resource, a resource group, a subscription, or a management group.

Use the smallest scope that you need to meet your requirements.

For example, if you need to grant a managed identity access to a single storage account, it's good security practice to create the role assignment at the scope of the storage account, not at the resource group or subscription scope.

For more information about scope, see Understand scope .

Role to assign

A role assignment is associated with a role definition. The role definition specifies the permissions that the principal should have within the role assignment's scope.

You can assign a built-in role definition or a custom role definition. When you create a role assignment, some tooling requires that you use the role definition ID while other tooling allows you to provide the name of the role.

For more information about role definitions, see Understand role definitions .

Principals include users, security groups, managed identities, workload identities, and service principals. Principals are created and managed in your Microsoft Entra tenant. You can assign a role to any principal. Use the Microsoft Entra ID object ID to identify the principal that you want to assign the role to.

When you create a role assignment by using Azure PowerShell, the Azure CLI, Bicep, or another infrastructure as code (IaC) technology, you specify the principal type . Principal types include User , Group , and ServicePrincipal . It's important to specify the correct principal type. Otherwise, you might get intermittent deployment errors, especially when you work with service principals and managed identities.

A role assignment's resource name must be a globally unique identifier (GUID).

Role assignment resource names must be unique within the Microsoft Entra tenant, even if the scope of the role assignment is narrower.

When you create a role assignment by using the Azure portal, Azure PowerShell, or the Azure CLI, the creation process gives the role assignment a unique name for you automatically.

If you create a role assignment by using Bicep or another infrastructure as code (IaC) technology, you need to carefully plan how you name your role assignments. For more information, see Create Azure RBAC resources by using Bicep .

Resource deletion behavior

When you delete a user, group, service principal, or managed identity from Microsoft Entra ID, it's a good practice to delete any role assignments. They aren't deleted automatically. Any role assignments that refer to a deleted principal ID become invalid.

If you try to reuse a role assignment's name for another role assignment, the deployment will fail. This issue is more likely to occur when you use Bicep or an Azure Resource Manager template (ARM template) to deploy your role assignments, because you have to explicitly set the role assignment name when you use these tools. To work around this behavior, you should either remove the old role assignment before you recreate it, or ensure that you use a unique name when you deploy a new role assignment.

Description

You can add a text description to a role assignment. While descriptions are optional, it's a good practice to add them to your role assignments. Provide a short justification for why the principal needs the assigned role. When somebody audits the role assignments, descriptions can help to understand why they've been created and whether they're still applicable.

Some roles support role assignment conditions based on attributes in the context of specific actions. A role assignment condition is an additional check that you can optionally add to your role assignment to provide more fine-grained access control.

For example, you can add a condition that requires an object to have a specific tag for the user to read the object.

You typically build conditions using a visual condition editor, but here's what an example condition looks like in code:

The preceding condition allows users to read blobs with a blob index tag key of Project and a value of Cascade .

For more information about conditions, see What is Azure attribute-based access control (Azure ABAC)?

• Delegate Azure access management to others
• Steps to assign an Azure role

Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback .

Submit and view feedback for

Additional resources

Salesforce , Python , SQL , & other ways to put your data where you need it

Need event music 🎸, azure rbac role assignment faq.

03 Feb 2024 🔖 security tutorial 💬 EN

Table of Contents

The 3 components of an azure rbac role assignment, create an azure rbac role assignment, target scopes, source principal identities, combining several azure rbac role assignments to fulfill a task.

Below are a few frequently asked questions about Azure RBAC Role Assignments.

Many thanks to colleagues who helped me a lot with editing the wording when I wrote a similar document for internal training.

What is an Azure RBAC Role Assignment?

An Azure RBAC Role Assignment , not to be confused with an Entra RBAC Role Assignment , grants a given identity (that is, one that exists within Microsoft Entra ID) permission to perform specific types of actions against a specific “scope” of Azure resource(s).

In the model of access control where authentication (“proving a nonhuman is who it says it is”) and authorization (“proving a given, authenticated nonhuman is permitted to do what it is trying to do”) , an Azure RBAC Role Assignment helps solve problems related to authorization . 🔐

Microsoft Entra ID , or “Entra” for short, is the new name for what was known as “Azure Active Directory” or “AAD.”

An Azure RBAC Role Assignment is a named Azure resource whose purpose is to describe a junction of three other Azure or Entra resource IDs:

• An  Azure RBAC “role”   (whether “built-in” and maintained by Microsoft or “custom” and maintained by your company) that authorizes actions such as “write files to Azure Blob Storage.”
• (Often simply set to “/” to represent the entire Entra tenant.)
• Usually, the “principal” with Azure RBAC would represent a non-human.
• Protecting the human’s Azure RBAC Role Assignment with Entra Privileged Identity Management (“PIM”) is an excellent practice in this case.
• Consult with colleagues before requesting resource locks, because  locking resources may impede productivity in unexpected ways .
• Also note that if you are having trouble performing actions you expected to be able to perform, given your existing Azure RBAC Role Assignments, check if existing resource locks might be the obstacle.

See “ Assign Azure roles ” on Microsoft Learn.

In a corporate environment, you might not be allowed to do it yourself. Hopefully, your help desk ticketing system has a ticket type that you can open to request that an Azure RBAC Role Assignment be created/edited/deleted on your behalf.

Best practices

Follow the principle of least privilege when requesting the creation of Azure RBAC Role Assignments when choosing all 3 components (role, target scope, and principal) .

When in doubt, create more role assignments, not broader Role Assignments.

Carefully look through Microsoft’s “built-in”  Azure RBAC roles  to find the least-powerful role that can perform a necessary task. For example:

• “Website Contributor”  instead of the more powerful “Contributor” for deployment automations that need to deploy code onto Azure App Service, Azure Static Web Apps, Azure Functions, etc.
• “Data Factory Contributor”  instead of the more powerful “Contributor” for deployment automations that need to deploy Azure Data Factory configuration from a “lower” nonproduction environment into a “higher” nonproduction or production environment.
• “Storage Blob Data Reader”  instead of the more powerful “Reader” for Azure resources, deployment automations, or humans that need to read files out of Azure Blob Storage resources.
• “Storage Blob Data Contributor”  instead of the more powerful “Contributor” for Azure resources, deployment automations, or humans that need to perform “write” operations against Azure Blob Storage resources.

Once an appropriately capable Azure RBAC role has been selected, it can be assigned to work  against  the following scopes in Azure:

• Preferred when resources are stable.
• As long as capabilities are tightly scoped – e.g. “Website Contributor” – this might provide a good balance between safety and convenience if a resource group encapsulates a single workload where appropriate target Azure resources – such as Azure Functions – are constantly being added and/or removed, and waiting for RBAC role assignment against each new function would critically impede productivity.
• With a slow rate of change, however, individual resource-by-resource assignment may still be preferred for the comfort of knowing explicitly which Azure resources are targets of which Entra identities’ capabilities, rather than guessing based on each RBAC role’s documentation.
• Questions about infosec tradeoffs between the context of “least privilege” and “ease of maintenance” / “governance?” Colleagues helping you design your solution, and staff on your company’s infosec team, are excellent resources for striking the correct balance amongst various infosec concerns.
• By default, avoid this. “Subscription” is likely far too broad for common corporate approaches to grouping Azure resources .

Once an appropriately capable RBAC role and narrow target scope has been chosen, the assignment must be attached to a specific Entra identity. Examples include:

• A single Azure resource’s  System-Assigned Managed Identity (“SMI”)
• (Only when SMI is not available, and preferably using Federated Identity Credentials to log into it over OIDC if being used with Azure DevOps Pipelines or GitHub Actions code deployment automations.)
• (Either way, preferably only allowed while privileges are elevated through PIM.)

To adhere to the security principle of least privilege, more than one Azure RBAC Role Assignment may need to be created to fulfill the permissions requirements of a given workload.

For example, a workload’s design may require the creation of:

• A “ Website Contributor ” Azure RBAC Role Assignment allowing the  Entra App Registration representing a code deployment automation  to deploy code onto a  nonproduction Azure App Service  resource.
• A “ Storage Blob Data Contributor ” Azure RBAC Role Assignment allowing the  SMI of a nonproduction Azure App Service  resource to read and write against a  nonproduction Storage Blob’s  files.
• A “ Storage Blob Data Contributor ” Azure RBAC Role Assignment allowing the  Entra group ID representing humans in a certain department  to manually read and write a  nonproduction Storage Blob’s  files.
• 3 more  Azure RBAC Role Assignments  as listed above  but  scoped for production target resources .

AZ-104: How to understand role definitions in Azure

By: Author Alex Lim

Posted on Last updated: February 28, 2024

Home > AZ-104: How to understand role definitions in Azure

Learn how to understand role definitions in Azure and the difference between role definitions, role assignments, and security principals.

Table of Contents

Explanation

What is a role definition in Azure?

A. A collection of permissions with a name that is assignable to a user, group, or application B. The collection of users, groups, or applications that have permissions to a role C. The binding of a role to a security principal at a specific scope, to grant access

A. A collection of permissions with a name that is assignable to a user, group, or application

A role definition in Azure is a collection of permissions with a name that you can assign to a user, group, or application.

• A role definition is a collection of permissions that can be performed, such as read, write, and delete. It’s typically just called a role. Azure role-based access control (Azure RBAC) has several Azure built-in roles or you can create your own custom roles.
• The collection of users, groups, or applications that have permissions to a role is called a role assignment. A role assignment is the binding of a role to a security principal at a specific scope, to grant access. A security principal is an object that represents a user, group, service principal, or managed identity that is requesting access to Azure resources.
• Therefore, option A is the correct definition of a role definition in Azure.

B is incorrect because you can view role assignments to see the list of users, groups, or applications that have permissions to a role. C is incorrect because a role assignment is the process of binding a role to a security principal at a particular scope, for the purpose of granting access.

Microsoft Azure Administrator AZ-104 certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the Microsoft Azure Administrator AZ-104 exam and earn Microsoft Azure Administrator AZ-104 certification.

Manage Azure Role Assignments Like a Pro with PowerShell

Today’s blog post is a little bit different. I have a couple of examples of how you can use PowerShell snippets and simple commandlets to get or set role assignmnets in your Azure Subscriptions.

PowerShell examples for managing Azure Role assignments

List all role assignments in a subscription, get all role assignments for a specific resource group, get all role assignments for a specific user, add a role assignment to a user, remove a role assignment for a user, remove all role assignments for a specific user, list all built-in roles, list all custom roles, create a custom role, update a custom role, delete a custom role, list all users or groups assigned to a specific role, list all permissions granted by a specific role, list all resource groups that a user has access to, create a role assignment for a service principal, powershell script to manage azure role assignments.

And now there is a script that combines some of these examples into one usable function:

I hope this was useful. Let me know if you liked the format of this blog and if you want me to include more of these examples.

Vukasin Terzic

Recent Update

• Writing your first Azure Terraform Configuration
• Transition from ARM Templates to Terraform with AI
• Getting started with Terraform for Azure
• Terraform Configuration Essentials: File Types, State Management, and Provider Selection
• Dynamically Managing Azure NSG Rules with PowerShell

Trending Tags

Retrieve azure resource group cost with powershell api.

The Future Of Azure Governance: Trends and Predictions

Further Reading

In my previous blog posts, I wrote about how simple PowerShell scripts can help speed up daily tasks for Azure administrators, and how you can convert them to your own API. One of these tasks is...

Azure Cost Optimization: 30 Ways to Save Money and Increase Efficiency

As organizations continue to migrate their applications and workloads to the cloud, managing and controlling cloud costs has become an increasingly critical issue. While Azure provides a robust s...

Custom PowerShell API for Azure Naming Policy

To continue our PowerShell API series, we have another example of a highly useful API that you can integrate into your environment. Choosing names for Azure resources can be a challenging task. ...

Wim Matthyssen

Azure infra, security & governance, azure development and ai/ml, azure identity and security, stéphane eyskens, cloud-native azure architecture, geert baeke, azure kubernetes service & containerization, maik van der gaag, azure infrastructure as code & devops, bart verboven, sammy deprez, azure ai, ml & cognitive services, sander van de velde.

• Adding or removing role assignments using Azure Portal

Go back to AZ-304 Tutorials

In this article you will learn about assigning roles using Azure portal and the process of adding and removing role assignments. 

However, Azure’s role-based access control (RBAC) refers to the authorization system for managing access to Azure resources. And, to grant access, you assign roles to users, groups, service principals, or managed identities at a particular scope. 

Prerequisites

For adding or removing role assignments, you must have:

• Firstly, Microsoft.Authorization/roleAssignments/write 
• Secondly, Microsoft.Authorization/roleAssignments/delete permissions, such as User Access Administrator or Owner

Access control (IAM)

Access control (IAM) is the page that is for assigning roles to grant access to Azure resources. It’s also known as identity and access management and appears in several locations in the Azure portal. There are questions for assigning roles to help in understanding about the Access control (IAM) page.

• Who needs access? This refers to a user, group, service principal, or managed identity. 
• What role do they need? Permissions are grouped together into roles, so you can select from a list of several built-in roles orcan use custom roles.
• Where do they need access? This refers to the set of resources that the access applies to. However, “where” can be a management group, subscription, resource group, or a single resource such as a storage account.

Adding a role assignment

• Firstly, in the Azure portal, click All services and then select the scope that you want to grant access to. 
• Secondly, click the specific resource for that scope.
• Then, Click Access control (IAM).
• Fourthly, click the Role assignments tab for viewing the role assignments at this scope.
• After that, click Add > Add role assignment. However, if you don’t have permissions to assign roles, the Add role assignment option will be disabled.

• Then, in the Role drop-down list, select a role such as Virtual Machine Contributor.
• There in the Select list, select a user, group, service principal, or managed identity. And, if you don’t see the security principal in the list, you can type in the Select box to search the directory for display names, email addresses, and object identifiers.
• Lastly, click Save to assign the role.

Assigning a user as an administrator of a subscription

For giving users the role of an administrator of an Azure subscription, first assign them the Owner role at the subscription scope. As the Owner role gives the user full access to all resources in the subscription, including the permission to grant access to others. However, these steps are the same as any other role assignment.

• Firstly, in the Azure portal, click All services and then Subscriptions.
• Then, click the subscription where you want to grant access.
• Thirdly, click Access control (IAM).
• After that, click the Role assignments tab to view the role assignments for this subscription.
• Then, click Add > Add role assignment. However, if you don’t have permissions to assign roles, the Add role assignment option will be disabled.
• And, in the Role drop-down list, select the Owner role.
• Then, in the Select list, select a user.

Adding a role assignment for a managed identity

For adding role assignments for a managed identity use the Access control (IAM) page. However, when you use the Access control (IAM) page, you start with the scope and then select the managed identity and role. In this section, you will learn about an alternate way to add role assignments for a managed identity. Using these steps, you start with the managed identity and then select the scope and role.

System-assigned managed identity

• Use these steps for assigning a role to a system-assigned managed identity by starting with the managed identity.
• Firstly, in the Azure portal, open a system-assigned managed identity. Then, in the left menu, click Identity.

• After that, under Permissions, click Azure role assignments. However, if roles are already assigned to the selected system-assigned managed identity then you will see the list of role assignments.
• For changing the subscription, click the Subscription list. Then, click Add role assignment.
• Then, use the drop-down lists to select the set of resources that the role assignment applies to such as Subscription, Resource group, or resource. And, if you don’t have role assignment write permissions for the selected scope, an inline message will be displayed.
• After that, in the Role drop-down list, select a role such as Virtual Machine Contributor.

User-assigned managed identity

• Use these steps for assigning a role to a user-assigned managed identity by starting with the managed identity.
• Firstly, in the Azure portal, open a user-assigned managed identity. Then, in the left menu, click Identity.
• After that, under Permissions, click Azure role assignments. However, if roles are already assigned to the selected user-assigned managed identity then you will see the list of role assignments.

Removing a role assignment

In Azure RBAC, for removing access from an Azure resource, you first remove a role assignment. Use these steps to remove a role assignment.

• Firstly, Open Access control (IAM) at a scope, such as management group, subscription, resource group, or resource, where you want to remove access.
• Then, click the Role assignments tab to view all the role assignments for this subscription.
• After that, in the list of role assignments, add a checkmark next to the security principal with the role assignment you want to remove.
• Then, Click Remove.
• Lastly, in the remove role assignment message that appears, click Yes.

However, if you see a message that inherited role assignments cannot be removed, then you are trying to remove a role assignment at a child scope. So, you should open Access control (IAM) at the scope where the role was assigned and try again. 

Reference: Microsoft Documentation

Prepare for Assured Success

Please enter your information to subscribe to the Microsoft Fabric Blog.

Microsoft fabric updates blog.

Microsoft Fabric May 2024 Update

• Monthly Update

Welcome to the May 2024 update.  

Here are a few, select highlights of the many we have for Fabric. You can now ask Copilot questions about data in your model, Model Explorer and authoring calculation groups in Power BI desktop is now generally available, and Real-Time Intelligence provides a complete end-to-end solution for ingesting, processing, analyzing, visualizing, monitoring, and acting on events.

There is much more to explore, please continue to read on. 

Microsoft Build Announcements

At Microsoft Build 2024, we are thrilled to announce a huge array of innovations coming to the Microsoft Fabric platform that will make Microsoft Fabric’s capabilities even more robust and even customizable to meet the unique needs of each organization. To learn more about these changes, read the “ Unlock real-time insights with AI-powered analytics in Microsoft Fabric ” announcement blog by Arun Ulag.

Fabric Roadmap Update

Last October at the Microsoft Power Platform Community Conference we  announced the release of the Microsoft Fabric Roadmap . Today we have updated that roadmap to include the next semester of Fabric innovations. As promised, we have merged Power BI into this roadmap to give you a single, unified road map for all of Microsoft Fabric. You can find the Fabric Roadmap at  https://aka.ms/FabricRoadmap .

We will be innovating our Roadmap over the coming year and would love to hear your recommendation ways that we can make this experience better for you. Please submit suggestions at  https://aka.ms/FabricIdeas .

Earn a discount on your Microsoft Fabric certification exam!  

We’d like to thank the thousands of you who completed the Fabric AI Skills Challenge and earned a free voucher for Exam DP-600 which leads to the Fabric Analytics Engineer Associate certification.   

If you earned a free voucher, you can find redemption instructions in your email. We recommend that you schedule your exam now, before your discount voucher expires on June 24 th . All exams must be scheduled and completed by this date.    

If you need a little more help with exam prep, visit the Fabric Career Hub which has expert-led training, exam crams, practice tests and more.  

Missed the Fabric AI Skills Challenge? We have you covered. For a limited time , you could earn a 50% exam discount by taking the Fabric 30 Days to Learn It Challenge .  

Modern Tooltip now on by Default

Matrix layouts, line updates, on-object interaction updates, publish to folders in public preview, you can now ask copilot questions about data in your model (preview), announcing general availability of dax query view, copilot to write and explain dax queries in dax query view public preview updates, new manage relationships dialog, refreshing calculated columns and calculated tables referencing directquery sources with single sign-on, announcing general availability of model explorer and authoring calculation groups in power bi desktop, microsoft entra id sso support for oracle database, certified connector updates, view reports in onedrive and sharepoint with live connected semantic models, storytelling in powerpoint – image mode in the power bi add-in for powerpoint, storytelling in powerpoint – data updated notification, git integration support for direct lake semantic models.

• Editor’s pick of the quarter
• New visuals in AppSource
• Financial Reporting Matrix by Profitbase
• Horizon Chart by Powerviz

Milestone Trend Analysis Chart by Nova Silva

• Sunburst Chart by Powerviz
• Stacked Bar Chart with Line by JTA

Fabric Automation

Streamlining fabric admin apis, microsoft fabric workload development kit, external data sharing, apis for onelake data access roles, shortcuts to on-premises and network-restricted data, copilot for data warehouse.

• Unlocking Insights through Time: Time travel in Data warehouse

Copy Into enhancements

Faster workspace resource assignment powered by just in time database attachment, runtime 1.3 (apache spark 3.5, delta lake 3.1, r 4.3.3, python 3.11) – public preview, native execution engine for fabric runtime 1.2 (apache spark 3.4) – public preview , spark run series analysis, comment @tagging in notebook, notebook ribbon upgrade, notebook metadata update notification, environment is ga now, rest api support for workspace data engineering/science settings, fabric user data functions (private preview), introducing api for graphql in microsoft fabric (preview), copilot will be enabled by default, the ai and copilot setting will be automatically delegated to capacity admins, abuse monitoring no longer stores your data, real-time hub, source from real-time hub in enhanced eventstream, use real-time hub to get data in kql database in eventhouse, get data from real-time hub within reflexes, eventstream edit and live modes, default and derived streams, route streams based on content in enhanced eventstream, eventhouse is now generally available, eventhouse onelake availability is now generally available, create a database shortcut to another kql database, support for ai anomaly detector, copilot for real-time intelligence, eventhouse tenant level private endpoint support, visualize data with real-time dashboards, new experience for data exploration, create triggers from real-time hub, set alert on real-time dashboards, taking action through fabric items, general availability of the power query sdk for vs code, refresh the refresh history dialog, introducing data workflows in data factory, introducing trusted workspace access in fabric data pipelines.

• Introducing Blob Storage Event Triggers for Data Pipelines
• Parent/child pipeline pattern monitoring improvements

Fabric Spark job definition activity now available

Hd insight activity now available, modern get data experience in data pipeline.

Power BI tooltips are embarking on an evolution to enhance their functionality. To lay the groundwork, we are introducing the modern tooltip as the new default , a feature that many users may already recognize from its previous preview status. This change is more than just an upgrade; it’s the first step in a series of remarkable improvements. These future developments promise to revolutionize tooltip management and customization, offering possibilities that were previously only imaginable. As we prepare for the general availability of the modern tooltip, this is an excellent opportunity for users to become familiar with its features and capabilities. 

Discover the full potential of the new tooltip feature by visiting our dedicated blog . Dive into the details and explore the comprehensive vision we’ve crafted for tooltips, designed to enhance your Power BI experience. 

We’ve listened to our community’s feedback on improving our tabular visuals (Table and Matrix), and we’re excited to initiate their transformation. Drawing inspiration from the familiar PivotTable in Excel , we aim to build new features and capabilities upon a stronger foundation. In our May update, we’re introducing ‘ Layouts for Matrix .’ Now, you can select from compact , outline , or tabular layouts to alter the arrangement of components in a manner akin to Excel. 

As an extension of the new layout options, report creators can now craft custom layout patterns by repeating row headers. This powerful control, inspired by Excel’s PivotTable layout, enables the creation of a matrix that closely resembles the look and feel of a table. This enhancement not only provides greater flexibility but also brings a touch of Excel’s intuitive design to Power BI’s matrix visuals. Only available for Outline and Tabular layouts.

To further align with Excel’s functionality, report creators now have the option to insert blank rows within the matrix. This feature allows for the separation of higher-level row header categories, significantly enhancing the readability of the report. It’s a thoughtful addition that brings a new level of clarity and organization to Power BI’s matrix visuals and opens a path for future enhancements for totals/subtotals and rows/column headers. 

We understand your eagerness to delve deeper into the matrix layouts and grasp how these enhancements fulfill the highly requested features by our community. Find out more and join the conversation in our dedicated blog , where we unravel the details and share the community-driven vision behind these improvements. 

Following last month’s introduction of the initial line enhancements, May brings a groundbreaking set of line capabilities that are set to transform your Power BI experience: 

• Hide/Show lines : Gain control over the visibility of your lines for a cleaner, more focused report. 
• Customized line pattern : Tailor the pattern of your lines to match the style and context of your data. 
• Auto-scaled line pattern : Ensure your line patterns scale perfectly with your data, maintaining consistency and clarity. 
• Line dash cap : Customize the end caps of your customized dashed lines for a polished, professional look. 
• Line upgrades across other line types : Experience improvements in reference lines, forecast lines, leader lines, small multiple gridlines, and the new card’s divider line. 

These enhancements are not to be missed. We recommend visiting our dedicated blog for an in-depth exploration of all the new capabilities added to lines, keeping you informed and up to date. 

This May release, we’re excited to introduce on-object formatting support for Small multiples , Waterfall , and Matrix visuals. This new feature allows users to interact directly with these visuals for a more intuitive and efficient formatting experience. By double-clicking on any of these visuals, users can now right-click on the specific visual component they wish to format, bringing up a convenient mini-toolbar. This streamlined approach not only saves time but also enhances the user’s ability to customize and refine their reports with ease. 

We’re also thrilled to announce a significant enhancement to the mobile reporting experience with the introduction of the pane manager for the mobile layout view. This innovative feature empowers users to effortlessly open and close panels via a dedicated menu, streamlining the design process of mobile reports. 

We recently announced a public preview for folders in workspaces, allowing you to create a hierarchical structure for organizing and managing your items. In the latest Desktop release, you can now publish your reports to specific folders in your workspace.  

When you publish a report, you can choose the specific workspace and folder for your report. The interface is simplistic and easy to understand, making organizing your Power BI content from Desktop better than ever. 

To publish reports to specific folders in the service, make sure the “Publish dialogs support folder selection” setting is enabled in the Preview features tab in the Options menu. 

Learn more about folders in workspaces.   

We’re excited to preview a new capability for Power BI Copilot allowing you to ask questions about the data in your model! You could already ask questions about the data present in the visuals on your report pages – and now you can go deeper by getting answers directly from the underlying model. Just ask questions about your data, and if the answer isn’t already on your report, Copilot will then query your model for the data instead and return the answer to your question in the form of a visual! 

We’re starting this capability off in both Edit and View modes in Power BI Service. Because this is a preview feature, you’ll need to enable it via the preview toggle in the Copilot pane. You can learn more about all the details of the feature in our announcement post here! (will link to announcement post)  

We are excited to announce the general availability of DAX query view. DAX query view is the fourth view in Power BI Desktop to run DAX queries on your semantic model.  

DAX query view comes with several ways to help you be as productive as possible with DAX queries. 

• Quick queries. Have the DAX query written for you from the context menu of tables, columns, or measures in the Data pane of DAX query view. Get the top 100 rows of a table, statistics of a column, or DAX formula of a measure to edit and validate in just a couple clicks! 
• DirectQuery model authors can also use DAX query view. View the data in your tables whenever you want! 
• Create and edit measures. Edit one or multiple measures at once. Make changes and see the change in action in a DA query. Then update the model when you are ready. All in DAX query view! 
• See the DAX query of visuals. Investigate the visuals DAX query in DAX query view. Go to the Performance Analyzer pane and choose “Run in DAX query view”. 
• Write DAX queries. You can create DAX queries with Intellisense, formatting, commenting/uncommenting, and syntax highlighting. And additional professional code editing experiences such as “Change all occurrences” and block folding to expand and collapse sections. Even expanded find and replace options with regex. 

Learn more about DAX query view with these resources: 

• Deep dive blog: https://powerbi.microsoft.com/blog/deep-dive-into-dax-query-view-and-writing-dax-queries/  
• Learn more: https://learn.microsoft.com/power-bi/transform-model/dax-query-view  
• Video: https://youtu.be/oPGGYLKhTOA?si=YKUp1j8GoHHsqdZo  

DAX query view includes an inline Fabric Copilot to write and explain DAX queries, which remains in public preview. This month we have made the following updates. 

• Run the DAX query before you keep it . Previously the Run button was disabled until the generated DAX query was accepted or Copilot was closed. Now you can Run the DAX query then decide to Keep or Discard the DAX query. 

2. Conversationally build the DAX query. Previously the DAX query generated was not considered if you typed additional prompts and you had to keep the DAX query, select it again, then use Copilot again to adjust. Now you can simply adjust by typing in additional user prompts.   

3. Syntax checks on the generated DAX query. Previously there was no syntax check before the generated DAX query was returned. Now the syntax is checked, and the prompt automatically retried once. If the retry is also invalid, the generated DAX query is returned with a note that there is an issue, giving you the option to rephrase your request or fix the generated DAX query. 

4. Inspire buttons to get you started with Copilot. Previously nothing happened until a prompt was entered. Now click any of these buttons to quickly see what you can do with Copilot! 

Learn more about DAX queries with Copilot with these resources: 

• Deep dive blog: https://powerbi.microsoft.com/en-us/blog/deep-dive-into-dax-query-view-with-copilot/  
• Learn more: https://learn.microsoft.com/en-us/dax/dax-copilot  
• Video: https://www.youtube.com/watch?v=0kE3TE34oLM  

We are excited to introduce you to the redesigned ‘Manage relationships’ dialog in Power BI Desktop! To open this dialog simply select the ‘Manage relationships’ button in the modeling ribbon.

Once opened, you’ll find a comprehensive view of all your relationships, along with their key properties, all in one convenient location. From here you can create new relationships or edit an existing one.

Additionally, you have the option to filter and focus on specific relationships in your model based on cardinality and cross filter direction. 

Learn more about creating and managing relationships in Power BI Desktop in our documentation . 

Ever since we released composite models on Power BI semantic models and Analysis Services , you have been asking us to support the refresh of calculated columns and tables in the Service. This month, we have enabled the refresh of calculated columns and tables in Service for any DirectQuery source that uses single sign-on authentication. This includes the sources you use when working with composite models on Power BI semantic models and Analysis Services.  

Previously, the refresh of a semantic model that uses a DirectQuery source with single-sign-on authentication failed with one of the following error messages: “Refresh is not supported for datasets with a calculated table or calculated column that depends on a table which references Analysis Services using DirectQuery.” or “Refresh over a dataset with a calculated table or a calculated column which references a Direct Query data source is not supported.” 

Starting today, you can successfully refresh the calculated table and calculated columns in a semantic model in the Service using specific credentials as long as: 

• You used a shareable cloud connection and assigned it and/or.
• Enabled granular access control for all data connection types.

Here’s how to do this: 

• Create and publish your semantic model that uses a single sign-on DirectQuery source. This can be a composite model but doesn’t have to be. 
• In the semantic model settings, under Gateway and cloud connections , map each single sign-on DirectQuery connection to a specific connection. If you don’t have a specific connection yet, select ‘Create a connection’ to create it: 

• If you are creating a new connection, fill out the connection details and click Create , making sure to select ‘Use SSO via Azure AD for DirectQuery queries: 

• Finally, select the connection for each single sign-on DirectQuery source and select Apply : 

2. Either refresh the semantic model manually or plan a scheduled refresh to confirm the refresh now works successfully. Congratulations, you have successfully set up refresh for semantic models with a single sign-on DirectQuery connection that uses calculated columns or calculated tables!

We are excited to announce the general availability of Model Explorer in the Model view of Power BI, including the authoring of calculation groups. Semantic modeling is even easier with an at-a-glance tree view with item counts, search, and in context paths to edit the semantic model items with Model Explorer. Top level semantic model properties are also available as well as the option to quickly create relationships in the properties pane. Additionally, the styling for the Data pane is updated to Fluent UI also used in Office and Teams.  

A popular community request from the Ideas forum, authoring calculation groups is also included in Model Explorer. Calculation groups significantly reduce the number of redundant measures by allowing you to define DAX formulas as calculation items that can be applied to existing measures. For example, define a year over year, prior month, conversion, or whatever your report needs in DAX formula once as a calculation item and reuse it with existing measures. This can reduce the number of measures you need to create and make the maintenance of the business logic simpler.  

Available in both Power BI Desktop and when editing a semantic model in the workspace, take your semantic model authoring to the next level today!  

Learn more about Model Explorer and authoring calculation groups with these resources: 

• Use Model explorer in Power BI (preview) – Power BI | Microsoft Learn  
• Create calculation groups in Power BI (preview) – Power BI | Microsoft Learn  

Data connectivity  

We’re happy to announce that the Oracle database connector has been enhanced this month with the addition of Single Sign-On support in the Power BI service with Microsoft Entra ID authentication.  

Microsoft Entra ID SSO enables single sign-on to access data sources that rely on Microsoft Entra ID based authentication. When you configure Microsoft Entra SSO for an applicable data source, queries run under the Microsoft Entra identity of the user that interacts with the Power BI report. 

We’re pleased to announce the new and updated connectors in this release:   

• [New] OneStream : The OneStream Power BI Connector enables you to seamlessly connect Power BI to your OneStream applications by simply logging in with your OneStream credentials. The connector uses your OneStream security, allowing you to access only the data you have based on your permissions within the OneStream application. Use the connector to pull cube and relational data along with metadata members, including all their properties. Visit OneStream Power BI Connector to learn more. Find this connector in the other category. 
• [New] Zendesk Data : A new connector developed by the Zendesk team that aims to go beyond the functionality of the existing Zendesk legacy connector created by Microsoft. Learn more about what this new connector brings. 
• [New] CCH Tagetik 
• [Update] Azure Databricks  

Are you interested in creating your own connector and publishing it for your customers? Learn more about the Power Query SDK and the Connector Certification program .   

Last May, we announced the integration between Power BI and OneDrive and SharePoint. Previously, this capability was limited to only reports with data in import mode. We’re excited to announce that you can now seamlessly view Power BI reports with live connected data directly in OneDrive and SharePoint! 

When working on Power BI Desktop with a report live connected to a semantic model in the service, you can easily share a link to collaborate with others on your team and allow them to quickly view the report in their browser. We’ve made it easier than ever to access the latest data updates without ever leaving your familiar OneDrive and SharePoint environments. This integration streamlines your workflows and allows you to access reports within the platforms you already use. With collaboration at the heart of this improvement, teams can work together more effectively to make informed decisions by leveraging live connected semantic models without being limited to data only in import mode.  

Utilizing OneDrive and SharePoint allows you to take advantage of built-in version control, always have your files available in the cloud, and utilize familiar and simplistic sharing.  

While you told us that you appreciate the ability to limit the image view to only those who have permission to view the report, you asked for changes for the “Public snapshot” mode.   

To address some of the feedback we got from you, we have made a few more changes in this area.  

• Add-ins that were saved as “Public snapshot” can be printed and will not require that you go over all the slides and load the add-ins for permission check before the public image is made visible. 
• You can use the “Show as saved image” on add-ins that were saved as “Public snapshot”. This will replace the entire add-in with an image representation of it, so the load time might be faster when you are presenting your presentation. 

Many of us keep presentations open for a long time, which might cause the data in the presentation to become outdated.  

To make sure you have in your slides the data you need, we added a new notification that tells you if more up to date data exists in Power BI and offers you the option to refresh and get the latest data from Power BI. 

Developers 

Direct Lake semantic models are now supported in Fabric Git Integration , enabling streamlined version control, enhanced collaboration among developers, and the establishment of CI/CD pipelines for your semantic models using Direct Lake. 

Learn more about version control, testing, and deployment of Power BI content in our Power BI implementation planning documentation: https://learn.microsoft.com/power-bi/guidance/powerbi-implementation-planning-content-lifecycle-management-overview  

Visualizations 

Editor’s pick of the quarter .

– Animator for Power BI     Innofalls Charts     SuperTables     Sankey Diagram for Power BI by ChartExpo     Dynamic KPI Card by Sereviso     Shielded HTML Viewer     Text search slicer  

New visuals in AppSource 

Mapa Polski – Województwa, Powiaty, Gminy   Workstream   Income Statement Table  

Gas Detection Chart  

Seasonality Chart   PlanIn BI – Data Refresh Service  

Chart Flare  

PictoBar   ProgBar  

Counter Calendar   Donut Chart image  

Financial Reporting Matrix by Profitbase 

Making financial statements with a proper layout has just become easier with the latest version of the Financial Reporting Matrix. 

Users are now able to specify which rows should be classified as cost-rows, which will make it easier to get the conditional formatting of variances correctly: 

Selecting a row, and ticking “is cost” will tag the row as cost. This can be used in conditional formatting to make sure that positive variances on expenses are a bad for the result, while a positive variance on an income row is good for the result. 

The new version also includes more flexibility in measuring placement and column subtotals. 

Measures can be placed either: 

• Default (below column headers) 
• Above column headers 

• Conditionally hide columns 
• + much more 

Highlighted new features:  

• Measure placement – In rows  
• Select Column Subtotals  
• New Format Pane design 
• Row Options  

Get the visual from AppSource and find more videos here ! 

Horizon Chart by Powerviz  

A Horizon Chart is an advanced visual, for time-series data, revealing trends and anomalies. It displays stacked data layers, allowing users to compare multiple categories while maintaining data clarity. Horizon Charts are particularly useful to monitor and analyze complex data over time, making this a valuable visual for data analysis and decision-making. 

Key Features:  

• Horizon Styles: Choose Natural, Linear, or Step with adjustable scaling. 
• Layer: Layer data by range or custom criteria. Display positive and negative values together or separately on top. 
• Reference Line : Highlight patterns with X-axis lines and labels. 
• Colors: Apply 30+ color palettes and use FX rules for dynamic coloring. 
• Ranking: Filter Top/Bottom N values, with “Others”. 
• Gridline: Add gridlines to the X and Y axis.  
• Custom Tooltip: Add highest, lowest, mean, and median points without additional DAX. 
• Themes: Save designs and share seamlessly with JSON files. 

Other features included are ranking, annotation, grid view, show condition, and accessibility support.  

Business Use Cases: Time-Series Data Comparison, Environmental Monitoring, Anomaly Detection 

🔗 Try Horizon Chart for FREE from AppSource  

📊 Check out all features of the visual: Demo file  

📃 Step-by-step instructions: Documentation  

💡 YouTube Video: Video Link  

📍 Learn more about visuals: https://powerviz.ai/  

✅ Follow Powerviz : https://lnkd.in/gN_9Sa6U  

Exciting news! Thanks to your valuable feedback, we’ve enhanced our Milestone Trend Analysis Chart even further. We’re thrilled to announce that you can now switch between horizontal and vertical orientations, catering to your preferred visualization style.

The Milestone Trend Analysis (MTA) Chart remains your go-to tool for swiftly identifying deadline trends, empowering you to take timely corrective actions. With this update, we aim to enhance deadline awareness among project participants and stakeholders alike. 

In our latest version, we seamlessly navigate between horizontal and vertical views within the familiar Power BI interface. No need to adapt to a new user interface – enjoy the same ease of use with added flexibility. Plus, it benefits from supported features like themes, interactive selection, and tooltips. 

What’s more, ours is the only Microsoft Certified Milestone Trend Analysis Chart for Power BI, ensuring reliability and compatibility with the platform. 

Ready to experience the enhanced Milestone Trend Analysis Chart? Download it from AppSource today and explore its capabilities with your own data – try for free!  

We welcome any questions or feedback at our website: https://visuals.novasilva.com/ . Try it out and elevate your project management insights now! 

Sunburst Chart by Powerviz  

Powerviz’s Sunburst Chart is an interactive tool for hierarchical data visualization. With this chart, you can easily visualize multiple columns in a hierarchy and uncover valuable insights. The concentric circle design helps in displaying part-to-whole relationships. 

• Arc Customization: Customize shapes and patterns. 
• Color Scheme: Accessible palettes with 30+ options. 
• Centre Circle: Design an inner circle with layers. Add text, measure, icons, and images. 
• Conditional Formatting: Easily identify outliers based on measure or category rules. 
• Labels: Smart data labels for readability. 
• Image Labels: Add an image as an outer label. 
• Interactivity: Zoom, drill down, cross-filtering, and tooltip features. 

Other features included are annotation, grid view, show condition, and accessibility support.  

Business Use Cases:   

• Sales and Marketing: Market share analysis and customer segmentation. 
• Finance : Department budgets and expenditures distribution. 
• Operations : Supply chain management. 
• Education : Course structure, curriculum creation. 
• Human Resources : Organization structure, employee demographics.

🔗 Try Sunburst Chart for FREE from AppSource  

Stacked Bar Chart with Line by JTA  

Clustered bar chart with the possibility to stack one of the bars  

Stacked Bar Chart with Line by JTA seamlessly merges the simplicity of a traditional bar chart with the versatility of a stacked bar, revolutionizing the way you showcase multiple datasets in a single, cohesive display. 

Unlocking a new dimension of insight, our visual features a dynamic line that provides a snapshot of data trends at a glance. Navigate through your data effortlessly with multiple configurations, gaining a swift and comprehensive understanding of your information. 

Tailor your visual experience with an array of functionalities and customization options, enabling you to effortlessly compare a primary metric with the performance of an entire set. The flexibility to customize the visual according to your unique preferences empowers you to harness the full potential of your data. 

Features of Stacked Bar Chart with Line:  

• Stack the second bar 
• Format the Axis and Gridlines 
• Add a legend 
• Format the colors and text 
• Add a line chart 
• Format the line 
• Add marks to the line 
• Format the labels for bars and line 

If you liked what you saw, you can try it for yourself and find more information here . Also, if you want to download it, you can find the visual package on the AppSource . 

We have added an exciting new feature to our Combo PRO, Combo Bar PRO, and Timeline PRO visuals – Legend field support . The Legend field makes it easy to visually split series values into smaller segments, without the need to use measures or create separate series. Simply add a column with category names that are adjacent to the series values, and the visual will do the following:  

• Display separate segments as a stack or cluster, showing how each segment contributed to the total Series value. 
• Create legend items for each segment to quickly show/hide them without filtering.  
• Apply custom fill colors to each segment.  
• Show each segment value in the tooltip 

Read more about the Legend field on our blog article  

Drill Down Combo PRO is made for creators who want to build visually stunning and user-friendly reports. Cross-chart filtering and intuitive drill down interactions make data exploration easy and fun for any user. Furthermore, you can choose between three chart types – columns, lines, or areas; and feature up to 25 different series in the same visual and configure each series independently.  

📊 Get Drill Down Combo PRO on AppSource  

🌐 Visit Drill Down Combo PRO product page  

Documentation | ZoomCharts Website | Follow ZoomCharts on LinkedIn  

We are thrilled to announce that Fabric Core REST APIs are now generally available! This marks a significant milestone in the evolution of Microsoft Fabric, a platform that has been meticulously designed to empower developers and businesses alike with a comprehensive suite of tools and services. 

The Core REST APIs are the backbone of Microsoft Fabric, providing the essential building blocks for a myriad of functionalities within the platform. They are designed to improve efficiency, reduce manual effort, increase accuracy, and lead to faster processing times. These APIs help with scale operations more easily and efficiently as the volume of work grows, automate repeatable processes with consistency, and enable integration with other systems and applications, providing a streamlined and efficient data pipeline. 

The Microsoft Fabric Core APIs encompasses a range of functionalities, including: 

• Workspace management: APIs to manage workspaces, including permissions.  
• Item management: APIs for creating, reading, updating, and deleting items, with partial support for data source discovery and granular permissions management planned for the near future. 
• Job and tenant management: APIs to manage jobs, tenants, and users within the platform. 

These APIs adhere to industry standards and best practices, ensuring a unified developer experience that is both coherent and easy to use. 

For developers looking to dive into the details of the Microsoft Fabric Core APIs, comprehensive documentation is available. This includes guidelines on API usage, examples, and articles managed in a centralized repository for ease of access and discoverability. The documentation is continuously updated to reflect the latest features and improvements, ensuring that developers have the most current information at their fingertips. See Microsoft Fabric REST API documentation  

We’re excited to share an important update we made to the Fabric Admin APIs. This enhancement is designed to simplify your automation experience. Now, you can manage both Power BI and the new Fabric items (previously referred to as artifacts) using the same set of APIs. Before this enhancement, you had to navigate using two different APIs—one for Power BI items and another for new Fabric items. That’s no longer the case. 

The APIs we’ve updated include GetItem , ListItems , GetItemAccessDetails , and GetAccessEntities . These enhancements mean you can now query and manage all your items through a single API call, regardless of whether they’re Fabric types or Power BI types. We hope this update makes your work more straightforward and helps you accomplish your tasks more efficiently. 

We’re thrilled to announce the public preview of the Microsoft Fabric workload development kit. This feature now extends to additional workloads and offers a robust developer toolkit for designing, developing, and interoperating with Microsoft Fabric using frontend SDKs and backend REST APIs. Introducing the Microsoft Fabric Workload Development Kit . 

The Microsoft Fabric platform now provides a mechanism for ISVs and developers to integrate their new and existing applications natively into Fabric’s workload hub. This integration provides the ability to add net new capabilities to Fabric in a consistent experience without leaving their Fabric workspace, thereby accelerating data driven outcomes from Microsoft Fabric. 

By downloading and leveraging the development kit , ISVs and software developers can build and scale existing and new applications on Microsoft Fabric and offer them via the Azure Marketplace without the need to ever leave the Fabric environment. 

The development kit provides a comprehensive guide and sample code for creating custom item types that can be added to the Fabric workspace. These item types can leverage the Fabric frontend SDKs and backend REST APIs to interact with other Fabric capabilities, such as data ingestion, transformation, orchestration, visualization, and collaboration. You can also embed your own data application into the Fabric item editor using the Fabric native experience components, such as the header, toolbar, navigation pane, and status bar. This way, you can offer consistent and seamless user experience across different Fabric workloads. 

This is a call to action for ISVs, software developers, and system integrators. Let’s leverage this opportunity to create more integrated and seamless experiences for our users. 

We’re excited about this journey and look forward to seeing the innovative workloads from our developer community. 

We are proud to announce the public preview of external data sharing. Sharing data across organizations has become a standard part of day-to-day business for many of our customers. External data sharing, built on top of OneLake shortcuts, enables seamless, in-place sharing of data, allowing you to maintain a single copy of data even when sharing data across tenant boundaries. Whether you’re sharing data with customers, manufacturers, suppliers, consultants, or partners; the applications are endless. 

How external data sharing works  

Sharing data across tenants is as simple as any other share operation in Fabric. To share data, navigate to the item to be shared, click on the context menu, and then click on External data share . Select the folder or table you want to share and click Save and continue . Enter the email address and an optional message and then click Send . 

The data consumer will receive an email containing a share link. They can click on the link to accept the share and access the data within their own tenant. 

Click here for more details about external data sharing . 

Following the release of OneLake data access roles in public preview, the OneLake team is excited to announce the availability of APIs for managing data access roles. These APIs can be used to programmatically manage granular data access for your lakehouses. Manage all aspects of role management such as creating new roles, editing existing ones, or changing memberships in a programmatic way.  

Do you have data stored on-premises or behind a firewall that you want to access and analyze with Microsoft Fabric? With OneLake shortcuts, you can bring on-premises or network-restricted data into OneLake, without any data movement or duplication. Simply install the Fabric on-premises data gateway and create a shortcut to your S3 compatible, Amazon S3, or Google Cloud Storage data source. Then use any of Fabric’s powerful analytics engines and OneLake open APIs to explore, transform, and visualize your data in the cloud. 

Try it out today and unlock the full potential of your data with OneLake shortcuts! 

Data Warehouse 

We are excited to announce Copilot for Data Warehouse in public preview! Copilot for Data Warehouse is an AI assistant that helps developers generate insights through T-SQL exploratory analysis. Copilot is contextualized your warehouse’s schema. With this feature, data engineers and data analysts can use Copilot to: 

• Generate T-SQL queries for data analysis.  
• Explain and add in-line code comments for existing T-SQL queries. 
• Fix broken T-SQL code. 
• Receive answers regarding general data warehousing tasks and operations. 

There are 3 areas where Copilot is surfaced in the Data Warehouse SQL Query Editor: 

• Code completions when writing a T-SQL query. 
• Chat panel to interact with the Copilot in natural language. 
• Quick action buttons to fix and explain T-SQL queries. 

Learn more about Copilot for Data Warehouse: aka.ms/data-warehouse-copilot-docs. Copilot for Data Warehouse is currently only available in the Warehouse. Copilot in the SQL analytics endpoint is coming soon. 

Unlocking Insights through Time: Time travel in Data warehouse (public preview)

As data volumes continue to grow in today’s rapidly evolving world of Artificial Intelligence, it is crucial to reflect on historical data. It empowers businesses to derive valuable insights that aid in making well-informed decisions for the future. Preserving multiple historical data versions not only incurred significant costs but also presented challenges in upholding data integrity, resulting in a notable impact on query performance. So, we are thrilled to announce the ability to query the historical data through time travel at the T-SQL statement level which helps unlock the evolution of data over time. 

The Fabric warehouse retains historical versions of tables for seven calendar days. This retention allows for querying the tables as if they existed at any point within the retention timeframe. Time travel clause can be included in any top level SELECT statement. For complex queries that involve multiple tables, joins, stored procedures, or views, the timestamp is applied just once for the entire query instead of specifying the same timestamp for each table within the same query. This ensures the entire query is executed with reference to the specified timestamp, maintaining the data’s uniformity and integrity throughout the query execution. 

From historical trend analysis and forecasting to compliance management, stable reporting and real-time decision support, the benefits of time travel extend across multiple business operations. Embrace the capability of time travel to navigate the data-driven landscape and gain a competitive edge in today’s fast-paced world of Artificial Intelligence. 

We are excited to announce not one but two new enhancements to the Copy Into feature for Fabric Warehouse: Copy Into with Entra ID Authentication and Copy Into for Firewall-Enabled Storage!

Entra ID Authentication  

When authenticating storage accounts in your environment, the executing user’s Entra ID will now be used by default. This ensures that you can leverage A ccess C ontrol L ists and R ole – B ased a ccess c ontrol to authenticate to your storage accounts when using Copy Into. Currently, only organizational accounts are supported.  

How to Use Entra ID Authentication  

• Ensure your Entra ID organizational account has access to the underlying storage and can execute the Copy Into statement on your Fabric Warehouse.  
• Run your Copy Into statement without specifying any credentials; the Entra ID organizational account will be used as the default authentication mechanism.  

Copy into firewall-enabled storage

The Copy Into for firewall-enabled storage leverages the trusted workspace access functionality ( Trusted workspace access in Microsoft Fabric (preview) – Microsoft Fabric | Microsoft Learn ) to establish a secure and seamless connection between Fabric and your storage accounts. Secure access can be enabled for both blob and ADLS Gen2 storage accounts. Secure access with Copy Into is available for warehouses in workspaces with Fabric Capacities (F64 or higher).  

To learn more about Copy into , please refer to COPY INTO (Transact-SQL) – Azure Synapse Analytics and Microsoft Fabric | Microsoft Learn  

We are excited to announce the launch of our new feature, Just in Time Database Attachment, which will significantly enhance your first experience, such as when connecting to the Datawarehouse or SQL endpoint or simply opening an item. These actions trigger the workspace resource assignment process, where, among other actions, we attach all necessary metadata of your items, Data warehouses and SQL endpoints, which can be a long process, particularly for workspaces that have a high number of items.  

This feature is designed to attach your desired database during the activation process of your workspace, allowing you to execute queries immediately and avoid unnecessary delays. However, all other databases will be attached asynchronously in the background while you are able to execute queries, ensuring a smooth and efficient experience. 

Data Engineering 

We are advancing Fabric Runtime 1.3 from an Experimental Public Preview to a full Public Preview. Our Apache Spark-based big data execution engine, optimized for both data engineering and science workflows, has been updated and fully integrated into the Fabric platform. 

The enhancements in Fabric Runtime 1.3 include the incorporation of Delta Lake 3.1, compatibility with Python 3.11, support for Starter Pools, integration with Environment and library management capabilities. Additionally, Fabric Runtime now enriches the data science experience by supporting the R language and integrating Copilot. 

We are pleased to share that the Native Execution Engine for Fabric Runtime 1.2 is currently available in public preview. The Native Execution Engine can greatly enhance the performance for your Spark jobs and queries. The engine has been rewritten in C++ and operates in columnar mode and uses vectorized processing. The Native Execution Engine offers superior query performance – encompassing data processing, ETL, data science, and interactive queries – all directly on your data lake. Overall, Fabric Spark delivers a 4x speed-up on the sum of execution time of all 99 queries in the TPC-DS 1TB benchmark when compared against Apache Spark.  This engine is fully compatible with Apache Spark™ APIs (including Spark SQL API). 

It is seamless to use with no code changes – activate it and go. Enable it in your environment for your notebooks and your SJDs. 

This feature is in the public preview, at this stage of the preview, there is no additional cost associated with using it. 

We are excited to announce the Spark Monitoring Run Series Analysis features, which allow you to analyze the run duration trend and performance comparison for Pipeline Spark activity recurring run instances and repetitive Spark run activities from the same Notebook or Spark Job Definition.   

• Run Series Comparison: Users can compare the duration of a Notebook run with that of previous runs and evaluate the input and output data to understand the reasons behind prolonged run durations.  
• Outlier Detection and Analysis: The system can detect outliers in the run series and analyze them to pinpoint potential contributing factors. 
• Detailed Run Instance Analysis: Clicking on a specific run instance provides detailed information on time distribution, which can be used to identify performance enhancement opportunities. 
• Configuration Insights : Users can view the Spark configuration used for each run, including auto-tuned configurations for Spark SQL queries in auto-tune enabled Notebook runs. 

You can access the new feature from the item’s recent runs panel and Spark application monitoring page. 

We are excited to announce that Notebook now supports the ability to tag others in comments, just like the familiar functionality of using Office products!   

When you select a section of code in a cell, you can add a comment with your insights and tag one or more teammates to collaborate or brainstorm on the specifics. This intuitive enhancement is designed to amplify collaboration in your daily development work. 

Moreover, you can easily configure the permissions when tagging someone who doesn’t have the permission, to make sure your code asset is well managed. 

We are thrilled to unveil a significant enhancement to the Fabric notebook ribbon, designed to elevate your data science and engineering workflows. 

In the new version, you will find the new Session connect control on the Home tab, and now you can start a standard session without needing to run a code cell. 

You can also easily spin up a High concurrency session and share the session across multiple notebooks to improve the compute resource utilization. And you can easily attach/leave a high concurrency session with a single click. 

The “ View session information ” can navigate you to the session information dialog, where you can find a lot of useful detailed information, as well as configure the session timeout. The diagnostics info is essentially helpful when you need support for notebook issues. 

Now you can easily access the powerful “ Data Wrangler ” on Home tab with the new ribbon! You can explore your data with the fancy low-code experience of data wrangler, and the pandas DataFrames and Spark DataFrames are all supported.   

We recently made some changes to the Fabric notebook metadata to ensure compliance and consistency: 

Notebook file content: 

• The keyword “trident” has been replaced with “dependencies” in the notebook content. This adjustment ensures consistency and compliance. 
• Notebook Git format: 
• The preface of the notebook has been modified from “# Synapse Analytics notebook source” to “# Fabric notebook source”. 
• Additionally, the keyword “synapse” has been updated to “dependencies” in the Git repo. 

The above changes will be marked as ‘uncommitted’ for one time if your workspace is connected to Git. No action is needed in terms of these changes , and there won’t be any breaking scenario within the Fabric platform . If you have any further updates or questions, feel free to share with us. 

We are thrilled to announce that the environment is now a generally available item in Microsoft Fabric. During this GA timeframe, we have shipped a few new features of Environment. 

• Git support  

The environment is now Git supported. You can check-in the environment into your Git repo and manipulate the environment locally with its YAML representations and custom library files. After updating the changes from local to Fabric portal, you can publish them by manual action or through REST API. 

• Deployment pipeline  

Deploying environments from one workspace to another is supported.  Now, you can deploy the code items and their dependent environments together from development to test and even production. 

With the REST APIs, you can have the code-first experience with the same abilities through Fabric portal. We provide a set of powerful APIs to ensure you the efficiency in managing your environment. You can create new environments, update libraries and Spark compute, publish the changes, delete an environment, attach the environment to a notebook, etc., all actions can be done locally in the tools of your choice. The article – Best practice of managing environments with REST API could help you get started with several real-world scenarios.  

• Resources folder   

Resources folder enables managing small resources in the development cycle. The files uploaded in the environment can be accessed from notebooks once they’re attached to the same environment. The manipulation of the files and folders of resources happens in real-time. It could be super powerful, especially when you are collaborating with others. 

Sharing your environment with others is also available. We provide several sharing options. By default, the view permission is shared. If you want the recipient to have access to view and use the contents of the environment, sharing without permission customization is the best option. Furthermore, you can grant editing permission to allow recipients to update this environment or grant share permission to allow recipients to reshare this environment with their existing permissions. 

We are excited to announce the REST api support for Fabric Data Engineering/Science workspace settings.  Data Engineering/Science settings allows users to create/manage their Spark compute, select the default runtime/default environment, enable or disable high concurrency mode or ML autologging.  

Now with the REST api support for the Data Engineering/Science settings, you would be able to  

• Choose the default pool for a Fabric Workspace 
• Configure the max nodes for Starter pools 
• Create/Update/Delete the existing Custom Pools, Autoscale and Dynamic allocation properties  
• Choose Workspace Default Runtime and Environment  
• Select a default runtime 
• Select the default environment for the Fabric workspace  
• Enable or Disable High Concurrency Mode 
• Enable or Disable ML Auto logging.  

Learn more about the Workspace Spark Settings API in our API documentation Workspace Settings – REST API (Spark) | Microsoft Learn  

We are excited to give you a sneak peek at the preview of User Data Functions in Microsoft Fabric. User Data Functions gives developers and data engineers the ability to easily write and run applications that integrate with resources in the Fabric Platform. Data engineering often presents challenges with data quality or complex data analytics processing in data pipelines, and using ETL tools may present limited flexibility and ability to customize to your needs. This is where User data functions can be used to run data transformation tasks and perform complex business logic by connecting to your data sources and other workloads in Fabric.  

During preview, you will be able to use the following features:  

• Use the Fabric portal to create new User Data Functions, view and test them.  
• Write your functions using C#.   
• Use the Visual Studio Code extension to create and edit your functions.  
• Connect to the following Fabric-native data sources: Data Warehouse, Lakehouse and Mirrored Databases.   

You can now create a fully managed GraphQL API in Fabric to interact with your data in a simple, flexible, and powerful way. We’re excited to announce the public preview of API for GraphQL, a data access layer that allows us to query multiple data sources quickly and efficiently in Fabric by leveraging a widely adopted and familiar API technology that returns more data with less client requests.  With the new API for GraphQL in Fabric, data engineers and scientists can create data APIs to connect to different data sources, use the APIs in their workflows, or share the API endpoints with app development teams to speed up and streamline data analytics application development in your business. 

You can get started with the API for GraphQL in Fabric by creating an API, attaching a supported data source, then selecting specific data sets you want to expose through the API. Fabric builds the GraphQL schema automatically based on your data, you can test and prototype queries directly in our graphical in-browser GraphQL development environment (API editor), and applications are ready to connect in minutes. 

Currently, the following supported data sources can be exposed through the Fabric API for GraphQL: 

• Microsoft Fabric Data Warehouse 
• Microsoft Fabric Lakehouse via SQL Analytics Endpoint 
• Microsoft Fabric Mirrored Databases via SQL Analytics Endpoint 

Click here to learn more about how to get started. 

Data Science 

As you may know, Copilot in Microsoft Fabric requires your tenant administrator to enable the feature from the admin portal. Starting May 20th, 2024, Copilot in Microsoft Fabric will be enabled by default for all tenants. This update is part of our continuous efforts to enhance user experience and productivity within Microsoft Fabric. This new default activation means that AI features like Copilot will be automatically enabled for tenants who have not yet enabled the setting.  

We are introducing a new capability to enable Copilot on Capacity level in Fabric. A new option is being introduced in the tenant admin portal, to delegate the enablement of AI and Copilot features to Capacity administrators.  This AI and Copilot setting will be automatically delegated to capacity administrators and tenant administrators won’t be able to turn off the delegation.   

We also have a cross-geo setting for customers who want to use Copilot and AI features while their capacity is in a different geographic region than the EU data boundary or the US. By default, the cross-geo setting will stay off and will not be delegated to capacity administrators automatically.  Tenant administrators can choose whether to delegate this to capacity administrators or not. 

Figure 1.  Copilot in Microsoft Fabric will be auto enabled and auto delegated to capacity administrators. 

Capacity administrators will see the “Copilot and Azure OpenAI Service (preview)” settings under Capacity settings/ Fabric Capacity / <Capacity name> / Delegated tenant settings. By default, the capacity setting will inherit tenant level settings. Capacity administrators can decide whether to override the tenant administrator’s selection. This means that even if Copilot is not enabled on a tenant level, a capacity administrator can choose to enable Copilot for their capacity. With this level of control, we make it easier to control which Fabric workspaces can utilize AI features like Copilot in Microsoft Fabric. 

To enhance privacy and trust, we’ve updated our approach to abuse monitoring: previously, we retained data from Copilot in Fabric, including prompt inputs and outputs, for up to 30 days to check for misuse. Following customer feedback, we’ve eliminated this 30-day retention. Now, we no longer store prompt related data, demonstrating our unwavering commitment to your privacy and security. We value your input and take your concerns seriously. 

Real-Time Intelligence 

This month includes the announcement of Real-Time Intelligence, the next evolution of Real-Time Analytics and Data Activator. With Real-Time Intelligence, Fabric extends to the world of streaming and high granularity data, enabling all users in your organization to collect, analyze and act on this data in a timeline manner making faster and more informed business decisions. Read the full announcement from Build 2024. 

Real-Time Intelligence includes a wide range of capabilities across ingestion, processing, analysis, transformation, visualization and taking action. All of this is supported by the Real-Time hub, the central place to discover and manage streaming data and start all related tasks.  

Read on for more information on each capability and stay tuned for a series of blogs describing the features in more detail. All features are in Public Preview unless otherwise specified. Feedback on any of the features can be submitted at https://aka.ms/rtiidea    

Ingest & Process  

• Introducing the Real-Time hub 
• Get Events with new sources of streaming and event data 
• Source from Real-Time Hub in Enhanced Eventstream  
• Use Real-Time hub to Get Data in KQL Database in Eventhouse 
• Get data from Real-Time Hub within Reflexes 
• Eventstream Edit and Live modes 
• Default and derived streams 
• Route data streams based on content 

Analyze & Transform  

• Eventhouse GA 
• Eventhouse OneLake availability GA 
• Create a database shortcut to another KQL Database 
• Support for AI Anomaly Detector  
• Copilot for Real-Time Intelligence 
• Tenant-level private endpoints for Eventhouse 

Visualize & Act  

• Visualize data with Real-Time Dashboards  
• New experience for data exploration 
• Create triggers from Real-Time Hub 
• Set alert on Real-time Dashboards 
• Taking action through Fabric Items 

Ingest & Process 

Real-Time hub is the single place for all data-in-motion across your entire organization. Several key features are offered in Real-Time hub: 

1. Single place for data-in-motion for the entire organization  

Real-Time hub enables users to easily discover, ingest, manage, and consume data-in-motion from a wide variety of sources. It lists all the streams and KQL tables that customers can directly act on. 

2. Real-Time hub is never empty  

All data streams in Fabric automatically show up in the hub. Also, users can subscribe to events in Fabric gaining insights into the health and performance of their data ecosystem. 

3. Numerous connectors to simplify data ingestion from anywhere to Real-Time hub  

Real-Time hub makes it easy for you to ingest data into Fabric from a wide variety of sources like AWS Kinesis, Kafka clusters, Microsoft streaming sources, sample data and Fabric events using the Get Events experience.  

There are 3 tabs in the hub:  

• Data streams : This tab contains all streams that are actively running in Fabric that user has access to. This includes all streams from Eventstreams and all tables from KQL Databases. 
• Microsoft sources : This tab contains Microsoft sources (that user has access to) and can be connected to Fabric. 
• Fabric events : Fabric now has event-driven capabilities to support real-time notifications and data processing. Users can monitor and react to events including Fabric Workspace Item events and Azure Blob Storage events. These events can be used to trigger other actions or workflows, such as invoking a data pipeline or sending a notification via email. Users can also send these events to other destinations via Event Streams. 

Learn More  

You can now connect to data from both inside and outside of Fabric in a mere few steps.  Whether data is coming from new or existing sources, streams, or available events, the Get Events experience allows users to connect to a wide range of sources directly from Real-Time hub, Eventstreams, Eventhouse and Data Activator.  

This enhanced capability allows you to easily connect external data streams into Fabric with out-of-box experience, giving you more options and helping you to get real-time insights from various sources. This includes Camel Kafka connectors powered by Kafka connect to access popular data platforms, as well as the Debezium connectors for fetching the Change Data Capture (CDC) streams. 

Using Get Events, bring streaming data from Microsoft sources directly into Fabric with a first-class experience.  Connectivity to notification sources and discrete events is also included, this enables access to notification events from Azure and other clouds solutions including AWS and GCP.  The full set of sources which are currently supported are: 

• Microsoft sources : Azure Event Hubs, Azure IoT hub 
• External sources : Google Cloud Pub/Sub, Amazon Kinesis Data Streams, Confluent Cloud Kafka 
• Change data capture databases : Azure SQL DB (CDC), PostgreSQL DB (CDC), Azure Cosmos DB (CDC), MySQL DB (CDC)  
• Fabric events : Fabric Workspace Item events, Azure Blob Storage events  

Learn More   

With enhanced Eventstream, you can now stream data not only from Microsoft sources but also from other platforms like Google Cloud, Amazon Kinesis, Database change data capture streams, etc. using our new messaging connectors. The new Eventstream also lets you acquire and route real-time data not only from stream sources but also from discrete event sources, such as: Azure Blob Storage events, Fabric Workspace Item events. 

To use these new sources in Eventstream, simply create an eventstream with choosing “Enhanced Capabilities (preview)”. 

You will see the new Eventstream homepage that gives you some choices to begin with. By clicking on the “Add external source”, you will find these sources in the Get events wizard that helps you to set up the source in a few steps. After you add the source to your eventstream, you can publish it to stream the data into your eventstream.  

Using Eventstream with discrete sources to turn events into streams for more analysis. You can send the streams to different Fabric data destinations, like Lakehouse and KQL Database. After the events are converted, a default stream will appear in Real-Time Hub. To turn them, click Edit on ribbon, select “Stream events” on the source node, and publish your eventstream. 

To transform the stream data or route it to different Fabric destinations based on its content, you can click Edit in ribbon and enter the Edit mode. There you can add event processing operators and destinations. 

With Real-Time hub embedded in KQL Database experience, each user in the tenant can view and add streams which they have access to and directly ingest it to a KQL Database table in Eventhouse.  

This integration provides each user in the tenant with the ability to access and view data streams they are permitted to. They can now directly ingest these streams into a KQL Database table in Eventhouse. This simplifies the data discovery and ingestion process by allowing users to directly interact with the streams. Users can filter data based on the Owner, Parent and Location and provides additional information such as Endorsement and Sensitivity. 

You can access this by clicking on the Get Data button from the Database ribbon in Eventhouse. 

This will open the Get Data wizard with Real-Time hub embedded. 

You can use events from Real-Time hub directly in reflex items as well. From within the main reflex UI, click ‘Get data’ in the toolbar: 

This will open a wizard that allows you to connect to new event sources or browse Real-Time Hub to use existing streams or system events. 

Search new stream sources to connect to or select existing streams and tables to be ingested directly by Reflex. 

You then have access to the full reflex modeling experience to build properties and triggers over any events from Real-Time hub.  

Eventstream offers two distinct modes, Edit and Live, to provide flexibility and control over the development process of your eventstream. If you create a new Eventstream with Enhanced Capabilities enabled, you can modify it in an Edit mode. Here, you can design stream processing operations for your data streams using a no-code editor. Once you complete the editing, you can publish your Eventstream and visualize how it starts streaming and processing data in Live mode .   

In Edit mode, you can:   

• Make changes to an Eventstream without implementing them until you publish the Eventstream. This gives you full control over the development process.  
• Avoid test data being streamed to your Eventstream. This mode is designed to provide a secure environment for testing without affecting your actual data streams. 

For Live mode, you can :  

• Visualize how your Eventstream streams, transforms, and routes your data streams to various destinations after publishing the changes.  
• Pause the flow of data on selected sources and destinations, providing you with more control over your data streams being streamed into your Eventstream.  

When you create a new Eventstream with Enhanced Capabilities enabled, you can now create and manage multiple data streams within Eventstream, which can then be displayed in the Real-Time hub for others to consume and perform further analysis.  

There are two types of streams:   

• Default stream : Automatically generated when a streaming source is added to Eventstream. Default stream captures raw event data directly from the source, ready for transformation or analysis.  
• Derived stream : A specialized stream that users can create as a destination within Eventstream. Derived stream can be created after a series of operations such as filtering and aggregating, and then it’s ready for further consumption or analysis by other users in the organization through the Real-Time Hub.  

The following example shows that when creating a new Eventstream a default stream alex-es1-stream is automatically generated. Subsequently, a derived stream dstream1 is added after an Aggregate operation within the Eventstream. Both default and derived streams can be found in the Real-Time hub.  

Customers can now perform stream operations directly within Eventstream’s Edit mode, instead of embedding in a destination. This enhancement allows you to design stream processing logics and route data streams in the top-level canvas. Custom processing and routing can be applied to individual destinations using built-in operations, allowing for routing to distinct destinations within the Eventstream based on different stream content. 

These operations include:  

• Aggregate : Perform calculations such as SUM, AVG, MIN, and MAX on a column of values and return a single result. 
• Expand : Expand array values and create new rows for each element within the array.  
• Filter : Select or filter specific rows from the data stream based on a condition. 
• Group by : Aggregate event data within a certain time window, with the option to group one or more columns.  
• Manage Fields : Customize your data streams by adding, removing, or changing data type of a column.  
• Union : Merge two or more data streams with shared fields (same name and data type) into a unified data stream.  

Analyze & Transform 

Eventhouse, a cutting-edge database workspace meticulously crafted to manage and store event-based data, is now officially available for general use. Optimized for high granularity, velocity, and low latency streaming data, it incorporates indexing and partitioning for structured, semi-structured, and free text data. With Eventhouse, users can perform high-performance analysis of big data and real-time data querying, processing billions of events within seconds. The platform allows users to organize data into compartments (databases) within one logical item, facilitating efficient data management.  

Additionally, Eventhouse enables the sharing of compute and cache resources across databases, maximizing resource utilization. It also supports high-performance queries across databases and allows users to apply common policies seamlessly. Eventhouse offers content-based routing to multiple databases, full view lineage, and high granularity permission control, ensuring data security and compliance. Moreover, it provides a simple migration path from Azure Synapse Data Explorer and Azure Data Explorer, making adoption seamless for existing users. 

Engineered to handle data in motion, Eventhouse seamlessly integrates indexing and partitioning into its storing process, accommodating various data formats. This sophisticated design empowers high-performance analysis with minimal latency, facilitating lightning-fast ingestion and querying within seconds. Eventhouse is purpose-built to deliver exceptional performance and efficiency for managing event-based data across diverse applications and industries. Its intuitive features and seamless integration with existing Azure services make it an ideal choice for organizations looking to leverage real-time analytics for actionable insights. Whether it’s analyzing telemetry and log data, time series and IoT data, or financial records, Eventhouse provides the tools and capabilities needed to unlock the full potential of event-based data. 

We’re excited to announce that OneLake availability of Eventhouse in Delta Lake format is Generally Available. 

Delta Lake  is the unified data lake table format chosen to achieve seamless data access across all compute engines in Microsoft Fabric. 

The data streamed into Eventhouse is stored in an optimized columnar storage format with full text indexing and supports complex analytical queries at low latency on structured, semi-structured, and free text data. 

Enabling data availability of Eventhouse in OneLake means that customers can enjoy the best of both worlds: they can query the data with high performance and low latency in their  Eventhouse and query the same data in Delta Lake format via any other Fabric engines such as Power BI Direct Lake mode, Warehouse, Lakehouse, Notebooks, and more. 

To learn more, please visit https://learn.microsoft.com/en-gb/fabric/real-time-analytics/one-logical-copy 

A database shortcut in Eventhouse is an embedded reference to a source database. The source database can be one of the following: 

• (Now Available) A KQL Database in Real-Time Intelligence  
• An Azure Data Explorer database  

The behavior exhibited by the database shortcut is similar to that of a follower database  

The owner of the source database, the data provider, shares the database with the creator of the shortcut in Real-Time Intelligence, the data consumer. The owner and the creator can be the same person. The database shortcut is attached in read-only mode, making it possible to view and run queries on the data that was ingested into the source KQL Database without ingesting it.  

This helps with data sharing scenarios where you can share data in-place either within teams, or even with external customers.  

AI Anomaly Detector is an Azure service for high quality detection of multivariate and univariate anomalies in time series. While the standalone version is being retired October 2026, Microsoft open sourced the anomaly detection core algorithms and they are now supported in Microsoft Fabric. Users can leverage these capabilities in Data Science and Real-Time Intelligence workload. AI Anomaly Detector models can be trained in Spark Python notebooks in Data Science workload, while real time scoring can be done by KQL with inline Python in Real-Time Intelligence. 

We are excited to announce the Public Preview of Copilot for Real-Time Intelligence. This initial version includes a new capability that translates your natural language questions about your data to KQL queries that you can run and get insights.  

Your starting point is a KQL Queryset, that is connected to a KQL Database, or to a standalone Kusto database:  

Simply type the natural language question about what you want to accomplish, and Copilot will automatically translate it to a KQL query you can execute. This is extremely powerful for users who may be less familiar with writing KQL queries but still want to get the most from their time-series data stored in Eventhouse. 

Stay tuned for more capabilities from Copilot for Real-Time Intelligence!   

Customers can increase their network security by limiting access to Eventhouse at a tenant-level, from one or more virtual networks (VNets) via private links. This will prevent unauthorized access from public networks and only permit data plane operations from specific VNets.  

Visualize & Act 

Real-Time Dashboards have a user-friendly interface, allowing users to quickly explore and analyze their data without the need for extensive technical knowledge. They offer a high refresh frequency, support a range of customization options, and are designed to handle big data.  

The following visual types are supported, and can be customized with the dashboard’s user-friendly interface: 

You can also define conditional formatting rules to format the visual data points by their values using colors, tags, and icons. Conditional formatting can be applied to a specific set of cells in a predetermined column or to entire rows, and lets you easily identify interesting data points. 

Beyond the support visual, Real-Time Dashboards provide several capabilities to allow you to interact with your data by performing slice and dice operations for deeper analysis and gaining different viewpoints. 

• Parameters are used as building blocks for dashboard filters and can be added to queries to filter the data presented by visuals. Parameters can be used to slice and dice dashboard visuals either directly by selecting parameter values in the filter bar or by using cross-filters. 
• Cross filters allow you to select a value in one visual and filter all other visuals on that dashboard based on the selected data point. 
• Drillthrough capability allows you to select a value in a visual and use it to filter the visuals in a target page in the same dashboard. When the target page opens, the value is pushed to the relevant filters.    

Real-Time Dashboards can be shared broadly and allow multiple stakeholders to view dynamic, real time, fresh data while easily interacting with it to gain desired insights. 

Directly from a real-time dashboard, users can refine their exploration using a user-friendly, form-like interface. This intuitive and dynamic experience is tailored for insights explorers craving insights based on real-time data. Add filters, create aggregations, and switch visualization types without writing queries to easily uncover insights.  

With this new feature, insights explorers are no longer bound by the limitations of pre-defined dashboards. As independent explorers, they have the freedom for ad-hoc exploration, leveraging existing tiles to kickstart their journey. Moreover, they can selectively remove query segments, and expand their view of the data landscape.  

Dive deep, extract meaningful insights, and chart actionable paths forward, all with ease and efficiency, and without having to write complex KQL queries.  

Data Activator allows you to monitor streams of data for various conditions and set up actions to be taken in response. These triggers are available directly within the Real-Time hub and in other workloads in Fabric. When the condition is detected, an action will automatically be kicked off such as sending alerts via email or Teams or starting jobs in Fabric items.  

When you browse the Real-Time Hub, you’ll see options to set triggers in the detail pages for streams. 

Selecting this will open a side panel where you can configure the events you want to monitor, the conditions you want to look for in the events, and the action you want to take while in the Real-Time hub experience. 

Completing this pane creates a new reflex item with a trigger that monitors the selected events and condition for you. Reflexes need to be created in a workspace supported by a Fabric or Power BI Premium capacity – this can be a trial capacity so you can get started with it today! 

Data Activator has been able to monitor Power BI report data since it was launched, and we now support monitoring of Real-Time Dashboard visuals in the same way.

From real-time dashboard tiles you can click the ellipsis (…) button and select “Set alert”

This opens the embedded trigger pane, where you can specify what conditions, you are looking for. You can choose whether to send email or Teams messages as the alert when these conditions are met.

When creating a new reflex trigger, from Real-time Hub or within the reflex item itself, you’ll notice a new ‘Run a Fabric item’ option in the Action section. This will create a trigger that starts a new Fabric job whenever its condition is met, kicking off a pipeline or notebook computation in response to Fabric events. A common scenario would be monitoring Azure Blob storage events via Real-Time Hub, and running data pipeline jobs when Blog Created events are detected. 

This capability is extremely powerful and moves Fabric from a scheduled driven platform to an event driven platform.  

Pipelines, spark jobs, and notebooks are just the first Fabric items we’ll support here, and we’re keen to hear your feedback to help prioritize what else we support. Please leave ideas and votes on https://aka.ms/rtiidea and let us know! 

Real-Time Intelligence, along with the Real-Time hub, revolutionizes what’s possible with real-time streaming and event data within Microsoft Fabric.  

Learn more and try it today https://aka.ms/realtimeintelligence   

Data Factory 

Dataflow gen2 .

We are thrilled to announce that the Power Query SDK is now generally available in Visual Studio Code! This marks a significant milestone in our commitment to providing developers with powerful tools to enhance data connectivity and transformation. 

The Power Query SDK is a set of tools that allow you as the developer to create new connectors for Power Query experiences available in products such as Power BI Desktop, Semantic Models, Power BI Datamarts, Power BI Dataflows, Fabric Dataflow Gen2 and more. 

This new SDK has been in public preview since November of 2022, and we’ve been hard at work improving this experience which goes beyond what the previous Power Query SDK in Visual Studio had to offer.  

The latest of these biggest improvements was the introduction of the Test Framework in March of 2024 that solidifies the developer experience that you can have within Visual Studio Code and the Power Query SDK for creating a Power Query connector. 

The Power Query SDK extension for Visual Studio will be deprecated by June 30, 2024, so we encourage you to give this new Power Query SDK in Visual Studio Code today if you haven’t.  

To get started with the Power Query SDK in Visual Studio Code, simply install it from the Visual Studio Code Marketplace . Our comprehensive documentation and tutorials are available to help you harness the full potential of your data. 

Join our vibrant community of developers to share insights, ask questions, and collaborate on exciting projects. Our dedicated support team is always ready to assist you with any queries. 

We look forward to seeing the innovative solutions you’ll create with the Power Query SDK in Visual Studio Code. Happy coding! 

Introducing a convenient enhancement to the Dataflows Gen2 Refresh History experience! Now, alongside the familiar “X” button in the Refresh History screen, you’ll find a shiny new Refresh Button . This small but mighty addition empowers users to refresh the status of their dataflow refresh history status without the hassle of exiting the refresh history and reopening it. Simply click the Refresh Button , and voilà! Your dataflow’s refresh history status screen is updated, keeping you in the loop with minimal effort. Say goodbye to unnecessary clicks and hello to streamlined monitoring! 

• [New] OneStream : The OneStream Power Query Connector enables you to seamlessly connect Data Factory to your OneStream applications by simply logging in with your OneStream credentials. The connector uses your OneStream security, allowing you to access only the data you have based on your permissions within the OneStream application. Use the connector to pull cube and relational data along with metadata members, including all their properties. Visit OneStream Power BI Connector to learn more. Find this connector in the other category. 

Data workflows  

We are excited to announce the preview of ‘Data workflows’, a new feature within the Data Factory that revolutionizes the way you build and manage your code-based data pipelines. Powered by Apache Airflow, Data workflows offer seamless authoring, scheduling, and monitoring experience for Python-based data processes defined as Directed Acyclic Graphs (DAGs). This feature brings a SaaS-like experience to running DAGs in a fully managed Apache Airflow environment, with support for autoscaling , auto-pause , and rapid cluster resumption to enhance cost-efficiency and performance.  

It also includes native cloud-based authoring capabilities and comprehensive support for Apache Airflow plugins and libraries. 

To begin using this feature: 

• Access the Microsoft Fabric Admin Portal. 
• Navigate to Tenant Settings. 

Under Microsoft Fabric options, locate and expand the ‘Users can create and use Data workflows (preview)’ section. Note: This action is necessary only during the preview phase of Data workflows. 

2. Create a new Data workflow within an existing or new workspace. 

3. Add a new Directed Acyclic Graph (DAG) file via the user interface. 

4.  Save your DAG(s). 

5. Use Apache Airflow monitoring tools to observe your DAG executions. In the ribbon, click on Monitor in Apache Airflow. 

For additional information, please consult the product documentation .   If you’re not already using Fabric capacity, consider signing up for the Microsoft Fabric free trial to evaluate this feature. 

Data Pipelines 

We are excited to announce a new feature in Fabric that enables you to create data pipelines to access your firewall-enabled Azure Data Lake Storage Gen2 (ADLS Gen2) accounts. This feature leverages the workspace identity to establish a secure and seamless connection between Fabric and your storage accounts. 

With trusted workspace access, you can create data pipelines to your storage accounts with just a few clicks. Then you can copy data into Fabric Lakehouse and start analyzing your data with Spark, SQL, and Power BI. Trusted workspace access is available for workspaces in Fabric capacities (F64 or higher). It supports organizational accounts or service principal authentication for storage accounts. 

How to use trusted workspace access in data pipelines  

Create a workspace identity for your Fabric workspace. You can follow the guidelines provided in Workspace identity in Fabric . 

Configure resource instance rules for the Storage account that you want to access from your Fabric workspace. Resource instance rules for Fabric workspaces can only be created through ARM templates. Follow the guidelines for configuring resource instance rules for Fabric workspaces here . 

Create a data pipeline to copy data from the firewall enabled ADLS gen2 account to a Fabric Lakehouse. 

To learn more about how to use trusted workspace access in data pipelines, please refer to Trusted workspace access in Fabric . 

We hope you enjoy this new feature for your data integration and analytics scenarios. Please share your feedback and suggestions with us by leaving a comment here. 

Introducing Blob Storage Event Triggers for Data Pipelines 

A very common use case among data pipeline users in a cloud analytics solution is to trigger your pipeline when a file arrives or is deleted. We have introduced Azure Blob storage event triggers as a public preview feature in Fabric Data Factory Data Pipelines. This utilizes the Fabric Reflex alerts capability that also leverages Event Streams in Fabric to create event subscriptions to your Azure storage accounts. 

Parent/Child pipeline pattern monitoring improvements

Today, in Fabric Data Factory Data Pipelines, when you call another pipeline using the Invoke Pipeline activity, the child pipeline is not visible in the monitoring view. We have made updates to the Invoke Pipeline activity so that you can view your child pipeline runs. This requires an upgrade to any pipelines that you have in Fabric that already use the current Invoke Pipeline activity. You will be prompted to upgrade when you edit your pipeline and then provide a connection to your workspace to authenticate. Another additional new feature that will light up with this invoke pipeline activity update is the ability to invoke pipeline across workspaces in Fabric. 

We are excited to announce the availability of the Fabric Spark job definition activity for data pipelines. With this new activity, you will be able to run a Fabric Spark Job definition directly in your pipeline. Detailed monitoring capabilities of your Spark Job definition will be coming soon!  

To learn more about this activity, read https://aka.ms/SparkJobDefinitionActivity  

We are excited to announce the availability of the Azure HDInsight activity for data pipelines. The Azure HDInsight activity allows you to execute Hive queries, invoke a MapReduce program, execute Pig queries, execute a Spark program, or a Hadoop Stream program. Invoking either of the 5 activities can be done in a singular Azure HDInsight activity, and you can invoke this activity using your own or on-demand HDInsight cluster. 

To learn more about this activity, read https://aka.ms/HDInsightsActivity  

We are thrilled to share the new Modern Get Data experience in Data Pipeline to empower users intuitively and efficiently discover the right data, right connection info and credentials.   

In the data destination, users can easily set destination by creating a new Fabric item or creating another destination or selecting existing Fabric item from OneLake data hub. 

In the source tab of Copy activity, users can conveniently choose recent used connections from drop down or create a new connection using “More” option to interact with Modern Get Data experience. 

Related blog posts

Microsoft fabric april 2024 update.

Welcome to the April 2024 update! This month, you’ll find many great new updates, previews, and improvements. From Shortcuts to Google Cloud Storage and S3 compatible data sources in preview, Optimistic Job Admission for Fabric Spark, and New KQL Queryset Command Bar, that’s just a glimpse into this month’s update. There’s much more to explore! … Continue reading “Microsoft Fabric April 2024 Update”

Microsoft Fabric March 2024 Update

Welcome to the March 2024 update. We have a lot of great features this month including OneLake File Explorer, Autotune Query Tuning, Test Framework for Power Query SDK in VS Code, and many more! Earn a free Microsoft Fabric certification exam!  We are thrilled to announce the general availability of Exam DP-600, which leads to … Continue reading “Microsoft Fabric March 2024 Update”

• Contact Sales
• Try Azure for free

What is Azure?

The Azure cloud platform is more than 200 products and cloud services designed to help you bring new solutions to life—to solve today’s challenges and create the future. Build, run, and manage applications across multiple clouds, on-premises, and at the edge, with the tools and frameworks of your choice.

Trust your cloud

Get security from the ground up, backed by a team of experts, and proactive compliance trusted by enterprises, governments, and startups.

Operate hybrid seamlessly

On-premises, across multiple clouds, and at the edge—we’ll meet you where you are. Integrate and manage your environments with services designed for hybrid cloud.

Build on your terms

With a commitment to open source, and support for all languages and frameworks, build how you want, and deploy where you want to.

Be future-ready

Continuous innovation from Microsoft supports your development today, and your product visions for tomorrow.

compliance offerings—the largest portfolio in the industry.

of Fortune 500 companies trust their business on Azure.

investment (US dollars) per year in security to protect customers’ data from cyberthreats.

Solutions do the work for you

Find answers to the business challenges you face with an Azure solution that brings together everything you need—related products, services, and third-party applications. From  DevOps  to  business analytics  to the  Internet of Things , you’ll be up and running quickly with a scalable, cost-effective solution that works with your existing investments.

Develop solutions for proactive, personalized healthcare.

Financial services

Better serve customers, empower employees, and optimize risk management.

Build secure solutions to better serve and protect your citizens.

Deliver personal, seamless, and differentiated experiences.

Manufacturing

Respond quicker to customer feedback and market trends.

Companies doing great things with Azure

"We did look at different platforms, including Azure, Google, Amazon, and VMware. If we wanted to put the whole city in the cloud, we needed Azure."

Chris McMasters, Chief Information Officer, City of Corona, CA

Creating better experiences for 15.4 million customers worldwide

ASOS, a top online fashion retailer, delivered a more personalized, mobile-first experience with Azure.

Onboarding developers in hours instead of weeks

Daimler AG quickly attracts and onboards top talent to innovate faster using the Azure development environment.

Popular questions about Azure

Is azure secure.

Yes, security and privacy are foundational for Azure. Microsoft is committed to the highest levels of trust, transparency, standards conformance, and regulatory compliance—with the most comprehensive set of compliance offerings of any cloud service provider.

How can Azure help if I outsource my IT?

IT partners use Azure to deploy, manage, and support customers’ existing solutions, and to offer ready-made or custom solutions. Ask your IT partner how your organization can take advantage of Azure to meet your business goals. Or, find an Azure partner that fits your needs. Explore a wide network of partners with verified Azure capabilities.

What other customers are using Azure?

Of the Fortune 500 companies, 95 percent rely on Azure for trusted cloud services. Companies of all sizes and maturities use Azure in their digital transformation.

Is it only for Windows apps and services?

No. Azure supports open source technologies, so you can use the tools and technologies you prefer. Run virtually any application using your data source, with your operating system, on your device. With Azure, you have choices.

Will Azure really save me money?

With no upfront cost, you only pay for what you use. Azure provides flexible purchasing and pricing options for all your cloud scenarios, such as the Azure Hybrid Benefit, and offers extensive tools to help manage your cloud spend.

Can I try Azure services?

Yes. Create an Azure free account to experiment and build in the cloud. You’ll get access to free Azure products and services, plus a $200 credit to use in your first 30 days.

Will Azure work for my industry?

Azure provides solutions for all industries, through proven combinations of cloud products and services. Address your industry-specific business challenges today, and prepare for the future by innovating with Azure solutions.

How does Azure compare to other clouds?

Azure is the only consistent hybrid cloud, delivers unparalleled developer productivity, provides comprehensive, multilayered security, including the largest compliance coverage of any cloud provider, and you’ll  pay less for Azure  as AWS is five times more expensive than Azure for Windows Server and SQL Server.

Get popular products free each month for a year

Take your first steps with Azure videos, demos, and training.

Get answers to your questions from a Microsoft expert.

Browse quickstarts, samples, and tutorials.

Navigation Menu

Search code, repositories, users, issues, pull requests..., provide feedback.

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly.

To see all available qualifiers, see our documentation .

• Notifications You must be signed in to change notification settings

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement . We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

importing azurerm_pim_eligible_role_assignment fails with resource not existant #23111

tim-krehan commented Aug 29, 2023

• 👍 27 reactions

xuzhang3 commented Sep 5, 2023

Sorry, something went wrong.

tim-krehan commented Sep 5, 2023

• 👍 1 reaction

audunsolemdal commented Sep 6, 2023

• 👍 4 reactions

xuzhang3 commented Sep 6, 2023

unique-dominik commented Oct 11, 2023

Audunsolemdal commented oct 11, 2023.

braun-daniel commented Oct 20, 2023

MohnJadden commented Oct 24, 2023

Unique-dominik commented oct 25, 2023.

• 🎉 1 reaction

Scarlettliuyc commented Nov 23, 2023

Tim-krehan commented nov 23, 2023.

smokedlinq commented Dec 15, 2023

• 👍 3 reactions

spectrum048k commented Dec 19, 2023

Unique-dominik commented dec 19, 2023, xuzhang3 commented dec 19, 2023 • edited, xuzhang3 commented dec 19, 2023, mohnjadden commented dec 19, 2023.

• 😕 1 reaction

xuzhang3 commented Feb 27, 2024

• 😕 2 reactions

kristeey commented Mar 4, 2024 • edited

Xuzhang3 commented mar 5, 2024, kristeey commented mar 5, 2024, spectrum048k commented mar 6, 2024, xuzhang3 commented mar 6, 2024 • edited, kristeey commented mar 6, 2024 • edited.

• 😄 1 reaction
• 👀 1 reaction

jakubslonxlab commented Mar 7, 2024

Unique-dominik commented mar 7, 2024.

lahiruperamune commented Mar 14, 2024

Unique-dominik commented mar 18, 2024.

TeamDman commented Mar 22, 2024

• 👍 2 reactions

TeamDman commented Mar 25, 2024

However, the azure portal interface doesn't use the justification or ticketInfo fields in any obvious capacity

I tried creating a new PIM eligibility from the portal and it did create a new entry in roleEligibilityScheduleRequests, but it didn't include the justification field at all and it set "ticketInfo": {} .

It's likely that recreating the assignments I want to import would also create the entries that would let the import succeed... but that's a pain. Perhaps there's a middle ground?

If the roleEligibilitySchedules entry exists but the roleEligibilityScheduleRequests entry it references does not exist, I would rather it default-value the justification and ticketInfo fields instead of fail the import entirely, considering that the first request has the necessary info to proceed except for those fields.

I believe this is the relevant source code

terraform-provider-azurerm/internal/services/authorization/pim_eligible_role_assignment_resource.go

Lines 284 to 304 in dcf3258

https://github.com/hashicorp/go-azure-sdk/blob/main/resource-manager/authorization/2020-10-01/roleeligibilityschedulerequests/method_get.go

I found this regex useful to censor info in vscode

J0F3 commented Apr 30, 2024 • edited

Mohnjadden commented apr 30, 2024, j0f3 commented apr 30, 2024.

manicminer commented May 14, 2024 • edited

Mohnjadden commented may 14, 2024, manicminer commented may 15, 2024.

Successfully merging a pull request may close this issue.

Toronto Blue Jays

Chicago White Sox

George springer homers as the blue jays beat the sliding white sox 5-1.

CHICAGO -- — George Springer , Bo Bichette and Davis Schneider homered, and the Toronto Blue Jays beat the lowly Chicago White Sox 5-1 on Monday.

Chris Bassitt struck out seven in five scoreless innings as Toronto stopped a three-game slide. The 35-year-old right-hander allowed five hits and walked none against his first major league team.

Bassitt (5-6) has been dealing with neck spasms that put his start in jeopardy.

“I was kind of able to figure out where I needed to go mechanically, just throw my strikes,” he said. “I didn’t think I was going to go five innings, I’ll tell you that.”

Springer connected in the second inning after Daulton Varsho reached on a two-out walk against Nick Nastrini . It was Springer’s fourth homer of the season.

Bichette led off the fourth with his fourth homer, a 419-foot drive to center.

“They were swinging the bat real well,” Blue Jays manager John Schneider said. “Through tough times, guys tend to get a little bit closer, good teams do at least, and I think they’re doing that.”

Nastrini (0-4) allowed three hits in five innings. He struck out five and walked four.

Last-place Chicago lost its sixth consecutive game. It dropped to 15-40 for the worst 55-game start in franchise history.

Gavin Sheets homered in the eighth against Erik Swanson for the only run for the White Sox, who went 1 for 7 with runners in scoring position and left 11 runners on base.

Chicago trailed 3-1 before Schneider hit a two-run shot off John Brebbia with two out in the ninth. Schneider’s drive to left drove in Springer, who led off with a single.

Andrew Benintendi had three of Chicago’s 10 hits. Sheets and Corey Julks each had two hits.

The White Sox loaded the bases in the first but failed to score. Paul DeJong flied to right for the final out.

TRAINER’S ROOM

Blue Jays: RHP Chad Green (right teres major strain) joined the team in Chicago on Monday following his rehab assignment with Triple-A Buffalo. John Schneider said he could be activated as early as Tuesday. ... RHP Bowden Francis (right forearm) will pitch Tuesday for Buffalo in what likely will be his final rehab appearance before he is activated from the injured list.

Toronto’s Kevin Gausman (3-3, 4.47 ERA) will face fellow right-hander Mike Clevinger (0-3, 6.75 ERA) on Tuesday. Gausman struck out 10 in six innings in a 9-1 win at Detroit on Thursday. Clevinger has lost each of his last two starts.

AP MLB: https://apnews.com/hub/MLB

TOR wins 3-0

Game information.

• Home Plate Umpire - Marvin Hudson
• First Base Umpire - Nick Mahrley
• Second Base Umpire - Hunter Wendelstedt
• Third Base Umpire - John Tumpane

2024 American League East Standings

2024 american league central standings, aaron judge caps off spectacular may with another 2 hrs, 4 rbis, aaron judge caps huge may by hitting 2 more homers to lead the yankees past the giants 6-2, ty france hits go-ahead homer as mariners beat angels 5-4.

• Terms of Use
• Privacy Policy
• Your US State Privacy Rights
• Children's Online Privacy Policy
• Interest-Based Ads
• About Nielsen Measurement
• Do Not Sell or Share My Personal Information
• Disney Ad Sales Site
• Work for ESPN
• Corrections