You can check who gets into a workspace in Microsoft Fabric by using some built-in tools. Audit access helps keep your data safe and helps you follow rules. The main ways to do this are:

1. Admin Monitoring Workspace shows how people use it and what they do.

2. Monitoring Hub lets you see when datasets refresh and jobs run.

3. Power BI Activity Logs and Unified Audit Logs show when things are made, read, changed, or deleted.

4. Microsoft Purview helps with more advanced tracking and audit log control.

Both IT admins and business users can use these features.

Key Takeaways

• Use Microsoft Fabric's tools like the admin portal, Purview, and SQL audit logs. These tools help you see who goes into your workspace and what they do there.

• Check audit logs and reports often. This helps you find strange activity, protect your data, and follow rules like GDPR and HIPAA.

• Make strong access controls with Microsoft Entra ID and role-based permissions. This limits who can look at or change your data.

• Plan to review access and permissions often. This helps you find problems early and fix them fast.

• Use best practices like keeping workspaces separate for different jobs, using managed identities, and sharing data carefully. This keeps your workspace safe and easy to use.

Why Audit Access Matters

Security and Compliance

You need to watch who gets into your workspace in Microsoft Fabric. This helps keep your data safe and follow important rules. If you do not check access, people who should not see or change things might get in. Some common problems are:

• People you do not know or guests can get in with shared links.

• Sometimes, a bug shows users as "Anonymous Guest."

• Outside users with missing checks can look like anonymous people.

• Wrong access settings can let the wrong people in.

These problems can cause data leaks or changes you do not want. You can stop these by using strong access controls with Microsoft Entra ID. Turn off sharing with anonymous people and check notebook sharing often. Always look at audit logs to find anything odd. Set up rules like multi-factor authentication to block risky devices.

Rules like GDPR and HIPAA say you must keep records of who gets your data. Microsoft Fabric helps you follow these rules with Microsoft Purview Audit. You can see what every user does in your workspaces. Use role-based access control so people only get the permissions they need. Check your audit logs often and update your rules to stay on track.

Tip: Use compliance dashboards in Microsoft Fabric to find rule breaks and fix them fast.

Business Benefits

When you check access, your business gets many good things. You keep your data safe and avoid big mistakes. If you do not watch, you might give too many permissions or miss strange actions. This can make your data less safe and break rules in some places.

Some main business benefits are:

• Better security and fewer data leaks.

• Easier time following laws and rules.

• Faster finding of odd access or permission changes.

• Teamwork is better with clear access limits.

• Save money by using resources in a smart way.

Microsoft Fabric gives you tools like real-time checks, detailed reports, and dashboards. These help you find problems early and keep your data neat. You can also watch more as your business grows. By using audit access tools, you help keep data safe and make customers trust you.

Admin Portal and Monitoring Workspace

The Microsoft Fabric admin portal gives you strong tools to watch and control who uses your workspaces. You can set up audit settings, check reports, and make sure only the right people have access. This helps you keep your data safe and follow important rules.

Configuring Audit Settings

You can set up audit settings in your workspace to track what users do. Follow these steps to get started:

1. Open your Fabric workspace and go to the Settings of your warehouse item.

2. Find the SQL audit logs page.

3. Turn on the option to Save events to SQL audit logs.

4. Pick which events you want to track. You can choose event categories or specific audit action groups. This helps you focus on the most important actions and saves storage space.

5. Set how long you want to keep the logs. You can choose the number of years, months, and days.

6. Click Save to keep your changes.

Tip: You can use advanced tools like REST API for more control. With the API, you can enable or disable auditing, set how long to keep logs, and check the status of your audit settings. You need a Power BI bearer token and a tool like Visual Studio Code with the REST Client extension for this.

When you set up audit settings, you make it easier to track who does what in your workspace. This helps you spot problems early and keeps your workspace safe.

Access and Usage Reports

The admin portal gives you many ways to see how people use your workspace. You can find out who signs in, what they do, and how often they use different features. Here are some key features you can use:

• The admin monitoring workspace is made for admins. You can see reports and models that show user activity, content sharing, and how well your workspace is running.

• This workspace is read-only for admins. Non-admins can see reports if you give them viewer roles or share direct links.

• Reports update once a day, so you always have fresh data.

• You can reinitialize the workspace with an API if you need to reset access or refresh the content.

You can also check user sign-in activity using the Microsoft Entra admin center. Sign-in logs show who signed in during the last 24 hours. You can filter by time, up to 7 days for standard users or 30 days with a premium license. You can also filter by app, like Microsoft Power BI. Download these logs as CSV or JSON files for more study.

Usage metrics reports help you see how people use reports in your tenant. You get per-user data by default, but you can turn this off for privacy. These reports do not work in My Workspace or with private links. Usage metrics cover up to 90 days and show unique report views. Some regions do not support usage metrics because of local rules.

Note: The admin monitoring workspace has some limits. Only admins can see it directly. You cannot remove access without reinitializing. Scheduled refreshes depend on the admin’s credentials and status.

By using these reports, you can spot trends, find problems, and make better choices about your workspace. Audit Access becomes easier when you use these tools to check who does what and when.

Audit Access with Microsoft Purview

Microsoft Purview gives you a powerful way to track what happens in your Microsoft Fabric workspaces. You can see who accessed your workspace, what actions they took, and when they did it. This helps you keep your data safe and meet compliance needs. Purview focuses on audit logging, which means it records all user activities inside your Fabric workspaces. You can use these logs to review access and spot any unusual behavior.

Searching Audit Logs

You can start by searching audit logs in Microsoft Purview. These logs show every action users take in your workspace. To access these logs, you need the right permissions. You must have the 'Audit Logs' or 'View-Only Audit Logs' role. Usually, admins get these roles as part of the 'Compliance Management' or 'Organization Management' groups in the Exchange admin center. You can also find these roles in the 'Audit Reader' and 'Audit Manager' groups in the Purview portal.

Here is how you can search audit logs:

1. Open the Microsoft Purview portal.

2. Go to the Audit section.

3. Choose Search to look for audit logs.

4. Set the date range for your search.

5. Enter keywords or select activities you want to track, such as "Workspace Access" or "Item Modified."

6. Click Search to see the results.

Tip: You can also use PowerShell with the Search-UnifiedAuditLog cmdlet if you prefer command-line tools.

The audit log will show you a list of activities, including who did what and when. This helps you quickly find out if someone accessed your workspace without permission.

Filtering User Activities

You can filter user activities to focus on the most important events. Filtering helps you find specific actions, such as when someone shares a file or changes permissions. In the Purview portal, you can use filters like:

• User name: See actions by a specific person.

• Activity type: Focus on actions like "Viewed," "Edited," or "Deleted."

• Workspace name: Narrow results to a single workspace.

• Date and time: Look at events from a certain period.

Filtering makes it easier to spot problems. For example, you can check if someone outside your team accessed sensitive data. You can also see if users changed permissions or shared items with others.

Note: Always review filtered results to make sure you do not miss any important events.

Compliance Reporting

Microsoft Purview helps you meet compliance rules by giving you detailed reports. These reports show who accessed your workspace, what they did, and when. You can use these reports to prove that you follow laws like GDPR or HIPAA.

To create a compliance report:

1. Go to the Audit section in the Purview portal.

2. Use the search and filter tools to find the activities you need.

3. Export the results as a CSV or PDF file.

4. Share the report with your compliance team or keep it for your records.

You can schedule regular reports to make sure you always have up-to-date records. This helps you stay ready for audits and respond quickly to any issues.

Microsoft Purview makes Audit Access easy and reliable. You can track every action in your workspace, filter for important events, and create reports that help you stay compliant. By using these tools, you protect your data and build trust with your users.

SQL Audit Logs and KQL Queries

Enabling SQL Audit Logs

You can turn on SQL audit logs in your Microsoft Fabric workspace to watch what users do. This helps you see who does things in your workspace. First, you need the right permissions. People with the 'Audit' or 'Audit queries' permission can turn on SQL audit logs. Workspace Admins have these permissions by default. Admins can also give the 'Audit' permission to others using the share dialog in the Fabric portal.

Here are the steps to turn on SQL audit logs:

1. Make sure you have the 'Audit queries' permission. If you do not, ask your Workspace Admin.

2. Open your workspace and go to settings.

3. Use the share dialog to give 'Audit queries' permission to other users if needed.

4. Make a PATCH API call to the Fabric API endpoint. Set the 'state' to 'Enabled'.

5. Pick how long you want to keep the logs by setting the 'retentionDays' value.

6. Remember, SQL audit logs are off at first and only work in workspaces you set up, not the default one.

Note: SQL audit logs are saved encrypted in OneLake. You can use T-SQL functions to look at them.

Querying with KQL

After you turn on SQL audit logs, you can use Kusto Query Language (KQL) to search and study the logs. KQL helps you find patterns, spot odd activity, and answer questions about workspace access. You can write easy queries to see who got into what and when. For example:

AuditLogs
| where ActionName == "WorkspaceAccess"
| summarize Count = count() by UserName, TimeGenerated

This query shows how many times each user got into the workspace. You can change the filters to look at certain users or actions. KQL makes it simple to check your data and make Audit Access better.

Advanced Monitoring with Azure Log Analytics

Azure Log Analytics gives you strong tools to watch workspace access. You can set up role-based access control (RBAC) to pick who can read, search, or manage logs. There are two ways to control access:

• Workspace-context mode lets users with workspace permissions search all logs.

• Resource-context mode lets users search logs only for resources they can use.

You can use built-in roles like Log Analytics Reader or Contributor. Custom roles let you control permissions even more. These tools help you track who looks at logs, what data they see, and how they use your workspace. Azure Log Analytics supports strong monitoring and keeps your Audit Access safe.

Best Practices and Troubleshooting

Common Issues

When you check workspace access in Microsoft Fabric, you might see some problems. Knowing about these problems helps you fix them faster. Here are some issues you may face:

1. Users might not have Build permission on datasets. This means they cannot connect to data or see reports.

2. External or guest users, like B2B guests, may not get into reports. Their identity might not work right.

3. Dataset credentials can stop working or change. This blocks access until you update them.

4. Published app versions can get old or break. This causes errors when people try to get in.

5. Security group sync can be slow. New permissions may not show up right away.

6. Network or proxy settings can block sign-in. This makes it hard for users to log in.

Tip: Test user access often. Check permissions and use tools to find and fix problems fast.

Regular Audit Schedules

You should make a plan to check workspace access often. This helps you find problems early and keeps your data safe. Many admins look at audit logs every week or month. You can set up tools to send reports on a schedule. Always check who has access, what they do, and if permissions changed. If you see something strange, fix it right away.

Tips for Effective Monitoring

You can make monitoring better by using some smart tips:

• Use role-based access control (RBAC) with Microsoft Entra ID. Only give users the permissions they need.

• Put workspaces into teams or projects. This makes it easier to manage and track changes.

• Keep workspaces for development, testing, and production separate. This keeps things safe and neat.

• Use OneLake shortcuts to share data. This lets you share without giving too many permissions.

• Use managed identities for machines. This is safer than using user accounts or service principals.

By using these tips, your workspace will be safer, easier to manage, and ready to grow.

You can keep your Microsoft Fabric workspaces safe by using tools like the admin portal, Purview, SQL audit logs, and KQL. Doing regular checks helps you see what users do, follow rules, and make your workspace stronger. Audit Access helps you find problems early and fix them fast. To watch better, give people clear jobs, check your setups, and control who can do what. Learn about new things, like the workspace item limit, so you have more control and can see what is happening. Keep checking your setup as Microsoft Fabric changes to keep your data safe and reach your goals.

FAQ

How do you check who accessed a workspace in Microsoft Fabric?

You can open the admin portal or Microsoft Purview. Go to the audit logs or monitoring workspace. Look for user activity reports. These show who entered, what they did, and when.

Can you export audit logs for review?

Yes, you can export audit logs as CSV or PDF files. Use the export option in Microsoft Purview or the admin portal. This helps you share reports with your team or keep records for audits.

What should you do if you see unknown users in your logs?

First, check if these users are guests or external accounts. Remove their access if they should not be there. Update your sharing settings. Always review audit logs for any strange activity.

How often should you review workspace access?

You should check access logs every week. Set a schedule for regular reviews. This helps you find problems early and keeps your data safe.