1. The Fabric Hierarchy & Architecture

Fabric is a data platform service residing within an Entra Tenant. The organizational levels are structured as follows:

  • Tenant: The top-level container for the Fabric service.
  • Capacity: The compute resources within Fabric. A tenant can have multiple capacities, each with a specific location and size.
  • Domains & Subdomains (Optional): Logical groups of Workspaces within a Capacity.
  • Workspaces: Containers for items. Each user has a personal “My Workspace”. Workspaces are attached to a single capacity and require that compute power to function.
  • Items: The building blocks within Workspaces used for data storage and transformation.
    • Lakehouse: Stores structured, semi-structured, and unstructured tables and files.
    • Warehouse: Stores structured transaction tables.
  • Objects: Elements existing within items, such as tables, files, views, and stored procedures.

2. OneLake (The “OneDrive for Data”)

OneLake is the unified SaaS data lake for the entire organization, built on Azure Data Lake Storage (ADLS) Gen2.

  • One Copy Principle: Data is stored once in Delta Lake format and accessed by multiple engines without duplication. Storing this data generates costs.
  • Shortcuts: Virtualizes data from external systems (ADLS, AWS S3, GCS) or between Workspaces without needing to replicate the underlying files.
  • Mirroring: Provides near real-time copies of external databases into the Delta Lake format.
  • Serverless Compute: Provides various interfaces to interact with OneLake data, including Spark, T-SQL, Power BI, and KQL.

3. Capacity & Licensing

  • Capacity SKUs:
    • F-SKUs: Azure-based, pay-as-you-go capacity units (CU). Development capacities can be paused to manage costs.
    • P-SKUs: Monthly/yearly Power BI Premium commitments.
  • The F64 Threshold: To allow users with a “Free” license to view content, the workspace must be backed by an F64 or larger SKU.
  • Compute Interfaces: Items in Workspaces utilize the shared pool of Capacity Units to interact with data in OneLake via serverless interfaces.

4. OneLake Security & Governance

  • Authentication: Strictly relies on Entra ID with access managed through Workspace Roles and Item Permissions.
  • Data Access Roles (Preview): Defines granular security at the folder and table level for specific members.
  • Unified Governance: Integration with Microsoft Purview ensures sensitivity labels and DLP policies are inherited from sources and enforced across workloads.

5. Microsoft 365 & Copilot Integration

  • Direct Lake Mode: Allows Power BI to read Delta tables directly from OneLake without importing data.
  • Excel & Teams: Fabric items can be explored natively in Excel or shared via Teams while maintaining security contexts.
  • Copilot for Fabric: Assists in generating DAX, Python, and data pipelines. It respects security boundaries and does not use organizational data to train public models.

6. Data Loss Prevention (DLP) & Information Protection

  • DLP for Fabric: Compliance teams can create policies in Purview to detect sensitive data (e.g., Credit Card numbers) in Lakehouses and Warehouses, automatically restricting access when a violation is found.
  • Sensitivity Labels: Labels applied in Fabric (e.g., “Highly Confidential”) are visible in the OneLake Catalog and travel with the data if it is exported to Power BI or Excel.
  • Public APIs: Sensitivity labels can be programmatically managed via Fabric APIs to support large-scale automated classification.

7. Essential PowerShell Cmdlets (Az.Fabric & PowerBIMgmt)

  • Connection: Connect-AzAccount or Connect-PowerBIServiceAccount
  • Capacity Management:
    • Get-AzFabricCapacity: Lists all capacities.
    • Update-AzFabricCapacity -Name "MyCapacity" -Sku "F64": Scales capacity.
    • Suspend-AzFabricCapacity / Resume-AzFabricCapacity: Pauses or resumes billing.
  • Workspace Management:
    • Get-PowerBIWorkspace -Scope Organization: Lists workspaces.
    • Set-PowerBIWorkspace -Id <ID> -CapacityId <CapacityID>: Assigns a workspace to a specific capacity.