Governance in Fabric Landing Zones
Governance is a foundational design area in every Fabric Landing Zone. It provides the necessary mechanisms to ensure that your data platform aligns with corporate policies, security standards, and compliance requirements—without blocking innovation or automation.
What is Governance?
Governance in Azure and Microsoft Fabric is about maintaining control without sacrificing agility. It includes:
- Defining policies (e.g., allowed regions, enforced tags, encryption standards)
- Assigning roles (e.g., via Entra ID) with least privilege principles
- Enabling auditing and compliance reporting
- Supporting cost control and accountability
Core Concepts
- Azure Policy: Enforce rules at subscription, resource group, or workspace level.
- Management Groups: Organize policies and scopes for enforcement.
- RBAC (Role-Based Access Control): Securely assign responsibilities.
- Tagging: Establish tag standards to enable chargeback and showback models.
Recommended Tools
- Azure Policy
- Microsoft Entra ID Governance
- Cost Management + Billing
- Azure Governance Visualizer
- AzAdvertizer
Common Governance Patterns in Fabric
- Define guardrails for workspace creation
- Enforce naming conventions using policy
- Automate tagging for owner, cost center, and environment
- Prevent use of public endpoints unless explicitly required
Governance in Landing Zones
Start with Policy
Governance starts with clear and enforced policies. In Fabric, that includes:
- Workspace creation rights
- Fabric capacity assignment
- Tagging via deployment pipelines
- Enforced data residency requirements
![github-actions[bot] avatar](https://github.com/41898282.png){kind=small}
41898282
TheTrustedAdvisor (Matthias Falland)