Keep your Fabric Landing Zone up to date

A Fabric Landing Zone is a preconfigured foundation for Microsoft Fabric workloads that includes capacities, workspace architecture, RBAC controls, monitoring, security baselines, and governance configurations. Maintaining this environment up to date ensures security, operational consistency, and enables you to take advantage of new platform capabilities as they are released.

Why update your Fabric Landing Zone?

🔐 Maintain security posture

Fabric and the Microsoft Data Platform evolve continuously, especially regarding governance, identity, and security. Staying current helps you:

• Enforce the latest Microsoft Entra ID capabilities, including role definitions and Privileged Identity Management (PIM) for Fabric and Power BI Admins.
  👉 Use Microsoft Entra PIM

• Adopt Microsoft Purview DLP and Sensitivity Labels for data classification and loss prevention.

• Apply updated RBAC and permissions models across capacities, workspaces, and data items.

⚙️ Prevent configuration drift

Over time, deviations from your initial design accumulate:

• Workspace roles modified ad hoc
• New features not integrated (e.g. Copilot, shortcut support, workspace mirroring)
• Inconsistent naming or tagging conventions

To reduce technical debt, review and realign your environment regularly against Fabric Landing Zone guidance.

🚀 Leverage new capabilities

Keep up with Microsoft Fabric innovations:

• New Capacity SKUs or updated license and billing options
• New services like Data Activator, Real-Time Intelligence, or Semantic Link
• Expanded region availability or security enhancements

👥 Ensure supportability

When your configuration aligns with the Fabric Adoption Framework or Microsoft-verified architecture patterns, you're more likely to receive effective:

• Community support (e.g. GitHub, MVP blogs)
• Microsoft Product Group feedback
• Updated samples or IaC templates

---

Policy and Role Management

Use Microsoft Entra PIM and built-in Azure Policies to manage and automate:

• Time-bound access to Fabric Admin, Power BI Admin, or capacity-level roles
• Policy enforcement across workspaces (naming conventions, export restrictions, certifications)
• Cross-subscription consistency using management groups and policy inheritance

👉 Fabric RBAC overview

---

Infrastructure as Code (IaC)

Manage your Fabric Landing Zone using automation:

• Use the Fabric CLI for scripting capacity setup, workspace creation, role assignment, and more
  👉 Fabric CLI Overview

• Deploy shared resources and policies using Bicep or ARM templates

• Track changes via GitHub Actions or Azure DevOps pipelines

• Use Enterprise Policy as Code (EPAC) for scaling Azure Policy enforcement

👉 Update landing zones with IaC

---

Next steps

• 🔁 Schedule quarterly or semi-annual Fabric Landing Zone reviews

• 🆕 Monitor updates via:

  • Fabric Release Notes
  • Azure Updates
  • Fabric Adoption Framework

• 🛠 Use the Fabric Monitoring Dashboard to detect drift or inefficiencies

Keeping your Fabric Landing Zone aligned ensures security, efficiency, and long-term manageability of your data estate.