application-environments

Manage application development environments in Microsoft Fabric Landing Zones

This article describes how cloud platform teams can implement guardrails and structures to manage application environments in Microsoft Fabric Landing Zones. It also explains how to align the various application development environments with Fabric's workspace and domain architecture.

Establishing the foundation

In Microsoft Fabric, development teams work within domains and workspaces. The platform team ensures security, governance, and compliance at scale through standardized environments, consistent policy enforcement, and delegated governance. Two core principles guide this: policy-driven governance and workspace democratization.

Fabric encourages:

Sandbox workspaces for experimentation with new features.
Standardized environments for development, testing, and production.
Domain-level alignment for architectural consistency and separation of responsibilities.

Environment types and patterns

While Fabric doesn’t use Azure subscriptions for isolation, logical separation is achieved using Domains, Workspaces, and Artifact containers (e.g., Lakehouses, Warehouses, Pipelines).

Environment	Description	Fabric Implementation
Sandbox	Used for exploration and rapid prototyping without affecting production	Workspace with looser policies under “Sandbox” Domain
Development	Used for iterative development and testing by the dev team	Workspace with full access to deployment pipelines
Test	Used for automated tests and QA validations before production promotion	Workspace with staging-level restrictions
Production	Hosts critical datasets and reports exposed to consumers and business users	Workspace in a “Prod” domain, with RBAC and governance

Each of these environments can be implemented as separate Fabric Workspaces within a domain structure that reflects the organization (e.g., Sales/Dev, Sales/Test, Sales/Prod).

Domains and Workspaces

Organize Fabric environments through consistent domain structures. Each team or business function owns one or more domains. Under each domain:

Workspaces represent environments (Dev/Test/Prod).
Policies, access controls, and capacities can be assigned at the domain or workspace level.

This layout enables teams to manage their workloads independently, while ensuring consistency and compliance via centrally defined governance.

Application lifecycle and promotion

Fabric currently lacks native support for promoting artifacts (like datasets or reports) across environments. As a best practice:

Use version control (e.g., GitHub or Azure Repos) for your .pbip or .json artifact definitions.
Automate deployments with Fabric REST API or Fabric CLI.
Assign environments to pipeline stages in your DevOps tool (e.g., GitHub Actions, Azure Pipelines).

Policy consistency

Avoid different governance policies between environments to reduce deployment errors and late-stage surprises. For example:

If your Production environment requires encrypted Lakehouse storage or strict RBAC, apply these settings early (e.g., in Dev).
Instead of enforcing constraints only in Prod, apply audit-only policies in lower environments and enforce in Prod.

Special considerations

Using a single Workspace for all environments

Not recommended. Use separate Workspaces unless you meet all of the following:

Very small team with limited operational complexity.
Strong tagging or naming conventions to distinguish artifacts.
Consistent access control and policies across all lifecycle stages.

Multi-tenant deployment

In cross-tenant scenarios (e.g., service provider setups), domains and workspaces must be clearly scoped. Artifacts should avoid dependencies on tenant-specific services.

GraphQL or custom apps

Applications (e.g., using GraphQL APIs or embedding) often require Microsoft Entra App Registrations. Treat these like managed identities and register them per environment. Use tags and naming to indicate environment (e.g., myapp-dev, myapp-prod).

Summary

To manage application development environments in Microsoft Fabric effectively:

Use Domains and Workspaces to organize your environments.
Apply consistent policies across environments.
Automate artifact deployments via Fabric CLI, REST API, or DevOps pipelines.
Treat sandbox environments as exceptions, not norms.
Encourage developers to follow workspace naming and tagging standards.

This approach ensures scalability, agility, and compliance while empowering teams to innovate rapidly within well-governed guardrails.

Manage application development environments in Microsoft Fabric Landing Zones​

Establishing the foundation​

Environment types and patterns​

Domains and Workspaces​

Application lifecycle and promotion​

Policy consistency​

Special considerations​

Using a single Workspace for all environments​

Multi-tenant deployment​

GraphQL or custom apps​

Summary​

Contributors