Skip to main content

Domains in Microsoft Fabric

Use Domains to organize, secure, and govern your Microsoft Fabric environment. As your organization scales and introduces more teams, data products, and artifacts, domains offer a critical structure for separating responsibilities, assigning permissions, and applying policies across the Fabric workspace hierarchy.

This guidance helps you design an effective domain structure aligned to the Fabric governance model, using concepts analogous to Azure Management Groups.

Domain Design Considerations

Domains in Microsoft Fabric are the top-level organizational structure and act as policy and security boundaries. Use domains to align with business units, data responsibilities, or compliance boundaries.

When planning your domain structure:

  • Determine which departments, teams, or functional groups require isolation or delegated administration.
  • Consider legal or compliance needs such as data residency, data sovereignty, or auditing scope.
  • Use domains to assign policies, governance rules, and default workspace templates.
  • Leverage Microsoft Entra ID group integration for role-based access at the domain and workspace level.

Keep in mind:

  • A domain can contain multiple workspaces, which in turn contain items (datasets, notebooks, dataflows, reports, etc.).
  • Workspaces are the unit of governance, but domains allow grouped management across them.
  • Every Fabric tenant begins with at least one default domain.

Domain Design Recommendations

  • Keep the domain hierarchy flat, ideally one or two levels. Avoid unnecessary nesting, which adds complexity without improving manageability.
  • Don’t mirror your org chart. Structure domains based on product lines, data responsibility zones, or data mesh nodes.
  • Use domains for policy boundaries – not billing. Billing in Fabric is centralized at the tenant level and through Capacity.
  • Create dedicated sandbox domains with relaxed permissions and policies for experimentation and onboarding.
  • Assign default policies at the domain level to ensure that workspaces inherit baseline governance automatically.
  • Use domain-specific OneLake folders to logically organize files and artifacts by domain context.
  • Use labels and tags in conjunction with domains for cross-domain querying, governance, and inventory analysis.

Example Fabric Domain Hierarchy (Mermaid)

Domain Templates and Deployment

Use Fabric APIs or Admin Center to create domains and assign:

  • Default capacity assignments
  • Workspace templates
  • Entra roles
  • Data security labels and policies

When onboarding a new project:

  • Create a domain if needed (e.g. for a new business line).
  • Create corresponding Workspaces per environment (Dev/Test/Prod).
  • Assign RBAC and OneLake permissions.
  • Register the domain in your inventory system or governance catalog.

Notes

Domains in Fabric provide a powerful abstraction for implementing data mesh, shared responsibility models, and central governance with decentralized ownership. They are foundational for implementing scalable, secure, and compliant architectures in Fabric.

If you’re migrating from Azure landing zones, consider mapping:

  • Management Groups → Domains
  • Subscriptions → Workspaces
  • Resources → Artifacts (Datasets, Pipelines, Reports, etc.)

Contributors