Enhance your Fabric Landing Zone
A refactoring approach to Infrastructure as Code (IaC) removes blockers to business success and minimizes risk. This methodology assumes that you've deployed your initial Fabric landing zone and now want to expand it to meet broader enterprise requirements across domains, workspaces, artifacts, and OneLake.
Shared Architecture Pillars
When expanding Fabric Landing Zones, align your architecture to Microsoft's five architectural excellence pillars. These pillars—shared across Microsoft Fabric, Azure Advisor, and the Azure Well-Architected Framework—ensure a scalable, secure, and resilient data platform:
- Operational Excellence: Automate deployments using Fabric CLI, enforce naming conventions, and streamline workspace governance.
- Performance Efficiency: Optimize compute by sizing Warehouses and Lakehouses appropriately, and apply performance monitoring with Metrics and Fabric Monitoring.
- Reliability: Design for high availability with geo-distributed OneLake storage and resilient Pipelines and Dataflows. Implement retry policies for Fabric Notebooks and Data Activator alerts.
- Cost Optimization: Use capacity metrics and job run analytics to identify underused resources. Implement auto-pause and scale rules on Fabric capacities.
- Security: Enforce RBAC at workspace, item, and OneLake folder level. Implement OneLake security roles and leverage Microsoft Entra ID and Conditional Access.
Apply These Pillars to Landing Zone Improvements
Basic Considerations
Refactor your Fabric landing zone to incorporate:
- Domain-oriented workspace structuring.
- CI/CD automation with Fabric CLI and GitHub Actions or Azure DevOps.
- Semantic consistency in naming, tagging, and ownership metadata.
Operations Expansions
Enhance observability and automation by:
- Integrating Fabric Monitoring and Azure Monitor.
- Creating central Log Analytics workspaces for Fabric usage metrics.
- Automating alerts and cost anomaly detection.
Governance Expansions
Strengthen enterprise control by:
- Defining and enforcing Data Governance policies via Microsoft Purview.
- Leveraging OneLake shortcut monitoring and lineage tracing.
- Applying environment tagging and lifecycle states (dev/test/prod) at workspace level.
Security Expansions
Harden your data estate through:
- Enabling and configuring OneLake Security Roles (preview).
- Using customer-managed keys (BYOK) for Azure Storage and planning for BYOK in OneLake.
- Restricting workspace creation and access through policy, role management, and tenant-wide security settings.
Note: If your medium-term objective (within 24 months) includes hosting more than 1,000 Fabric assets (e.g., semantic models, pipelines, lakehouses), you should implement these enhancements early in the adoption journey.
![github-actions[bot] avatar](https://github.com/41898282.png){kind=small}
41898282
TheTrustedAdvisor (Matthias Falland)