role assignment limit azure

This browser is no longer supported.

Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.

Troubleshoot Azure RBAC limits

• 6 contributors

This article describes some common solutions when you exceed the limits in Azure role-based access control (Azure RBAC).

Prerequisites

• Reader role to run Azure Resource Graph queries.
• Role Based Access Control Administrator role to add or remove role assignments.
• User Access Administrator role to add role assignments, remove role assignments, or delete custom roles.
• Groups Administrator or User Administrator role to create groups.

The queries used in this article only return role assignments or custom roles that you have permissions to read. For example, if you only have permissions to read role assignments at resource group scope, role assignments at subscription scope aren't returned.

Symptom - No more role assignments can be created

When you try to assign a role, you get the following error message:

No more role assignments can be created (code: RoleAssignmentLimitExceeded)

Azure supports up to 4000 role assignments per subscription. This limit includes role assignments at the subscription, resource group, and resource scopes, but not at the management group scope. You should try to reduce the number of role assignments in the subscription.

The 4000 role assignments limit per subscription is fixed and cannot be increased.

To get the number of role assignments, you can view the chart on the Access control (IAM) page in the Azure portal. You can also use the following Azure PowerShell commands:

Solution 1 - Replace principal-based role assignments with group-based role assignments

To reduce the number of role assignments in the subscription, add principals (users, service principals, and managed identities) to groups and assign roles to the groups instead. Follow these steps to identify where multiple role assignments for principals can be replaced with a single role assignment for a group.

Sign in to the Azure portal and open the Azure Resource Graph Explorer.

Select Scope and set the scope for the query.

You typically set scope to Directory to query your entire tenant, but you can narrow the scope to particular subscriptions.

Select Set authorization scope and set the authorization scope to At, above and below to query all resources at the specified scope.

Run the following query to get the role assignments with the same role and at the same scope, but for different principals.

This query checks active role assignments and doesn't consider eligible role assignments in Microsoft Entra Privileged Identity Management . To list eligible role assignments, you can use the Microsoft Entra admin center, PowerShell, or REST API. For more information, see Get-AzRoleEligibilityScheduleInstance or Role Eligibility Schedule Instances - List For Scope .

If you are using role assignment conditions or delegating role assignment management with conditions , you should use the Conditions query. Otherwise, use the Default query.

The following shows an example of the results. The count_ column is the number of principals assigned the same role and at the same scope. The count is sorted in descending order.

Identify a row where you want to replace the multiple role assignments with a single role assignment for a group.

In the row, select See details to open the Details pane.

Use RoleDefinitionId , RoleDefinitionName , and Scope to get the role and scope.

Use AllPrincipals to get the list of the principal IDs with the same role assignment.

Create a Microsoft Entra group. For more information, see Manage Microsoft Entra groups and group membership .

Add the principals from AllPrincipals to the group.

For information about how to add principals in bulk, see Bulk add group members in Microsoft Entra ID .

Assign the role to the group you created at the same scope. For more information, see Assign Azure roles using the Azure portal .

Now you can find and remove the principal-based role assignments.

Get the principal names from the principal IDs.

• To use Azure portal, see Add or update a user's profile information and settings .
• To use PowerShell, see Get-MgUser .
• To use Azure, CLI, see az ad user show .

Open the Access control (IAM) page at the same scope as the role assignments.

Select the Role assignments tab.

To filter the role assignments, select the Role filter and then select the role name.

Find the principal-based role assignments.

You should also see your group-based role assignment.

Select and remove the principal-based role assignments. For more information, see Remove Azure role assignments .

Solution 2 - Remove redundant role assignments

To reduce the number of role assignments in the subscription, remove redundant role assignments. Follow these steps to identify where redundant role assignments at a lower scope can potentially be removed since a role assignment at a higher scope already grants access.

Run the following query to get the role assignments with the same role and same principal, but at different scopes.

The following shows an example of the results. The count_ column is the number of different scopes for role assignments with the same role and same principal. The count is sorted in descending order.

Identify a row where you want to remove redundant role assignments.

In a row, select See details to open the Details pane.

Use RoleDefinitionId , RoleDefinitionName , and PrincipalId to get the role and principal ID.

Use Scopes to get the list of the scopes for the same role and same principal.

Determine which scope is required for the role assignment. The other role assignments can be removed.

You should follow best practices of least privilege when determining which role assignments can be removed. The role assignment at the higher scope might be granting more access to the principal than what is needed. In that case, you should remove the role assignment with the higher scope. For example, a user might not need a Virtual Machine Contributor role assignment at subscription scope when a Virtual Machine Contributor role assignment at a lower resource group scope grants the required access.

Get the principal name from the principal ID.

Open the Access control (IAM) page at the scope for a role assignment you want to remove.

Find the principal.

Select and remove the role assignment. For more information, see Remove Azure role assignments .

Solution 3 - Replace multiple built-in role assignments with a custom role assignment

To reduce the number of role assignments in the subscription, replace multiple built-in role assignments with a single custom role assignment. Follow these steps to identify where multiple built-in role assignments can potentially be replaced.

Run the following query to get role assignments with the same principal and same scope, but with different built-in roles.

The following shows an example of the results. The count_ column is the number of different built-in role assignments with the same principal and same scope. The count is sorted in descending order.

Use AllRD to see the built-in roles that can potentially be combined into a custom role.

List the actions and data actions for the built-in roles. For more information, see List Azure role definitions or Azure built-in roles

Create a custom role that includes all the actions and data actions as the built-in roles. To make it easier to create the custom role, you can start by cloning one of the built-in roles. For more information, see Create or update Azure custom roles using the Azure portal .

Assign the new custom role to the principal. For more information, see Assign Azure roles using the Azure portal .

Now you can remove the built-in role assignments.

On the Access control (IAM) page at the same scope, select the Role assignments tab.

Find the principal and built-in role assignments.

Remove the built-in role assignments from the principal. For more information, see Remove Azure role assignments .

Solution 4 - Make role assignments eligible

To reduce the number of role assignments in the subscription and you have Microsoft Entra ID P2, make role assignments eligible in Microsoft Entra Privileged Identity Management instead of permanently assigned.

Solution 5 - Add an additional subscription

Add an additional subscription.

Symptom - No more role assignments can be created at management group scope

You're unable to assign a role at management group scope.

Azure supports up to 500 role assignments per management group. This limit is different than the role assignments limit per subscription.

The 500 role assignments limit per management group is fixed and cannot be increased.

Try to reduce the number of role assignments in the management group. For possible options, see Symptom - No more role assignments can be created . For the queries to retrieve resources at the management group level, you'll need to make the following change to the queries:

| where id startswith "/subscriptions"

| where id startswith "/providers/Microsoft.Management/managementGroups"

Symptom - No more role definitions can be created

When you try to create a new custom role, you get the following message:

Role definition limit exceeded. No more role definitions can be created (code: RoleDefinitionLimitExceeded)

Azure supports up to 5000 custom roles in a directory. (For Microsoft Azure operated by 21Vianet, the limit is 2000 custom roles.)

Follow these steps to find and delete unused Azure custom roles.

Select Scope and set the scope to Directory for the query.

Run the following query to get all custom roles that don't have any role assignments:

This query checks active role assignments and doesn't consider eligible custom role assignments in Microsoft Entra Privileged Identity Management . To list eligible custom role assignments, you can use the Microsoft Entra admin center, PowerShell, or REST API. For more information, see Get-AzRoleEligibilityScheduleInstance or Role Eligibility Schedule Instances - List For Scope .

The following shows an example of the results:

Open the scope (typically subscription) and then open the Access control (IAM) page.

Select the Roles tab to see a list of all the built-in and custom roles.

In the Type filter, select CustomRole to just see your custom roles.

Select the ellipsis ( ... ) for the custom role you want to delete and then select Delete .

• Remove Azure role assignments
• Create or update Azure custom roles using the Azure portal

Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback .

Submit and view feedback for

Additional resources

Using Azure policies to audit and automate RBAC role assignments

Usually different RBAC role assignments in Azure might be inherited from subscription / management group level but there may come a time when that's just way too broad spectrum to give permissions to an AD user group.

While it’s tempting to assign permissions on a larger scope, sometimes you might rather prefer to have only some of the subscription’s resource groups granted with a RBAC role with minimal permissions to accomplish the task at hand. In those scenarios you’ll usually end up with one of the following options to handle the role assignments:

• Include the role assignments in your ARM templates / Terraform codes / Bicep templates
• Manually add the role to proper resource groups

If neither these appeal to you, there’s a third option: define an Azure policy which identifies correct resource groups and then deploys RBAC role assignments automatically if conditions are met. This blog will go over with step-by-step instructions how to:

• Create a custom Azure policy definition for assigning Contributor RBAC role for an Azure AD group
• Create a custom RBAC role for policy deployments and add it to your policy definition
• Create an assignment for the custom policy

The example scenario is very specific and the policy definition is created to match this particular scenario. You can use the solution provided in this post as a basis to create something that fits exactly to your needs.

Azure policies in brief

Azure policies are a handy way to add automation and audit functionality to your cloud subscriptions. The policies can be applied to make sure resources are created following the company’s cloud governance guidelines for resource tagging or picking the right SKUs for VMs as an example. Microsoft provides a lot of different type built-in policies that are pretty much ready for assignment. However, for specific needs you’ll usually end up creating a custom policy that better suits your needs.

Using Azure policies is divided into two main steps:

• You need to define a policy which means creating a ruleset (policy rule) and actions (effect) to apply if a resource matches the defined rules.
• Then you must assign the policy to desired scope (management group / subscription / resource group / resource level). Assignment scope defines the maximum level of scanning if resources match the policy criteria. Usually the preferable levels are management group / subscription.

Depending on how you prefer governing your environment, you can resolve to use individual policies or group multiple policies into initiatives . Initiatives help you simplify assignments by working with groups instead of individual assignments. It also helps with handling service principal permissions. If you create a policy for enforcing 5 different tags, you’ll end up with having five service principals with the same permissions if you don’t use an initiative that groups the policies into one.

Creating the policy definition for assignment of Contributor RBAC role

The RBAC role assignment can be done with policy that targets the wanted scope of resources through policy rules. So first we’ll start with defining some basic properties for our policy which tells the other users what this policy is meant for. Few mentions:

• Policy type = custom . Everything that’s not built-in is custom.
• Mode = all since we won’t be creating a policy that enforces tags or locations
• Category can be anything you like. We’ll use “Role assignment” as an example

Now we have our policy’s base information set. It’s time to form a policy rule. The policy rule consists of two blocks: policyRule and then . First one is the actual rule definition and the latter is the definition of what should be done when conditions are met. We’ll want to target only a few specific resource groups so the scope can be narrowed down with tag evaluations and resource group name conventions. To do this let’s slap an allOf operator (which is kind of like the logical operator ‘and’) to the policy rule and set up the rules

As can be seen from the JSON, the policy is applied to a resource (or actually a resource group) if

• It’s type of Microsoft.Resources/subscriptions/resourceGroups = the target resource is a resource group
• It has a tag named RbacAssignment set to true
• The resource group name starts with my-rg-prefix

In order for the policy to actually do something, an effect must be defined. Because we want the role assignment to be automated, the deployIfNotExists effect is perfect. Few mentions of how to set up an effect:

• The most important stuff is in the details block
• The type of the deployment and the scope of an existence check is Microsoft.Authorization/roleAssignments for RBAC role assignments
• An existence condition is kind of an another if block: the policy rule checks if a resource matches the conditions which makes it applicable for the policy. Existence check then confirms if the requirements of the details are met. If not, an ARM template will be deployed to the scoped resource

The existence condition of then block in the code example below checks the role assignment for a principal id through combination of Microsoft.Authorization/roleAssignments/roleDefinitionId and Microsoft.Authorization/roleAssignments/principalId . Since we want to assign the policy to a subscription, roleDefinitionId path must include the /subscriptions/<your_subscription_id>/.. in order for the policy to work properly.

The last thing to add is the actual ARM template that will be deployed if existence conditions are not met. The template itself is fairly simple since it’s only containing the definitions for a RBAC role assignment.

And that’s it! Now we have the policy definition set up for checking and remediating default RBAC role assignment for our subscription. If the automated deployment feels too daunting, the effect can be swapped to auditIfNotExist version. That way you won’t be deploying anything automatically but you can simply audit all the resource groups in the scope for default RBAC role assignments.

That should be enough, right? Well it isn’t. Since we’re using ARM template deployment with our policy, we must add a role with privileges to create remediation tasks which essentially means we must add a role that has privileges to create and validate resource deployments. Azure doesn’t provide such policy with minimal privileges out-of-the-box since the scope that has all the permissions we need is Owner. We naturally don’t want to give Owner permissions to anything if we reeeeeally don’t have to. The solution: create a custom RBAC role for Azure Policy remediation tasks.

Create custom RBAC role for policy remediation

Luckily creating a new RBAC role for our needs is a fairly straightforward task. You can create new roles in Azure portal or with Powershell or Azure CLI. Depending on your desire and permissions to go around in Azure, you’ll want to create the new role into a management group or a subscription to contain it to a level where it is needed. Of course there’s no harm done to spread that role to wider area of your Azure environment, but for the sake of keeping everything tidy, we’ll create the new role to one subscription since it’s not needed elsewhere for the moment.

Note that the custom role only allows anyone to validate and create deployments. That’s not enough to actually do anything. You’ll need to combine the deployment role with a role that has permissions to do the stuff set in deployment. For RBAC role assignments you’d need to add “User Access Administrator” role to the deployer as well.

Here’s how to do it in Azure portal:

• Go to your subscription listing in Azure, pick the subscription you want to add the role to and head on to Access control (IAM) tab.
• From the top toolbar, click on the “Add” menu and select “Add custom role”.
• Give your role a clear, descriptive name such as Least privilege deployer or something else that you think is more descriptive.
• Add a description.
• Add permissions Microsoft.Resources/deployments/validate/action and Microsoft.Resources/deployments/write to the role.
• Set the assignable scope to your subscription.
• Review everything and save.

After the role is created, check it’s properties and take note of the role id. Next we’ll need to update the policy definition made earlier in order to get the new RBAC role assigned to the service principal during policy initiative assignment.

So from the template, change this in effect block:

Assigning the created policy

Creating the policy definition is not enough for the policy to take effect. As mentioned before, the definition is merely a ruleset created for assigning the policy and does nothing without the policy assignment. Like definitions, assignments can be set to desired scope. Depending on your policy, you can set the policy for management group level or individual assignments to subscription level with property values that fit each individual subscription as needed.

Open Azure Policy and select “Assignment” from the left side menu. You can find “Assign policy” from the top toolbar. There’s a few considerations that you should go over when you’re assigning a policy:

• The scope: always think about your assignment scope before blindly assigning policies that modify your environment.
• Exclusion is a possibility, not a necessity. Should you re-evaluate the policy definition if you find yourself adding a lot of exclusions?
• You can fix all the non-compliant resources with a remediation task after initial compliance scan

Remediation

• If you have a policy that changes something either with modify of deployIfNotExists effect, you’ll be creating a service principal for implementing the changes when you assign the policy. Be sure to check the location (region) of the service principal that it matches your desired location.
• If you select to create a remediation tasks upon assignment, it will implement the changes in policy to existing resources . So if you have doubts if the policy works as you desire, do not create a remediation task during assignment. Review the compliance results first, then create the remediation task if everything’s ok.

Non-compliance message

• It’s usually a good idea to create a custom non-compliance message for your own custom definitions.

After you’ve set up all relevant stuff for the assignment and created it, it’s time to wait for the compliance checks to go through. When you’ve created an assignment, the first compliance check cycle is done usually within 30 minutes of the assignment creation. After the first cycle, compliance is evaluated once every 24 hours or whenever the assigned policy definitions are changed. If that’s not fast enough for you, you can always trigger an on-demand evaluation scan .

Azure Role Assignments with Constraints

If you’ve worked in Azure, you have definitely come across managing access using Role Based Access Control (RBAC) and have been met with different challenges. Until recently, the RBAC model in Azure has been missing a key piece: the ability to enforce constraints on the delegation of role assignments. This missing piece has led to a less than ideal user experience for those managing Azure resources. Fortunately, Azure Role Assignments with Constraints is here, hopefully providing the missing piece to a complete RBAC model in Azure. With this new feature, IT administrators and stakeholders can now easily and securely manage access to Azure resources, greatly improving the experience for all parties.

Role based access control

In most Azure environments I’ve worked in, IT rarely assigns Owner or User Access Administrator to stakeholders; instead, they’re the gatekeepers for giving out permissions to resources. This often leads to tickets being placed with IT and long wait times for new stakeholders to start consuming services in Azure, and most often the actual teams have more knowledge of who should have access to a resource than IT has.

This will most likely lead to frustration as developers will have problems fully setting up an application or service. For example, a developer creates an Azure Function with a Managed Identity that requires Storage Blob Data Contributor to a Storage Account, but they’re not able to assign any roles for that identity.

On the other hand, if given full permissions, someone inexperienced with Azure or someone who doesn’t value security may end up exposing the environment to security risks. I think we can all agree the model isn’t all there yet.

How it works today

Delegate role assignments with constraints.

With this new feature, we can instead delegate Dara the ability to assign only certain roles and principal types. For example, we can allow Dara and their team members to assign only Service principals the Key Vaults Secrets User and Storage Blob Data Contributor roles. With this in place, the team is now able to create that Azure Function with a Managed Identity and assign it the Storage Blob Data Contributor for any resource inside that subscription.

Constrains example

Getting started.

Click the images to enlarge them

To get started follow the below steps.

At your desired scope, go to the IAM blade and select Add to create a new role assignment.

Select the Privileged administrator roles tab and find the Role Based Access Control Administrator role.

Add the desired User or Group that should be able to delegate roles at the scope.

Select Add condition to define the conditions.

The portal will present three templates that can be used, and in this example I’m using the middle one. It will allow me to target what roles users in the Az_Analytics_Users group can assign, and to what identity types. Opening the advanced condition editor will present the full configuration experience that allows for finer tuning. For example, users can create role assignments, but not delete them.

I want them to be able to assign Key Vaults Secrets User and Storage Blob Data Contributor to Service principals .

Hit save and the configuration will be presented before assignment is made.

That’s it! Users in the group Az_Analytics_Users are now able to assign the roles specified in the expression to Service principals. If they try to assign any other roles they’ll be denied.

We can also configure everything using PowerShell.

Another example

Here I’m using the advanced condition editor. Users are able to assign all roles except Owner and User Access Administrator for all principal types; users, group, and service principals. This is done by negating the expression by ticking the checkbox when configuring what roles can be assigned.

An imporant thing to note here is that when a user assigns a role to another user not already present in the tenant, a guest invitation will be sent out, unless guest invitation is restricted.

Final thoughts

I must say that I find this feature highly appealing, and I firmly believe that it will bring significant benefits to both IT administrators and developers alike. Previously, granting Owner or User Access Administrator permissions often entailed a considerable amount of responsibility for Azure stakeholders, akin to providing them with unrestricted access. However, with this new feature, we can now delegate some of the RBAC assignments to stakeholders, which will ultimately result in reduced wait times and minimize unwarranted frustration.

Further Reading

The Importance of Policy-Driven Governance

In Azure, following a policy-driven approach to governance is crucial. It’s all about making sure that everyone who uses Azure can’t set things up the wrong way. Imagine having a set of clear instr...

What is this Private Endpoint, and where can I buy one? (Part 1)

That’s a good question and something I’m going to try and answer in my first blog series. If you’re like me you’ve probably browsed the Azure Security Center recommendations to get a better underst...

What is this Private Endpoint, and where can I buy one? (Part 2)

In part 1 I gave an introduction on how to set up Private Endpoint and DNS and mentioned that the privatelink DNS zones should be handled centrally by your IT or Azure team. In this post I’ll expan...

Why App Service Environment v3 is Awesome!

A new version of content is available.

RBAC in Azure: A Practical Guide

What is azure rbac.

Azure role-based access control (Azure RBAC) enables access management for Azure resources. It’s an authorization system built into the Azure Resource Manager. You can use Azure RBAC to define which specific users should be allowed access to Azure cloud resources and assign a set of privileges for each user group. Let’s learn more about the specifics.

Azure RBAC vs Azure ABAC

As mentioned earlier, Azure RBAC allows you to manage access to Azure resources, defining what users can do with resources and their access areas. It lets you use role definitions and role assignments to control access. However, it does not offer fine-grained access management and can be difficult when managing hundreds of role assignments.

Azure attribute-based access control (ABAC) works differently.

Azure ABAC allows you to add role assignment conditions to achieve fine-grained access control. It builds on Azure RBAC, letting you add attributes for specific actions. Each role assignment condition provides an additional, optional check to a role assignment. Once you set it up, the condition can filter down permissions provisioned as a part of the role definition and assignment. 

Azure RBAC Concepts

Azure rbac roles.

In Azure RBAC, a role definition is a set of permissions (role). It defines users’ actions, such as write, delete, and read. You can define high-level roles, such as an owner, or specific roles, such as a virtual machine (VM) reader.

Azure provides various built-in roles, including a virtual machine contributor role that allows users to create and manage VMs. If the built-in roles do not satisfy your requirements, you can also define Azure custom roles. You can use data actions to grant access to data stored in a specific object. 

The term scope refers to a set of resources with specific access. It enables you to grant the relevant security principal to a certain role. Limiting the scope means limiting the scope of resources at risk if the security principal is compromised.

Azure RBAC lets you specify a scope at four levels, including a management group level, a subscription level, a resource group level, and a resource level. Azure structures scopes in a parent-child relationship, with each hierarchy level making the scope more specific. It lets you assign roles at any of the four levels. However, note that the level you choose determines how the role is applied. 

Azure also lets you use management groups, a level of scope above subscriptions. However, management groups support complex hierarchies. The diagram below illustrates an example of a hierarchy of management groups and subscriptions.

Role Assignments

Role assignments enable you to attach role definitions to specific users, groups, service principals, or managed identities at a certain scope. When creating a role assignment, you grant specific access, and removing the assignment revokes this access.

Here is a diagram that illustrates an example of a role assignment: 

This example assigns a contributor role to the marketing group—only for the pharma-sales resource group. It enables all users in the marketing group to create or manage Azure resources in the pharma-sales resource group. However, it does not provide marketing users with access to resources external to the pharma-sales resource group.

Azure Groups

Role assignments are transitive for groups, allowing users to gain permissions assigned to groups. If user A is a member of group B and group B is a member of group C with its own role assignment, user A gets the permissions in group C’s role assignment.

Azure RBAC uses an additive model to prevent issues when users get several overlapping role assignments. You can see an example of this principle in the image below. A certain user is granted a reader role by a resource group and a contributor role at the subscription level. The sum of the reader and contributor permissions is the contributor role. The reader role assignment has no impact.

Best Practices for Azure RBAC

Only grant the access users need.

With Azure RBAC, you can create isolation between different teams, granting each team only the access they need to get the job done. 

Instead of granting unlimited permissions to everyone with an Azure subscription or resource, you can only allow specific actions within specific scopes. Avoid assigning broad roles, even if they seem more convenient at first. When you create a custom role, include only the permissions your users need. This ensures that there’s less risk if a principal account is compromised.

The following diagram shows the recommended pattern for granting permissions in Azure RBAC.

Use Azure AD Privileged Identity Management

To protect privileged accounts from malicious cyberattacks, Azure Active Directory Privileged Identity Management (PIM) can be used to reduce privilege issuance time and improve visibility through reports and alerts. PIM helps protect privileged accounts by providing temporary privileged access to Azure AD and Azure resources. Access is time-limited, after which privileges are automatically revoked.

Assign Roles Using Unique Role ID Instead of the Role Name

Role names may change over time, but the role ID always stays the same. Some common examples of changes to role names is when you are using your own custom role and decide to change the name, or when you are using a preview role that has (Preview) in the name. When the role is released from preview, it is automatically renamed.

To ensure consistency over time, it is a good idea to always assign users to a role ID when assigning roles using scripting or automation. This way, scripts won’t break if the name changes in the future. 

Assign Roles to Groups and Limit Subscription Owners

To make it easier to manage role assignments, do not assign roles directly to users. Instead, assign roles to groups. Assigning roles to groups instead of users minimizes the number of role assignments. Note that Azure imposes restrictions on the total role assignments allowed per subscription.

Microsoft recommends having a maximum of 3 owners for each Azure subscription, to reduce the likelihood of a breach by a compromised or malicious insider.

Cloud RBAC with Frontegg

Frontegg provides out of the box RBAC model implementation. Customers can now create their own roles and permissions which represent their product models and use cases. Additionally, Frontegg empowers the end users to create custom roles to represent their permissions model, without having to change a single line of code in the product. Sounds too good to be true? Try it out now.  

Looking to take your User Management to the next level?

Rate this post

4.8 / 5. 1355

No reviews yet

Full Solution, Easy Migration

Privacy overview.

Manage Azure Role Assignments Like a Pro with PowerShell

Today’s blog post is a little bit different. I have a couple of examples of how you can use PowerShell snippets and simple commandlets to get or set role assignmnets in your Azure Subscriptions.

PowerShell examples for managing Azure Role assignments

List all role assignments in a subscription, get all role assignments for a specific resource group, get all role assignments for a specific user, add a role assignment to a user, remove a role assignment for a user, remove all role assignments for a specific user, list all built-in roles, list all custom roles, create a custom role, update a custom role, delete a custom role, list all users or groups assigned to a specific role, list all permissions granted by a specific role, list all resource groups that a user has access to, create a role assignment for a service principal, powershell script to manage azure role assignments.

And now there is a script that combines some of these examples into one usable function:

I hope this was useful. Let me know if you liked the format of this blog and if you want me to include more of these examples.

Vukasin Terzic

Recent Update

• Writing your first Azure Terraform Configuration
• Transition from ARM Templates to Terraform with AI
• Getting started with Terraform for Azure
• Terraform Configuration Essentials: File Types, State Management, and Provider Selection
• Dynamically Managing Azure NSG Rules with PowerShell

Trending Tags

Retrieve azure resource group cost with powershell api.

The Future Of Azure Governance: Trends and Predictions

Further Reading

In my previous blog posts, I wrote about how simple PowerShell scripts can help speed up daily tasks for Azure administrators, and how you can convert them to your own API. One of these tasks is...

Azure Cost Optimization: 30 Ways to Save Money and Increase Efficiency

As organizations continue to migrate their applications and workloads to the cloud, managing and controlling cloud costs has become an increasingly critical issue. While Azure provides a robust s...

Custom PowerShell API for Azure Naming Policy

To continue our PowerShell API series, we have another example of a highly useful API that you can integrate into your environment. Choosing names for Azure resources can be a challenging task. ...

Instantly share code, notes, and snippets.

blakedrumm / Get-AzRoleAssignmentReport.ps1

• Download ZIP
• Star 0 You must be signed in to star a gist
• Fork 0 You must be signed in to fork a gist
• Embed Embed this gist in your website.
• Share Copy sharable link for this gist.
• Clone via HTTPS Clone using the web URL.
• Learn more about clone URLs
• Save blakedrumm/8f73e82f78b675bea2968117b70fd83e to your computer and use it in GitHub Desktop.

Yariel Rodríguez or Alek Manoah: Who makes the most sense for the Blue Jays rotation?

Yariel Rodríguez and Alek Manoah both made starts on Wednesday night.

Rodríguez started in the 3-2 loss for the Toronto Blue Jays against the Kansas City Royals , while Manoah continued his rehab assignment with Triple-A Buffalo. For each of their last three outings, the two pitchers have made their respective starts on the same day. That’s probably no coincidence.

Advertisement

Rodríguez is the Blue Jays’ fifth starter, having taken over that role from Bowden Francis on April 13, and he has a 3.86 ERA in three starts since. Before Manoah went down with right shoulder inflammation during spring training, he was in line to be the team’s fifth starter based on comments from manager John Schneider and general manager Ross Atkins.

At some point soon, the Blue Jays will need to decide if Manoah will join the rotation after his 30-day rehab assignment, sliding into the spot currently occupied by Rodríguez. Or, has Rodríguez done enough to hold onto the rotation job — at least for the foreseeable future — even with an innings limit hanging over this season?

Looking at results only, Rodríguez has made a strong case to stick in the rotation. In 11 2/3 innings, the 27-year-old rookie has 15 strikeouts to just five walks.

Manoah, meanwhile, has had mixed results during his rehab. His ERA remains in the double digits, and while he looked like he took a step forward in his outing last week — allowing two runs over 5 2/3 innings with five strikeouts — his outing on Wednesday looked like a step back. Against the Iowa Cubs, he allowed six runs on seven hits over three innings with five strikeouts and four walks.

The Blue Jays have maintained that there are a lot of factors at play when determining if or when Manoah would be ready to rejoin the Blue Jays. Early in his rehab, the priority was simply about Manoah feeling healthy on the mound, being in sync with his delivery and bouncing back in the days after his start. Once he met that threshold, however, the club would look deeper at his results, though the process would be more nuanced than simply reading his box score. Here was how Atkins explained it recently when he was asked if Manoah had to earn his way back onto the team with his performance.

“Nothing’s black and white. We’ll weigh our alternatives and obviously his track record matters, but it’s not going to be defined on him having a six-inning shutout outing in Buffalo. There’ll be other variables that go into the decision,” the GM said.

What could some of those other variables be? For one, the Blue Jays aren’t treating Rodríguez as a traditional starter this season because of the innings limit he’s working under after not pitching professionally last season. The Blue Jays haven’t said what the innings cap would be — and there is room for the number to be somewhat fluid, depending on how Rodríguez is feeling. For now, he’s been held to 68, 83 and 69 pitches in each of his starts, respectively, and it doesn’t seem as though the Blue Jays are building him up to be a 100-plus pitch guy this season as they want to spread his limited runway as far as they can.

While Rodríguez has shown he can help the Blue Jays in the short term, the club has to consider his long-term impact, especially after they signed him to a five-year, $32 million deal this offseason. He’s a viable starting candidate for them in the seasons to come and the last thing they want to risk is him suffering an injury from pitching too much. So, at some point, the Blue Jays may simply need to consider if Rodríguez needs to slide into a multi-inning relief role to conserve his workload rather than risk a late-season shutdown.

Another factor to consider is that using Rodríguez in short starts has been an effective strategy, but also one that puts additional pressure on the bullpen to cover more innings on his start days. It also creates a balancing act for Schneider to keep Francis as fresh as possible by avoiding using their long-man too much so he is available to pitch behind Rodríguez. In that way, it’s almost as if the Blue Jays are working with one less reliever on some nights.

Manoah, however, is still built to be a starter who throws 100-plus pitches, and history tells us the Blue Jays have tended to favour using a traditional five-man rotation when that option is available to them. Of course, for that to work, a lot rides on Manoah being able to pitch deep into outings, which was something he was unable to do last season when he struggled with his command and pitch efficiency, and ultimately lost his spot in the rotation after posting a 5.87 ERA in 19 starts.

The Blue Jays are also considering Manoah’s track record. He’s proven he can be a quality major-league starter. Before last season, he had a career 2.60 ERA and was a runner-up for the American League Cy Young Award in 2022, while leading the Blue Jays with 196 2/3 innings pitched.

It also has to be noted that Manoah put in the work this offseason — both physically and mentally — and reported to spring training in noticeably improved shape. The Blue Jays were pleased with his effort and were prepared to afford him the chance to pitch in the majors again until his injury derailed his progression this spring. When asked recently whether he believed Manoah would pitch for the Blue Jays this season, Atkins answered “yes” without hesitation.

Even if results aren’t the sole determining factor, it’s hard to imagine the Blue Jays handing Manoah a starting job if his rehab outings continue to be as ineffective as he was on Wednesday — especially with the pressure to win hanging over this season. But the club has to weigh other considerations, including what underlying numbers say about Manoah’s stuff as well as elements that are more difficult to measure, like his competitiveness and drive to prove that last year was an outlier. Then there is how Rodríguez fits into the puzzle and what is best for him — and the bullpen — long term.

The end of Manoah’s rehab assignment is set for May 6, which presents a deadline to decide their next step. That gives Manoah — and Rodríguez — time to make two more starts, adding more data to the sample the team is drawing from.

After that, the Blue Jays will need to determine whether they’re ready to call Manoah up to the majors. If not, the Blue Jays could activate him from the IL and option him to Triple A, where he could continue refining his stuff in a less intense setting. And if Rodríguez continues to pitch well, it will only make an already difficult decision even harder.

(Top photo of Rodríguez: Orlando Ramirez / USA Today)

Get all-access to exclusive stories.

Subscribe to The Athletic for in-depth coverage of your favorite players, teams, leagues and clubs. Try a week on us.

Kaitlyn McGrath is a staff writer for The Athletic, covering the Toronto Blue Jays. Previously, she worked at the National Post and CBC. Follow Kaitlyn on Twitter @ kaitlyncmcgrath

Please enter your information to subscribe to the Microsoft Fabric Blog.

Microsoft fabric updates blog.

Microsoft Fabric April 2024 Update

• Monthly Update

Welcome to the April 2024 update!

This month, you’ll find many great new updates, previews, and improvements. From Shortcuts to Google Cloud Storage and S3 compatible data sources in preview, Optimistic Job Admission for Fabric Spark, and New KQL Queryset Command Bar, that’s just a glimpse into this month’s update.

There’s much more to explore! Read on and let us know what update you’re most excited about and what you found the most helpful.

Fabric Conference Day 1 Keynote is now available!

Did you miss it, or want to hear it again? We are excited to release the FabCon Day 1 Keynote to the Microsoft Fabric YouTube Channel !

If you aren’t already, be sure to subscribe to the Microsoft Fabric Channel! Check out the amazing announcements & demos from Arun, Amir, Wangui, and other awesome presenters. The Day 3 keynotes will be released later this month, and more content will be released regularly moving forward.

Make sure you check out the blog post from Arun, that highlights the announcements from FabCon you can find that here:  Announcements from the Microsoft Fabric Community Conference

Earn a free Microsoft Fabric certification exam! 

We are thrilled to announce the general availability of  Exam DP-600 , which leads to the  Microsoft Certified: Fabric Analytics Engineer Associate  certification.  

Microsoft Fabric’s common analytics platform is built on the instantly  familiar Power BI experience , making your transition to Fabric Analytics Engineer easier. With Fabric, you can build on your prior knowledge – whether that is Power BI, SQL, or Python – and master how to enrich data for analytics in the era of AI. 

To help you learn quickly and get certified, we created the  Fabric Career Hub.  We have curated the  best   free   on-demand and live training, exam crams, practice tests and more . 

And because the best way to learn is live, we will have  free live learning sessions  led by the best Microsoft Fabric experts from Apr 16 to May 8, in English and Spanish. Register now at the  Learn Together  page.

Also,  become eligible for a  free certification exam  by completing the  Fabric AI Skills Challenge.  But hurry, the challenge only runs from  March 19 – April 19  and free certs are first-come, first-served! (limit one per participant,  terms and conditions  apply). 

New Visual – 100% Stacked Area Chart

Line enhancements, enhance q&a with copilot-generated linguistic relationships, snowflake (connector update), storytelling in powerpoint – improved image mode in the power bi add-in for powerpoint, storytelling in powerpoint – continuous slide show auto refresh, storytelling in powerpoint – auto populating the slide title, introducing the fabric metadata scanning sample app, dynamic subscriptions for power bi and paginated reports, supporting folders in workspace, new “clear barcode” action in the report footer, open power bi items in full screen mode, new visuals in appsource kpi matrix growth rate chart by djeeni v1.4 aimplan comment visual.

• Financial Reporting Matrix by Profitbase 

Horizon Chart by Powerviz

Drill down scatter pro by zoomcharts, image gallery, horizontal bar chart, multi-pane card 1.1.

• Introducing Copilot pane in Power BI Desktop (preview) 
• Shortcuts to Google Cloud Storage and S3 compatible data sources (preview)
• OneLake data access roles – public preview

Tenant level Private Link

Managed private endpoints for microsoft fabric.

• Trusted Workspace Access for OneLake Shortcuts
• Git Integration

Partition elimination performance improvement for tables with a large number of files 

Mirroring (public preview) .

• Optimistic Job Admission for Fabric Spark 
• Single Node Support for Starter Pools
• Container Image for Synapse VS Code 
• Git Integration with Spark Job Definition 
• New Revamped Object Explorer experience in the notebook 
• %run your scripts in Notebook
• Semantic Link is now GA! 

Capacity level delegation for AI and Copilot 

Eu customers can use ai and copilot without cross-geo setting .

• New KQL Queryset Command Bar 
• New Update Command Public Preview 
• Introducing Pause and Resume Feature in Eventstream
• Fabric Real-Time Analytics Integrates with Newly Announced Database Watcher for Azure SQL (preview)

Service Principal Name authentication kind support for On-Premises and VNET data gateways 

• Certified connector updates

Spark job definition activity 

Updated fabric data pipeline homepage .

• Pipeline support for CI/CD in public preview 
• Data Factory Data Pipelines APIs
• Increase in Pipeline activity limit
• Fabric Warehouse in ADF copy activity
• Edit column type to destination table support added to Fabric Warehouse and other SQL data stores
• SFTP: performance improvements when writing data to SFTP

Introducing the new 100% Stacked Area Chart, now available in our core visuals gallery. These visuals display the relative percentage of multiple data series in stacked areas, where the total always equals 100%. It’s perfect for showing the proportion of individual series to the whole and how they change over time. Find it in the visual gallery, on-object dialog, or format pane, right next to the Stacked Area Chart. Give it a try and share your feedback with us!

For more detailed information about this new visual, and the new line enhancements you can read our article: PBI Core Visuals

Take your line charts to the next level with our new line control features.

• Adjust line color transparency under Lines > Colors > Transparency.
• Control the color and transparency of each series by selecting them in the ‘Apply settings to’ dropdown.
• Use Monotone and the new Cardinal smooth type for full control of smooth lines.
• Choose from before, center, and after step lines to align your visual with your story.

Try out these new features and enhance your line charts.

These new line enhancements are just the beginning, there is more to come. Try them out and stay ahead of the curve. We would love to hear about your experience and the amazing things you can achieve with these new features.

Improving your linguistic schema is an important step in making sure that the Q&A visual can understand the wide range of questions people might ask about their data. This is why, back in September , we added a new section into the Q&A setup menu to help you add linguistic relationships to teach Q&A about words which qualify or relate your data.  

But we also know that coming up with all the different words people might be using to refer to your data can take time and effort, and we’ve been working on ways to make that process easier for you! In November , we introduced a way for you to quickly generate new synonyms for the names of tables and columns in your model; this month, we’ve introduced the same functionality for linguistic relationships!  

When you open a report with a Q&A visual, if you have Copilot enabled and you’ve already added synonyms, you’ll now see a banner prompting you to get relationships with Copilot as well.  

Unlike with synonyms, Copilot generated relationships will not be used to understand natural language inputs until you have approved them, so make sure you accept the ones which work for your model!  

Allow Copilot to help interpret Q&A questions.

You can also now use Copilot to improve the Q&A engine’s term recognition when you ask questions! This new feature will trigger when you ask Q&A a question which uses words or phrases which Q&A doesn’t recognize, but which it detects might be referring to data entities like tables or columns. Then, Copilot will also check those unknown words or phrases to see if there is any reasonable match and if so, return the answer as a visual as though a suggested synonym had been applied.

This feature is not a replacement for synonyms! In fact, adding synonyms for the entities in your semantic model is even more important to create good matches, as they increase the surface area to check for similarities. It will widen the range of inputs Q&A will recognize, but like a multiplier, it will improve recognition for well modeled data much better than it will for poorly modeled data.  

This feature will be automatically enabled when you choose to get synonyms with Copilot, but you can also turn it on or off manually in the suggestion settings menu in the Synonyms tab in Q&A setup. 

Data Connectivity

The Snowflake connector has been updated to support the use of Snowflake dynamic tables .

We’ve made saving Power BI content as an image more simple and more powerful. 

First, we’ve added a new dropdown menu to the add-in’s footer. In that menu, you can choose whether you want to see live data or a snapshot. So now it is much easier to find where to switch between live data and a static image.

Second, for snapshots, you now have two options:

Public snapshot: Anyone who can view the presentation can view the image.

Snapshot: Only those who have permission to view the report in Power BI will be able to see the snapshot.

Third, we’ve disabled the default snapshot, so that the slide thumbnail doesn’t show the image by default (this also applies when you copy & paste the slide into an email for example), but only after the add-in is loaded and the required permissions have been checked.

And lastly, we honor this setting when you open the presentation in PowerPoint for the web. You still cannot change a live view into a snapshot in PowerPoint for the web, but if you or someone else has changed the view to snapshot in the PowerPoint desktop app, this will be respected, and you will see the snapshot also in PowerPoint for the web.

PowerPoint allows you to continuously playback a presentation. This is especially useful when you want to present information in public displays without any human interaction.

If a presentation that is running continuously has slides that include the Power BI add-in, the data in the add-in might become outdated, since the add-in gets the data from Power BI when the slide is loaded, or when the user manually refreshes the data being presented.

With the new automatic refresh in slide show feature, you can set the add-in to automatically pull fresh data from Power BI while the presentation is in slide show mode, ensuring that the presentation will always show the most recent data.

To enable automatic refresh, go to the add-in footer, select Add-in options, choose Slide show settings, check Automatic refresh in slide show and set the desired frequency.

Note that auto refresh only happens in slide show mode and not while you’re editing the presentation.

When you add the Power BI add-in to an empty slide that doesn’t have a title yet, the Power BI add-in is here to help. It offers you suggestions for the slide title based on the content of you add-in. The title can be the report name, the page/visual name, or both. Just select the desired option and hit Add title.

We’re delighted to announce the availability of the new Fabric metadata scanning app. This sample application builds upon the metadata scanning capabilities of Fabric’s set of Admin REST APIs collectively known as the scanner APIs. This new app can be used as a reference for admins interested in utilizing the Scanner API to catalog and report on all the metadata of their organization’s Fabric items.

The Fabric metadata scanning sample app handles all the steps for calling the scanner API including authentication, parallelism, throttling, and incremental scanning. In addition, it provides a central configuration file which can be easily modified to suit the specific needs of the caller. Currently authentication is supported both by using a service principal and a delegated token.

The app is available as a Microsoft open-source project, and is open for suggestions and improvements here: Fabric Metadata Scanning

We’re pleased to announce that you can now send dynamic per recipient subscriptions to up to 1000 recipients instead of the earlier limit of 50 recipients from the data in the Power BI semantic model. For existing subscriptions, we will automatically send subscriptions up to 1000 recipients if your Power BI semantic model contains that many rows of data. You need to edit the subscription if you don’t want to automatically send subscriptions. Learn more about creating dynamic per recipient subscriptions for Power BI Reports and paginated reports .

This feature will be available in some regions as soon as today, however depending on the geography in which your Power BI tenant is located, it may take up to two weeks to appear.

The Power BI Mobile apps support folders in workspace. So, you can access items that are organized in folders inside of your workspace directly from the mobile app.

Workspace and folders are Fabric entities, which means that you can add items that are not necessarily Power BI items to a workspace. But the Power BI Mobile apps only support a subset of Power BI items. Therefore, only the Power BI item will be accessible when you are browsing the folder content from the app. If a folder contains only non-Power BI items, it will appear empty in the mobile app.

When a field in your model is marked as a barcode, you can use your mobile device camera to scan the barcodes of real objects to filter reports that are built on this model. This feature is extremely useful for retail, where you can scan the barcode on a piece of merchandise to get a report showing data about the item directly in your mobile app (for example, inventory information, product selling data, etc.).

To make it easier and more intuitive to use barcodes and based on feedback we’ve gotten from our users in stores, we’ve added a new button to the report footer that makes it a one-click action to clear any previously scanned barcode from the report’s filter.

Learn more about scanning barcode from the mobile app

We continue to simplify the experience of using the Power BI Mobile apps, always keeping in mind the frontline workers who need quick access to their content. In this monthly update we’ve made it possible to open Power BI items in full screen, so users can view their data at its max.

Opening an item in full screen is supported both for launch items and when using a universal link.

A launch item is a Power BI item (report, page, app, etc.) that the user has selected to automatically open when they open the app. Now, you can also tell the Power BI Mobile app to open this item in full screen mode.

To set a launch item to open in full screen mode, go to:

Settings > Launch item and enable the Open in full screen toggle.

Using an MDM tool that supports an AppConfig file, mobile device administrators can also configure a launch item to be opened in full screen mode for their users.

You can also add the query parameter? fullscreen=1 to a Power BI item’s link. When you use a link with this parameter on your mobile device, the mobile app will open the item in full screen mode.

Visualizations

Financial reporting matrix by profitbase.

Making financial statements with a proper layout has just become easier with the latest version of the Financial Reporting Matrix.

Users are now able to specify which rows should be classified as cost-rows, which will make it easier to get the conditional formatting of variances correctly:

Selecting a row, and ticking “is cost” will tag the row as cost. This can be used in conditional formatting to make sure that positive variances on expenses are a bad for the result, while a positive variance on an income row is good for the result.

The new version also includes more flexibility in measuring placement and column subtotals.

Measures can be placed either:

Default (below column headers)

Above column headers

If you have multiple fields showing on your column headers, you can now decide which of these fields you want a column subtotal for.

This is in addition to the already existing features of the Financial Reporting Matrix:

Adding custom rows

Applying company/customer specific themes

Expand/collapse columns

Conditionally hide columns

+ much more

Highlighted new features:

New Format Pane design

Measure placement – In rows

Select Column Subtotals

Row Options

*Get the visual from AppSource (fix link) and find more videos here !

A Horizon Chart is an advanced visual, for time-series data, revealing trends and anomalies. It displays stacked data layers, allowing users to compare multiple categories while maintaining data clarity. Horizon Charts are particularly useful to monitor and analyze complex data over time, making this a valuable visual for data analysis and decision-making.

Key Features:

Horizon Styles: Choose Natural, Linear, or Step with adjustable scaling.

Layer: Layer data by range or custom criteria. Display positive and negative values together or separately on top.

Reference Line: Highlight patterns with X-axis lines and labels.

Colors: Apply 30+ color palettes and use FX rules for dynamic coloring.

Ranking: Filter Top/Bottom N values, with “Others”.

Gridline: Add gridlines to the X and Y axis.

Custom Tooltip: Add highest, lowest, mean, and median points without additional DAX.

Themes: Save designs and share seamlessly with JSON files.

Other features included are ranking, annotation, grid view, show condition, and accessibility support.

Business Use Cases: Time-Series Data Comparison, Environmental Monitoring, Anomaly Detection

🔗 Try Horizon Chart for FREE from AppSource

📊 Check out all features of the visual: Demo file

📃 Step-by-step instructions: Documentation

💡 YouTube Video: Video Link

📍 Learn more about visuals: https://powerviz.ai/

✅ Follow Powerviz: https://lnkd.in/gN_9Sa6U

ZoomCharts has just launched the latest addition to their suite of user-friendly custom visuals – Drill Down Scatter PRO. It provides all the features you would expect from a great scatter chart visual, but what sets Scatter PRO apart is the ability to easily drill down. Simply click on a data point and see all the values underneath it.

This way, you can quickly find your answers while also gaining a full understanding of where they come from. Furthermore, the visual’s UI is designed to be smooth and user-friendly for PCs and touch devices, and with cross-chart filtering you can use Scatter PRO to build incredible reports for immersive data exploration.

Main features:

Drill Down: Create a multi-level hierarchy and drill down with just a click.

Dynamic formatting: Apply custom marker colors, shapes, or images to each data point directly from data.

Trendlines: Show a linear or polynomial regression line on the chart.

Thresholds: Display up to 4 line or area thresholds on each axis.

Area Shading: Highlight up to 8 custom areas with rectangles or ellipses.

🌐 Learn more about Drill Down Scatter PRO

Documentation | ZoomCharts Website | Follow ZoomCharts on LinkedIn

The Image Gallery is the first visual to be certified by Microsoft that allows for the display of high-quality images and their exportation along with other report content. There is no need to upload images to the Cloud, a CDN, or use any datasets. Simply import your images directly into the visual and share them instantly with your colleagues.

This visual boasts several impressive capabilities:

Microsoft certification ensures that the visual doesn’t interact with external services, ensuring that your images are securely stored and encrypted within the report, consistent with your report’s sensitivity settings.

Automatically saves your selected image in preview mode, allowing your colleagues to view the exact image you have highlighted.

Images can be uploaded or removed exclusively in Edit Mode. Users in View Mode can only view the images.

The visual is compatible with Power BI’s export functionality to PDF and PowerPoint.

Image Gallery Link

A space-saving horizontal bar chart designed with category labels placed inside the bars for clarity.

This horizontal bar chart serves as an efficient filter to navigate through your data more effectively, optimizing space by placing the category labels within the bars themselves.

Adjustable Bar Thickness and Spacing: Offers the flexibility to adjust the thickness of the bars and the spacing between them. This allows for optimal use of space and improves readability, especially when dealing with large datasets.

Tooltip Details on Hover: Displays detailed information about each category when the user hovers over a bar. This feature provides additional context and insights without cluttering the visual.

Data-Driven Category Labels: Automatically updates category labels based on the data source. This ensures that the chart remains accurate and up to date, reflecting any changes in the underlying data.

Support for Hierarchical Data: Allows users to drill down into hierarchical categories within the chart. This functionality enables a more detailed data analysis without leaving the context of the initial visual.

Export Options: Offers the ability to export the chart as an image or PDF, facilitating easy sharing and reporting outside of Power BI.

HorizontalBarChart Link

Introducing the “ Trends ” visual for Power BI – your gateway to leveraging Google Trends data for strategic business analysis. This innovative visual tool allows you to compare brand popularity, monitor market trends, and gain insights into consumer search behaviors directly within your Power BI environment.

With Trends visual, you can:

Analyze the ebb and flow of brand interest over time to identify market opportunities and competitive threats.

Compare the popularity of products to inform marketing strategies and product development decisions.

Understand seasonal trends to optimize your marketing campaigns and inventory planning.

Securely integrated and easy to use, “Trends” transforms your Power BI reports into a dynamic analysis tool, offering a comprehensive view of the market landscape. Dive into data-driven decision-making with “Trends” and stay one step ahead in the competitive business environment.

New visual: Multi-pane Card can be used to group and show data in multiple collapsible panes in Power BI reports. It is an alternative to multi-row card visual, but it can combine columns into a few groups and put each group’s data in each pane. It is suitable to show data in detail with a reduced number of report pages.

Screenshot 1 (Show data in 3 groups: Area and Population, GDP and Foreign Exchange Reserves for countries)

Data can be sorted by a specified column and numbers can be converted to a human readable string. You can also set up how many rows that you want to show on the card. Using these features, it will be very easy to show “Top 10 best performing stores” or “Top 10 worst performing stores” for retail businesses.

Screenshot2 (Combined with drilldown choropleth map to show the top 10 richest countries by GDP per capita for each continent and subregion)

You can go to Microsoft AppSource: Multi-pane Card , to download and try it.

To learn more on how to use it, please read tutorials ( https://www.mylocs.ca/tutorials.html#multi-pane-card ).

Introducing Copilot pane in Power BI Desktop (preview)

Earlier this year, we announced preview of Copilot for all customers with Premium/Fabric capacity in Power BI web . We’re thrilled to share that the same Copilot experience for report creation is now available for preview in Power BI Desktop. With our current preview, users can create reports faster and easier in the Power BI Desktop experience. You can now open the Copilot pane in report view and ask Copilot to:

Create a report page – Copilot will create an entire report page for you by identifying the tables, fields, measures, and charts that would help you get started.

Summarize a semantic model – Copilot will help you understand your Power BI semantic model by summarizing the data in your model.

Suggest a topic – Copilot will suggest topics for your report pages.

Click here to learn more about how to get started.

Shortcuts to Google Cloud Storage and S3 compatible data sources (preview) 

We are excited to announce that you can now create OneLake shortcuts to your Google Cloud Storage (GCS) buckets and S3 compatible data sources! 

With the addition of GCS, you can now utilize cross-cloud shortcuts to analyze your data across all three major cloud platforms. Shortcuts in OneLake allow you to connect to your existing data through a single unified name space without having to copy or move data. Just open Lakehouse in Fabric, create a shortcut to GCS, AWS S3 or ADLS Gen2 and immediately start analyzing your data through Spark, SQL and Power BI. 

OneLake is also adding connectivity to data sources that offer an Amazon S3 compatible API, a widely supported API offered by many distributed file systems and services that offer object storage. With this new feature, it’s quick and easy to create a shortcut that references your cloud based S3 compatible data sources. The data source endpoint simply needs to offer S3 compatible APIs, be publicly hosted and accessible, and accept the key/secret credentials you provide during shortcut creation. Once you set up your shortcut, you can access and use your data with the many Fabric engines or other services using OneLake’s open APIs . 

Learn more in our recent blog posts for S3 compatible shortcuts and GCS shortcuts ! 

OneLake data access roles (preview)

OneLake data access roles for folders are a new feature that enables you to apply role-based access control (RBAC) to your data stored in OneLake. You can define security roles that grant read access to specific folders within a Fabric item and assign them to users or groups. The access permissions determine what folders users see when accessing the lake view of the data, either through the lakehouse UX, Spark notebooks, or OneLake APIs. 

OneLake previously managed data access at the Fabric item level. Access to the OneLake data behind a Fabric item could be granted or removed for users or groups. Data access roles now allow for defining security roles that can grant access to individual OneLake folders within a Fabric item. The granted access inherits to any newly added sub-folders in a transparent manner. Role permissions and user/group assignments can be easily updated through a new folder security UX or through API calls. The security also extends to 3rd party access requests made through the OneLake APIs. 

Check out the full announcement blog or jump right into the getting started guide!  

Organizations today rely on cloud platforms for storage and analysis of data at scale and need to keep up with the accelerating volume of data while protecting sensitive information.  While enterprises in Banking, Healthcare, and similar domains require strict data security standards by default, securing business-critical data is the highest priority for all enterprises. We are excited to announce the public preview of an enhanced networking feature, Azure Private Link for Microsoft Fabric, for securing access to your sensitive data in Microsoft Fabric by providing network isolation and applying required controls on your inbound network traffic. 

Private Links enable secure connectivity to Fabric by restricting access to your Fabric tenant from an Azure VNet of your choice and blocking all public access. This ensures that only network traffic from that VNet is allowed to access Fabric experiences like Notebooks, Lakehouses, Warehouses in your tenant. 

With Azure Private Link, you can: 

• Restrict traffic from the internet to Fabric and route it through the Microsoft backbone network. 
• Ensure only authorized client machines can access Fabric. 
• Comply with regulatory and compliance requirements that mandate private access to your data and analytics services. 

While Azure private links were supported in Power BI at a tenant level, we are now extending this feature to other Fabric workloads with this release. For example, connecting to your data in Onelake using the OneLake Explorer can be protected through Private Links. Similarly, you can access Warehouses and Lakehouse SQL endpoints in SQL Managed Studio via Private Links. A list of supported scenarios and limitations can be found at Use private link to access Fabric. for detailed instructions, please refer to How to set up private endpoints to access Fabric . 

We are excited to announce the public preview of Managed Private Endpoints for Microsoft Fabric. This feature allows secure connections to data sources that are behind a firewall or not accessible from the public internet. Managed Private Endpoints enable Fabric Data Engineering items to access data sources securely without exposing them to the public network or requiring complex network configurations. These private endpoints provide a secure way to connect and access data from sources like Azure SQL DB or Storage account blocked from public access from your Fabric Spark Notebooks or Spark Job Definitions. 

Workspaces with managed private endpoints have network isolation through a dedicated managed virtual network. These managed virtual networks (Managed VNETs) separate the Spark compute clusters from the shared virtual network and enable network security features such as private links and managed private endpoints. Microsoft Fabric takes care of the provisioning and management of the virtual networks and private endpoints, so users do not have to create or manage these network infrastructure resources themselves. 

By just providing connection details, your managed private endpoint is instantly provisioned in the Managed VNET and a request for private endpoint access is submitted to the data source administrator for approval.  

Users can track the status and approval process of the managed private endpoints from the Network security section of the Workspace settings. 

Managed Private Endpoints support various data sources, including Azure Storage, Azure SQL Database, Azure Synapse Analytics, Azure Cosmos DB, Application gateway, Azure Key Vault, and many more. 

Learn more about the data sources supported, please refer to our documentation Create and use managed private endpoints in Microsoft Fabric (preview) – Microsoft Fabric | Microsoft Learn  

Note: Managed private endpoints are only supported for Fabric Trial capacity and Fabric capacities F64 or higher SKUs.  

To learn more about the benefits, detailed steps of setup and limitations of managed private endpoints in Microsoft Fabric, please refer to our documentation Overview of managed private endpoints in Fabric.   

To learn more about network isolation offered by managed virtual networks, please refer to Overview of managed virtual networks in Fabric . 

Trusted Workspace Access for OneLake Shortcuts 

Trusted workspace access allows you to securely access firewall-enabled Storage accounts. With Trusted workspace access, you can create OneLake shortcuts to Storage accounts, and then use the shortcuts in various Fabric items, such as Spark notebooks, SQL analytics endpoints, semantic models, reports, data pipelines, and dataflows Gen2.   

Trusted workspace access is designed to help you securely and easily access data stored in Storage accounts from Fabric workspaces, without compromising on performance or functionality. You can leverage the power and flexibility of Fabric and OneLake to work with data in place without compromising on security. 

How does Trusted workspace access work? 

Trusted workspace access is based on the concept of workspace identity, which is a unique identity that can be associated with workspaces that are in Fabric capacities. When you create a workspace identity, Fabric creates a service principal in Microsoft Entra ID to represent the identity.   

Workspace identity enables OneLake shortcuts in Fabric to access Storage accounts that have resource instance rules configured. Resource instance rules are a way to grant access to specific resources based on the workspace identity or managed identity. You can create resource instance rules by deploying an ARM template with the resource instance rule details.  

To leverage Trusted workspace access in Fabric workspaces, you can create a OneLake shortcut in a Lakehouse, and provide the URL of the Storage account that has been configured with a resource instance rule. While creating the shortcut, you need to select organizational account or service principle for authentication and ensure that the principle used for authenticating to Storage has the appropriate Azure RBAC roles on the Storage account. Once the shortcut is created, you can use it in various Fabric items. 

How to get started with Trusted workspace access?

Trusted workspace access is available for workspaces in Fabric capacities (F64 or higher). To get started with Trusted workspace access, you need to do the following steps:  

• Create a workspace identity for your Fabric workspace if you don’t have one already. If you face issues with creation of the workspace identity, follow the troubleshooting guidelines provided here . 

Create a workspace identity. 

2. Configure resource instance rules for the Storage account that you want to access from your Fabric workspace. Follow the guidelines for configuring resource instance rules for Fabric workspaces here . 

Resource instance rules in a Storage account 

• Create a OneLake shortcut to the Storage account in a Lakehouse and select the organizational account or service principal option for authentication.   

Create an ADLS g2 shortcut in a Lakehouse. 

4. Use the OneLake shortcut in various Fabric items, such as Spark notebooks, SQL analytics endpoints, semantic models, reports, data pipelines, and dataflows Gen2.  

Access data stored in firewall-enabled Storage accounts through OneLake shortcuts. 

For more details and guidance on how to use Trusted workspace access, please refer to the documentation links below.  

• Trusted workspace access in Fabric  
• Workspace identity in Fabric  

Data Warehouse 

Git integration .

We are excited to announce the Git integration for the Warehouse! This feature allows you to check in the changes of your Warehouse into an Azure DevOps Git repository as a SQL database project. Git integration enables source control capabilities for developers to integrate their development processes, tools, and best practices directly into the Fabric platform. 

Some scenarios that are enabled by Git: 

• Backup and version development work 
• Revert to previous stages 
• Collaborate with others or work alone using Git branches 
• Apply the capabilities of familiar source control tools to manage your Warehouse 
• Commit changes 
• Sync changes from Git 
• Manage conflict resolutions 
• …and many more! 

The SQL analytics endpoint of a Lakehouse uses partition elimination to read data from only those partitions that are relevant to the query. Recent improvements have boosted performance even more when queries are aimed at a few partitions in a table that has many files. 

We are thrilled to announce Mirroring in Fabric for Azure SQLDB, CosmosDB and Snowflake is in Public Preview!  

Mirroring in Fabric allows users to enjoy a highly integrated, end-to-end, and easy-to-use product that is designed to simplify your analytics needs. Built for openness and collaboration between Microsoft, and technology solutions that can read the open-source Delta Lake table format, Mirroring is a low-cost and low-latency turnkey solution that allows you to create a replica of your Azure SQL DB, Snowflake or CosmosDB data in OneLake which can be used for all your analytical needs. Learn more

Data Engineering 

Optimistic job admission for fabric spark.

We are excited to announce a new feature for Fabric Spark: Optimistic Job Admission. This feature aims to reduce the frequency of throttling errors (HTTP 430: Spark Capacity Limit Exceeded Response) and improve the job admission experience for our customers, especially during peak usage hours.  

Throttling errors on Spark workload occur when the Spark usage exceeds the Fabric capacity limits. In the current job admission policy, Fabric Spark reserves the maximum number of cores that a job may need during its execution, based on the maximum number of nodes that the job can scale up to. This ensures that the job will always have enough resources to run, but it also limits the number of concurrent jobs that can be admitted in the cluster. 

With Optimistic Job Admission, Fabric Spark only reserves the minimum number of cores that a job needs to start, based on the minimum number of nodes that the job can scale down to. This allows more jobs to be admitted if there are enough resources to meet the minimum requirements. If a job needs to scale up later, the scale up requests are approved or rejected based on the available cores in capacity.  

Optimistic Job Admission can significantly increase the max number of concurrent jobs for our customers, especially for those who use large SKUs. For example, if a customer is using F32 SKU, which has 64 Spark VCores (Based on 1 CU = 2 Spark VCores) and 192 Max Burst Cores for concurrency (based on the 3X burst multiplier), they can only run 3 jobs concurrently in the current job admission policy, assuming they have the default starter pool configuration. 

Now with Optimistic Job Admission, they can run up to 24 jobs concurrently with the same configuration. This is an 8x improvement!

We hope that this feature will help you run more jobs faster and more efficiently on Fabric Spark. 

Single Node Support for Starter Pools 

Do you hate waiting for your Spark sessions to start in starter pools with single node configuration? If yes, you will love the update on single node starter pool support. This feature lets you set your starter pool to max one node and get super-fast session start times for your Spark sessions. With this new support that’s been introduced, the system allocates the driver and executor with 4 cores each and 56 GB in memory, so that they fit within a single medium node configuration for Starter Pools. This improves session start times to 5 seconds in single node starter pool configurations. 

How can you use it? 

To use this feature, follow these steps: 

• Go to your Fabric workspace and choose the Workspace settings. 
• Select the Data Engineering/Science option to expand the menu. 

• Select the StarterPool option from the Pool selection and click on Edit. 

• Set the maximum node configuration for your starter pools to 1.

• Save your changes and enjoy super-fast session start times for your Spark sessions.

Container Image for Synapse VS Code

To simplify the development process for Synapse VS Code extension, we have released a container image that contains all the necessary dependencies for the extension ( Microsoft Artifact Registry) . This image is available in Microsoft artifact repository and can be pulled with a single command. By using this image, you do not need to install Java, Miniconda, or any other tools on your local machine. You can work on your Synapse projects inside the container environment, which is isolated and consistent. 

We have also integrated the container image with VS Code dev container feature, which allows you to open a folder or a repository inside a container and use the VS Code editor and extensions as usual. To use this feature, you need to install the Remote – Containers extension and create a devcontainer.json file in your project folder. We have provided a sample devcontainer.json file that you can use as a template or customize according to your needs ( SynapseVSCode/samples/.devcontainer at main · microsoft/SynapseVSCode (github.com) ). The dev container feature will automatically pull the container image, mount your project folder, and launch the VS Code editor inside the container. You can then enjoy the full functionality of the Synapse VS Code extension without any hassle. 

Git Integration with Spark Job Definition

We are excited to announce the Git integration for Spark Job Definition artifacts. This feature allows you to check in the changes of your Spark Job Definitions into a Git repository, which will include the source code of the Spark jobs and other artifact properties. By using Git as a version control system, you can track the history of your Spark Job Definitions, collaborate with other developers, and implement CI/CD workflows for your Spark projects. 

The Git integration for Spark Job Definition artifacts is designed to enhance your development experience and enable CI/CD scenarios for your Spark projects. We hope you find this feature useful, and we welcome your feedback and suggestions. 

When a new Spark Job Definition is made with a PySpark script as the main definition file, the Git status shows that this is an unsaved change that needs to be committed.

Once the change is finalized mich

The structure of the linked git repository and the file containing the source code that was submitted.

New Revamped Object Explorer experience in the notebook  

We are excited to announce the release of a revamped object explorer experience. The new experience is designed to improve flexibility and discoverability of data sources in the explorer and improve the discoverability of Resource folders. 

Try it out and add new Data sources clicking on the +Data sources button and upload new modules or create folders by clicking on the Resources folder and let us know what you think.   

%Run your scripts in Notebook  

Now you can use %run magic command to run your Python scripts and SQL scripts in Notebook resources folder, just like Jupyter notebook %run command. By this way you can easily reuse common modules that developed from your local IDE and use them in your Fabric Notebooks conveniently. We also introduced different command parameters to make sure complex cases such as reference run and high concurrency mode can be covered without friction, stay tuned for the best practice example for the usage! 

Data Science 

Semantic link is now ga  .

Semantic links are now generally available! The package comes with our default VHD, you can now use Semantic link in Fabric right away without any pip installation. Check it out .  

We introduced a new feature in December 2023 that allows tenant admins to enable AI and Copilot in Fabric for certain security groups in addition to the entire organization. Today, we are excited to announce that you can enable AI and Copilot for a specific Capacity. You can test Copilot at a certain capacity without impacting other workloads. This allows you to adapt Copilot to meet the needs of different groups in your organization and manage your capacity more effectively. 

AI and Copilot in Fabric are powered by large language models that are only available in limited datacenters. Previously, users who were not in US and France had to turn on the cross-geo setting to use AI and Copilot. Since mid-March, we updated the cross-geographic mapping logic, EU customers can use AI and Copilot without turning on the cross-geo setting, and their AI and Copilot requests will be processed within EUDB. Check it out ! 

Real-time Analytics

New kql queryset command bar.

Finding the commands for the actions you are trying to perform just got easier with our latest update to the KQL Queryset. Now, it’s easy to distinguish between actions applicable at the Queryset level and the single query level. 

Introducing a secondary command bar within the query editor dedicated to hosting query-level actions. Enjoy smoother navigation and streamlined functionality for a more efficient querying experience. 

New Update Command Public Preview  

The new update command is now in public preview! 

This allows you to update existing records in a Kusto Table.  This can be useful to fix ad hoc data issues or be integrated into a data loading pipeline.  The command has a “what if” mode to try a command before running it on your data. 

.update table Employees on Id <| 

  MyStagingTable 

  | where true 

Introducing Pause and Resume Feature in Eventstream   

We’re excited to introduce a powerful new feature in Fabric Eventstream: The Pause and Resume Feature. This powerful capability empowers you with unprecedented control over your data streams, enabling you to pause data streaming from various sources and destinations within Eventstream. You can then resume data streaming seamlessly from the paused time or a customized time, ensuring no data loss. 

Key Features: 

• Activate/Deactivate All : You can quickly pause and resume all data traffic flowing in and out of Eventstream with the Activate All and Deactivate All options on the menu bar. 
• Toggle Switch Button : Each node has a convenient toggle switch button, allowing you to activate or deactivate any data source from streaming in or out of Eventstream with ease. 

With the Pause and Resume feature in Fabric Eventstream, you can pause traffic from specific sources and destinations whenever needed. Whether it’s for troubleshooting purposes, building proof-of-concepts with test data, or minimizing unnecessary data processing costs, this feature offers unparalleled control over your data streams and leads to more efficient resource allocation.

Fabric Real-Time Analytics Integrates with Newly Announced Database Watcher for Azure SQL (preview)  

Azure SQL family users can now take advantage of an enhanced monitoring solution for their databases and leverage Microsoft Fabric integration. With the introduction of the new Database Watcher for Azure SQL (preview), users gain access to advanced monitoring capabilities. Through integration with Microsoft Fabric, they can effortlessly stream, store, and analyze monitoring data in real-time using an Eventhouse database in Fabric Real-Time Analytics. This integration enables users to stay informed about their database performance and make timely, informed decisions. 

Database watcher is a new managed monitoring solution for database services in the Azure SQL family. It supports Azure SQL Database and Azure SQL Managed Instance. 

Database watchers collect in-depth workload monitoring data to give you a detailed view of database performance, configuration, and health. Monitoring data from the databases, elastic pools, and SQL managed instances you select is collected in near real time into a central data store. To store and analyze SQL monitoring data, database watcher uses an Eventhouse database in Fabric Real-Time Analytics (as a complement option, Azure Data Explorer is also supported). 

Dashboards in Azure portal provide a single-pane-of-glass view of your Azure SQL estate and a detailed view of each database, elastic pool, and SQL managed instance. 

A conceptual diagram of a database watcher deployment, showing the flow of monitoring data from Azure SQL resources to a database watcher.  The monitoring data is stored in Fabric Real-Time Analytics .  Dashboards in the Azure portal show you a single-pane-of-glass view across your Azure SQL estate, and a detailed view of each database, elastic pool, and managed instance.    

You can query data in your Eventhouse database in Real-Time Analytics using KQL or T-SQL , analyze and model your data using Real-Time Analytics Querysets or Fabric Notebooks , build custom visualizations using KQL built-in visualizations or Power BI . 

To analyze collected monitoring data, the recommended method is to use KQL. KQL is optimal for querying telemetry, metrics, and logs. It provides extensive support for text search and parsing, time-series operators and functions, analytics and aggregation, and many other language constructs that facilitate data analysis. You can find examples of analyzing database watcher monitoring data with KQL in the documentation . 

The dashboards, complemented by KQL queries, enable you to delve deep into the performance and configuration of your databases. This means you can detect, investigate, and troubleshoot a wide variety of database performance and health issues. 

Whether you’re tackling resource bottlenecks or fine-tuning your Azure SQL resources for the best balance of cost and performance, Database Watcher equips you with the insights needed to make informed decisions. It’s your pathway to optimizing your Azure SQL setup for peak efficiency and cost-effectiveness. 

Next steps  

One effective approach to grasp the potential and the power of Database Watcher is to give it a try yourself. Set up your Azure SQL resources with Database Watcher, explore the dashboards, and start running some queries with KQL.  To read more about Database Watcher, check out the documentation . 

Data Factory 

Dataflows gen2 , fast copy  .

Dataflows help with ingesting and transforming data. With the introduction of dataflow scale out with the SQL DW compute, we are able to transform your data at scale. However, to do this on a scale, your data needs to be ingested first.  

With the introduction of fast copy, you can ingest Terabytes of data with the easy experience of dataflows, but with the scalable back end of Pipeline’s Copy Activity. 

We released support for Azure Service Principals (SPN) as an authentication kind last year. Now we’ve added support for this new authentication kind for on-premises data gateways and VNET data gateways.  

Azure service principal is a security identity that is application based and can be assigned permissions to access your data sources. Service principals are used to safely connect to data, without a user identity. Learn more about service principals.  

You can learn how to leverage the service principal authentication kind from the documentation available and leverage this in multiple connectors such as Azure Data Lake Storage, Dataverse, Azure SQL database, Web connector and more. 

Certified connector updates  

We’re pleased to announce the new and updated connectors in this release: 

• [New] Topcon Aptix Insights 
• [Update] BitSight Security Ratings 
• [New] Zendesk Data 
• [Update] Planview OKR 
• [Update] BQE Core 
• [New] LinkedIn Learning 
• [New] LEAP 
• [New] Samsara 
• [Update] Celonis EMS 
• [New] Supermetrics 
• [New] Exact Online Premium 

Are you interested in creating your own connector and publishing it for your customers? Learn more about the Power Query SDK and the Connector Certification program . 

Data pipelines 

We are excited to announce the availability of the Spark job definition activity for data pipelines. With this new activity, you will be able to run a spark job definition in your pipeline.  

To learn more about this activity, read https://aka.ms/SparkJobDefinitionActivity.  

The Data pipeline homepage is now updated with an all-new look! You’ll now find new guidance cards to help you find what you’re looking for more quickly.  

Pipeline support for CI/CD in public preview

When developing workflows with Data Factory’s pipelines it is very important for developers to be able to save their work in a Git repository for versioning, source control, and CI/CD. We are happy to announce the public preview of CI/CD support for Data Factory pipelines! Now, you can connect your Azure DevOps (ADO) projects to your Fabric workspace and commit, merge, and branch your pipelines using Fabric’s Git integration. Additionally, you can now use the built-in Deployment Pipelines inside Fabric to assign workspaces to different environments (dev, test, prod) and promote your changes easily without using ADO! 

Data Factory Data Pipelines APIs 

You can now use our public APIs to create, execute, and monitor data pipelines in Fabric Data Factory. 

Increase in Pipeline activity limit 

As a cloud service for analytics workflows, the Data Factory team has had a limit of 40 activities per pipeline since the early days of Azure Data Factory. The same orchestration engine drives Fabric Data Factory data pipelines and we’ve reacted to your feedback that many times you need more than 40 activities in a pipeline to perform complex workflows that require error checks, branching, and other control flow capabilities. We’ve now updated the limits for the Data Factory pipeline service in both Fabric and Azure (Azure Data Factory & Synapse pipelines) to now allow up to 80 activities per pipeline. 

Fabric Warehouse in ADF copy activity  

We’re excited to announce that you can now connect to your Fabric Warehouse from Azure Data Factory/Synapse pipeline. You can find this new connector when creating a new source or sink destination in your copy activity.  

This connector is also supported in the Lookup activity, Stored Procedure activity, Script activity, and Get Metadata activity.  

Edit column type to destination table support added to Fabric Warehouse and other SQL data stores 

When moving data from any supported data sources into Fabric Warehouse or other SQL data stores (SQL Server, Azure SQL Database, Azure SQL Managed Instance; Azure Synapse Analytics) via data pipelines, users can now specify the data type for each column under the destination table, as well as customize the precision and scale to certain data types such as decimal, numeric, etc.  

SFTP: performance improvements when writing data to SFTP 

SFTP connector has been improved to offer better performance when writing to SFTP as destination.  

Related blog posts

Microsoft fabric march 2024 update.

Welcome to the March 2024 update. We have a lot of great features this month including OneLake File Explorer, Autotune Query Tuning, Test Framework for Power Query SDK in VS Code, and many more! Earn a free Microsoft Fabric certification exam!  We are thrilled to announce the general availability of Exam DP-600, which leads to … Continue reading “Microsoft Fabric March 2024 Update”

Microsoft Fabric February 2024 Update

Welcome to the February 2024 update. We have a lot of great features this month including Fabric Git Integration REST APIs, Fabric notebook status bar upgrade, Copilot in Dataflow Gen2, and many more! Fabric Community Conference Join us at the Microsoft Fabric Community Conference the ultimate Microsoft Data & AI learning event, on March 26-28, … Continue reading “Microsoft Fabric February 2024 Update”