Microsoft Fabric: New tenant settings for short-lived user-delegated SAS tokens (Preview)

Microsoft Fabric introduces new settings for short-lived user-delegated SAS tokens, enhancing security for applications using Microsoft OneLake. Public Preview begins late September 2024, with settings available in late August. Admins can control token generation and workspace admins manage token acceptance. Tokens have a one-hour lifetime and require an Entra ID. Preparation involves reviewing settings and deciding on enabling features. Coming soon for Microsoft Fabric: Two new settings in the Fabric Admin portal that are designed to enhance security and flexibility for applications interacting with Microsoft OneLake. When this will happen: Public Preview: We will begin rolling out late September 2024 and expect to complete by late September 2024. You can start saving your settings in late August 2024. When the General Availability release timeline is known, we will update you. How this will affect your organization: Before this rollout: Users could not generate SAS tokens in OneLake. After this rollout: Admins will have support for short-lived user-delegated OneLake shared access signature (SAS) tokens in public preview. This functionality allows applications to request a user delegation key backed by a Microsoft Entra ID, which can then be used to build a OneLake SAS token. This token can be handed off to provide delegated access to another tool, node, or user, ensuring secure and controlled access. OneLake SAS tokens are constructed and used similarly to Azure Storage SAS tokens, with a few key differences: OneLake user delegation keys and SAS tokens cannot exceed a lifetime of one hour. OneLake SAS tokens are always user delegated and must be backed by an Entra ID. OneLake SAS can only grant access to data items in Fabric. The usage of OneLake SAS in a Fabric tenant is controlled by two tenant switches: A switch managed by tenant admins that controls the generation of OneLake SAS tokens A switch automatically delegated to workspace admins that controls the acceptance of OneLake SAS tokens Both switches must be turned on to allow the use of OneLake SAS in a workspace. Scenarios supported by SAS Delegated access with SAS tokens allows applications without native support for Microsoft Entra to […]

The post Microsoft Fabric: New tenant settings for short-lived user-delegated SAS tokens (Preview) appeared first on M365 Admin.