Microsoft 365 Message Center Archive

MC1238430 - Workspace IP Firewall rules (Public Preview)

Message ID

MC1238430

View in Message Center

Service

Power BI

Published

Feb 25, 2026

Tag

New feature
Admin impact

Summary

Microsoft Fabric will introduce workspace-level IP firewall rules in Public Preview from mid-January to early March 2026, allowing workspace admins to restrict inbound access by IP allowlists. Tenant admins control this feature via a toggle in the Fabric admin portal, enhancing workspace data security.

More information

Introduction

Microsoft Fabric will introduce a Public Preview feature called workspace-level IP firewall rules. This feature allows workspace admins to block inbound public access to workspace data, significantly reducing the risk of unauthorized access and potential data breaches.

When this will happen

  • Public Preview: We began rolling out mid-January 2026 and expect to complete by early March 2026.
  • General Availability (Worldwide): We will begin rolling out mid-March 2026.

How this affects your organization

Who is affected:

  • Fabric tenant administrators
  • Fabric workspace administrators

What will happen:

  • A new tenant-level toggle called Configure workspace-level IP firewall rules will be available in the Advanced networking section of the Fabric admin portal.
  • By default, this tenant toggle is Enabled, allowing workspace admins to configure IP firewall rules for their workspaces.
  • Tenant admins can turn this toggle off to prevent workspace admins from configuring IP firewall rules.
  • The tenant toggle depends on the existing Configure workspace-level inbound network rules setting.
    • The IP firewall toggle can only be enabled or disabled when inbound network rules are enabled.
  • When enabled, workspace admins can:
    • Define an allowlist of public IP addresses for inbound access
    • Block all other public inbound connections to the workspace
  • There is no impact to users unless IP firewall rules are explicitly configured on a workspace.

This feature provides Workspace admins with more granular control of inbound access protection of workspaces. With workspace IP firewall rules, you can manage the inbound connections from the workspace with an allowlist of public IPs, thereby reducing the risks of inbound access from public endpoints.

What you can do to prepare

  • Review the Configure workspace-level IP firewall rules setting in the Fabric admin portal.
  • Ensure Configure workspace-level inbound network rules is enabled if you plan to use this feature.
  • Decide whether to keep the setting enabled or disable it to prevent workspace admins from configuring IP firewall rules.

Learn more: 

Compliance considerations

Question Explanation
Does the change alter how existing customer data is processed, stored, or accessed? Workspace IP firewall rules can restrict inbound access to workspace data by allowing access only from approved public IP addresses.
Does the change include an admin control? Tenant admins can enable or disable workspace-level IP firewall rules in the Fabric admin portal.
Does the change allow a user to enable and disable the feature themselves? Workspace admins can configure IP firewall rules for their own workspaces when the tenant setting is enabled.