You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
|**Private Link (PL)**| Tenant | Applies **globally across the tenant**. Controls access to all capacities regardless of region. | Enforce secure-by-default access across all Fabric services. | Not all services support Private Link. Requires tenant-level configuration and DNS setup. |
53
59
|**Managed Private Endpoints (MPE)**| Workspace (Capacity) | Region is determined by the **capacity backing the workspace**. Data access is region-bound. | Secure access to external data sources (e.g., Azure SQL, Storage) from within a workspace. | Workspace migration across regions is not supported. Must be recreated in the target region. |
54
60
55
-
## Private Endpoints (PE)
61
+
###Private Endpoints (PE)
56
62
57
63
> **Private Endpoints** are configured at the **capacity level**. They provide a secure, private IP-based connection to Fabric services, ensuring that traffic between your network and Fabric remains isolated from the public internet. Each private endpoint is tied to a specific Fabric capacity and is region-specific.
> **Private Link** is a **tenant-wide setting** that enforces secure, private access to Microsoft Fabric services across all capacities and regions. Once enabled, it ensures that all traffic to Fabric endpoints is routed through Azure’s private backbone network, bypassing the public internet.
> **Managed Private Endpoints** are configured at the **workspace level**. They allow Fabric workspaces to securely connect to **external Azure resources** (e.g., Azure SQL, Azure Data Lake Storage) over a private network. These endpoints are created and managed within Fabric and are **not visible in the Azure portal**.
0 commit comments