Edit

Share via


Tenant settings index

This article lists all Fabric tenant settings, along with a brief description of each, and links to relevant documentation, if available. For more information about tenant settings in general, see About tenant settings.

If you want to get to the tenant settings in the Fabric portal, see How to get to the tenant settings.

Microsoft Fabric

Setting name Description
Users can create Fabric items Users can use production-ready features to create Fabric items. Turning off this setting doesn't impact users' ability to create Power BI items. This setting can be managed at both the tenant and the capacity levels. Learn More
Users can create Healthcare Cohort items (preview) Users can explore and create healthcare cohorts using natural language from the multi-modal healthcare data estate provided by the Healthcare solutions item. The data may contain Protected Health Information (PHI). Collaborators with workspace access can view, build on, and modify the healthcare cohort items within that workspace.

By turning this setting on, you agree to the Preview Terms.
SQL database (preview) Users can create SQL databases. Learn More
Digital Twin Builder (preview) Users can create digital twin builder items to build comprehensive digital twins of real world environments and processes, to enable big-picture data analysis and drive operational efficiency.
Users can discover and create org apps (preview) Turn on this setting to let users create org apps as items. Users with access will be able to view them. By turning on this setting, you agree to the Preview Terms.

If turned off, any org app items created will be hidden until this setting is turned on again. The prior version of workspace apps will still be available. Learn More
Product Feedback This setting allows Microsoft to prompt users for feedback through in-product surveys within Microsoft Fabric and Power BI. Microsoft will use this feedback to help improve product features and services. User participation is voluntary. Learn More
Users can create and share Data agent item types (preview) Users can create natural language data question and answer (Q&A) experiences using generative AI and then save them as Data agent items. Data agent items can be shared with others in the organization. Learn More
Users can discover and use metrics (preview) Turn on this setting to let users in the organization search for, view, and use metrics. They can use metrics to create new items, such as reports, across Fabric. By turning this setting on, you agree to the Preview Terms.

If turned off, any metrics and metric sets created will be hidden until this setting is turned on again. Semantic models underlying metric sets and downstream items created from metrics will always be visible.
Users can be informed of upcoming conferences featuring Microsoft Fabric when they are logged in to Fabric Attending conferences can help your data teams learn in-depth about how to best use the Fabric platform for your business needs and build professional relationships with community members, Microsoft engineering and product teams, and the Fabric Customer Advisory Team (CAT). These conferences may be organized and hosted by third parties. Learn More
ML models can serve real-time predictions from API endpoints (preview) With this setting on, users can get real-time predictions from model and version endpoints. Even with real-time endpoints turned off, batch predictions can still be generated. Learn More
Cosmos DB NoSQL (Preview) Build modern, cloud apps using a fully managed NoSQL database. Learn More
Detect anomalies in Real-Time Intelligence (Preview) This setting allows users to use statistical detection algorithms to detect anomalies in real-time data. Learn More
Users can create Maps (preview) Users can build map items to analyze live geospatial data with interactive, real-time visualizations, helping uncover location-based insights. Learn More
All Power BI users can see "Set alert" button to create Fabric Activator alerts When enabled, all Power BI users will see the "Set alert" button in reports. However, only users with permission to create Fabric items can actually set up Fabric Activator alerts, which send real-time notifications based on predefined data conditions. Learn More

Help and support settings

Setting name Description
Publish "Get Help" information Users in the organization can go to internal help and support resources from the Power BI help menu.
Receive email notifications for service outages or incidents Mail-enabled security groups will receive email notifications if this tenant is impacted by a service outage or incident.
Users can try Microsoft Fabric paid features When users sign up for a Microsoft Fabric trial, they can try Fabric paid features for free for 60 days from the day they signed up. Learn More
Show a custom message before publishing reports When people attempt to publish a report, they'll see a custom message before it gets published.

Domain management settings

Setting name Description
Allow tenant and domain admins to override workspace assignments (preview) Tenant and domain admins can reassign workspaces that were previously assigned to one domain to another domain.

Workspace settings

Setting name Description
Create workspaces Users in the organization can create app workspaces to collaborate on dashboards, reports, and other content. Even if this setting is disabled, a workspace will be created when a template app is installed.
Use semantic models across workspaces Users in the organization can use semantic models across workspaces if they have the required Build permission.
Block users from reassigning personal workspaces (My Workspace) Turn on this setting to prevent users from reassigning their personal workspaces (My Workspace) from Premium capacities to shared capacities. Learn More
Define workspace retention period Turn on this setting to define a retention period during which you can restore a deleted workspace and recover items in it. At the end of the retention period, the workspace is permanently deleted. By default, workspaces are always retained for a minimum of 7 days before they're permanently deleted.

Turn off this setting to accept the minimum retention period of 7 days. After 7 days the workspace and items in it will be permanently deleted.

Enter the number of days to retain a workspace before it's permanently deleted. My Workspace workspaces will be retained for 30 days automatically. Other workspaces can be retained for up to 90 days.

Information protection

Setting name Description
Allow users to apply sensitivity labels for content With this setting enabled, Microsoft Purview Information Protection sensitivity labels published to users by your organization can be applied. All prerequisite steps must be completed before enabling this setting.

Important: Sensitivity-label-based access control for Fabric and Power BI data and content is only enforced in the tenant where the labels were applied, in Power BI Desktop (.pbix) files, and in Excel, PowerPoint, and PDF files generated via supported export paths. Sensitivity-label-based access control is not supported in cross-tenant scenarios, such as external data sharing, or in any other export scenario, such as export to .csv or .txt formats. For more information, see Information protection in Microsoft Fabric: Access control.

Note: Sensitivity label settings, such as encryption and content marking for files and emails, are not applied to content in Fabric. Learn More. Encryption is applied to content in supported export paths.

Visit the Microsoft Purview portal to view sensitivity label settings for your organization.
Apply sensitivity labels from data sources to their data in Power BI Only sensitivity labels from supported data sources will be applied. Please see the documentation for details about supported data sources and how their sensitivity labels are applied in Power BI. Learn about supported data sources
Automatically apply sensitivity labels to downstream content With this setting enabled, whenever a sensitivity label is changed or applied to Fabric content, the label will also be applied to its eligible downstream content. Learn More
Allow workspace admins to override automatically applied sensitivity labels With this setting enabled, workspace admins can change or remove sensitivity labels that were applied automatically by Fabric, for example, as a result of label inheritance. Learn More
Restrict content with protected labels from being shared via link with everyone in your organization This setting will prevent content with protection settings in the sensitivity label from being shared via link with everyone in your organization. Learn More
Domain admins can set default sensitivity labels for their domains (preview) Domain admins can set a default sensitivity label for their domains. The label they set will override your organization's default labels in Microsoft Purview, as long as it has a higher priority than the existing default labels set for your tenant. A domain's default label will automatically apply to new Fabric items created within the domain. Reports, semantic models, dataflows, dashboards, scorecards, and some additional item types aren't currently supported. Learn More
Allow Microsoft Purview to secure AI interactions Allow Microsoft Purview to access, process, and store prompts and responses-including metadata-for data security and compliance outcomes such as sensitive info type (SIT) classification, reporting in Microsoft Purview Data Security Posture Management for AI, Audit, Insider Risk Management, Communication Compliance, and eDiscovery. Note: This is a Microsoft Purview paid capability and is not included in the Copilot in Fabric pricing. Learn More

Export and sharing settings

Setting name Description
External data sharing Users can share a read-only link to data stored in OneLake with collaborators outside your organization. When you grant them permission to do so, users can share a link to data in lakehouses and additional Fabric items. Collaborators who receive the link can view, build on, and share the data both within and beyond their own Fabric tenants, using their organization's licenses and capacities. Learn More
Users can accept external data shares Users can accept a read-only link to data from another organization's Fabric tenant. Users who accept an external share link can view, build on, and share the data, both inside and outside of your organization's tenant. For more information about the security limitations of this preview feature, view the feature documentation. Learn More
Guest users can access Microsoft Fabric Guest users who've been added to your Microsoft Entra directory can access Microsoft Fabric and any Fabric items they have permissions to. Learn More
Users can invite guest users to collaborate through item sharing and permissions Users can collaborate with people outside the organization by sharing Fabric items with them and granting them permission to access those items. After external users accept an invitation, they're added to your Microsoft Entra directory as guest users. Learn More
Guest users can browse and access Fabric content Users can invite guest users to browse and request access to Fabric content. Learn More
Users can see guest users in lists of suggested people With this setting on, users will see both users in your organization and guest users who've been added to your Microsoft Entra directory in lists of suggested people. With this setting off, users will see only users in your organization.

Users can still share items with guests by providing their full email address. Learn More
Publish to web People in your org can publish public reports on the web. Publicly published reports don't require authentication to view them.

Go to Embed codes in the admin portal to review and manage public embed codes. If any of the codes contain private or confidential content remove them.

Review embed codes regularly to make sure no confidential information is live on the web. Learn more about Publish to web
Copy and paste visuals Users in the organization can copy visuals from a tile or report visual and paste them as static images into external applications.
Export to Excel Users in the organization can export the data from a visualization or paginated report to an Excel file. Learn More
Export to .csv Users in the organization can export data from a tile, visualization, or paginated report to a .csv file. Learn More
Download reports Users in the organization can download .pbix files and paginated reports. Learn More
Users can work with semantic models in Excel using a live connection Users can export data to Excel from a report visual or semantic model, or export a semantic model to an Excel workbook with Analyze in Excel, both options with a live connection to the XMLA endpoint. Learn More
Export reports as PowerPoint presentations or PDF documents Users in the organization can export reports as PowerPoint files or PDF documents.
Export reports as MHTML documents Users in the organization can export Paginated reports as MHTML documents.
Export reports as Word documents Users in the organization can export Paginated reports as Word documents.
Export reports as XML documents Users in the organization can export Paginated reports as XML documents.
Export reports as image files Users in the organization can use the export report to file API to export reports as image files.
Print dashboards and reports Users in the organization can print dashboards and reports.
Certification Choose whether people in your org or specific security groups can certify items (like apps, reports, or datamarts) as trusted sources for the wider organization.

Note: When a user certifies an item, their contact details will be visible along with the certification badge.
Endorse master data Choose whether people in your org or specific security groups can endorse items (like lakehouses, warehouses, or datamarts) as one of the core sources for your organization's data records. Learn More

Note: When someone endorses an item as master data, their name and email will show with the endorsement badge.
Users can set up email subscriptions Users can create email subscriptions to reports and dashboards.
B2B guest users can set up and be subscribed to email subscriptions B2B guest users can set up and be subscribed to email subscriptions. B2B guest users are external users that have been added to your Microsoft Entra ID. Turn this setting off to prevent B2B guest users from setting up or being subscribed to email subscriptions. Learn More
Users can send email subscriptions to external users Users can send email subscriptions to external users. External users are users you've not added to your Microsoft Entra ID. Turn this setting off to prevent users from subscribing external users to email subscriptions. Learn More
Featured content Users in the organization can promote their published content to the Featured section of Power BI Home.
Allow connections to featured tables Users in the organization can access and perform calculations on data from featured tables. Featured tables are defined in the modeling view in Power BI Desktop and made available through data types gallery of Excel.
Allow shareable links to grant access to everyone in your organization This setting will grant access to anyone in your organization with the link. It won't work for external users. Learn More
Enable Microsoft Teams integration This setting allows people in the organization to access features associated with the Microsoft Teams and Power BI integration. This includes launching Teams experiences from the Power BI service like chats, the Power BI app for Teams, and receiving Power BI notifications in Teams. To completely enable or disable Teams integration, work with your Teams admin.
Install Power BI app for Microsoft Teams automatically The Power BI app for Microsoft Teams is installed automatically for users when they use Microsoft Fabric. The app is installed for users if they have Microsoft Teams and the Power BI app is allowed in the Teams Admin Portal. When the app is installed, users receive notifications in Teams and can more easily discover and collaborate with colleagues. The Power BI app for Teams provides users with the ability to open all Fabric content. Learn More.
Enable Power BI add-in for PowerPoint Let people in your org embed Power BI data into their PowerPoint presentations. This integration requires that your organization's Microsoft Office admin has enabled support for add-ins.
Allow DirectQuery connections to Power BI semantic models DirectQuery connections allow users to make changes to existing semantic models or use them to build new ones. Learn More
Guest users can work with shared semantic models in their own tenants Authorized guest users can discover semantic models shared with them in the OneLake data hub (in Power BI Desktop), and then work with these semantic models in their own Power BI tenants.
Allow specific users to turn on external data sharing Turn off this setting to prevent all users from turning on external data sharing. If this setting is on, all or specific users can turn on the external data sharing option, allowing them to share data with authorized guest users. Authorized guest users can then discover, connect to, and work with these shared semantic models in their own Power BI tenants.

Discovery settings

Setting name Description
Make promoted content discoverable Allow users in this org who can promote content to make content they promote discoverable by users who don't have access to it. Learn More
Make certified content discoverable Allow users in the org who can certify content to make content they certify discoverable by users who don't have access to it. Learn More
Discover content Allow users to find and request access to content they don't have access to if it was made discoverable by its owners. Learn More

App settings

Setting name Description
Create template organizational apps Users in the organization can create template apps that use semantic models built on one data source in Power BI Desktop.
Push apps to end users Users can share apps directly with end users without requiring installation from AppSource.
Publish apps to the entire organization Users in the organization can publish apps to the entire organization.

Integration settings

Setting name Description
Allow XMLA endpoints and Analyze in Excel with on-premises semantic models Users in the organization can use Excel to view and interact with on-premises Power BI semantic models. This also allows connections to XMLA endpoints.
Semantic Model Execute Queries REST API Users in the organization can query semantic models by using Data Analysis Expressions (DAX) through Power BI REST APIs.
Use ArcGIS Maps for Power BI Users in the organization can use the ArcGIS Maps for Power BI visualization provided by Esri.
Use global search for Power BI Turn on this setting to let users use the global search bar at the top of the page.
Users can use the Azure Maps visual With this setting on, users can create and view the Azure Maps visual. Your data may be temporarily stored and processed by Microsoft for essential services, including translating location names into latitudes and longitudes. Use of Azure Maps is subject to the following Terms of use.
Data sent to Azure Maps can be processed outside your tenant's geographic region, compliance boundary, or national cloud instance Azure Maps services are currently not available in all regions and geographies. With this setting on, data sent to Azure Maps can be processed in a region where the service is available, which might be outside your tenant's geographic region, compliance boundary, or national cloud instance. Learn More
Data sent to Azure Maps can be processed by Microsoft Online Services Subprocessors Some Azure Maps visual services, including the selection tool and the processing of location names within some regions, may require mapping capabilities provided in part by Microsoft Online Services subprocessors. Microsoft shares only necessary data with these Microsoft Online Services subprocessors, who may access data only to deliver the functions in support of online services that Microsoft has engaged them to provide and are prohibited from using data for any other purpose. Microsoft does not share the name of the customer or end user who submits the query. This feature is non-regional and the queries you provide may be stored and processed in the United States or any other country in which Microsoft or its subprocessors operate. Learn More
Map and filled map visuals Allow people in your org to use the map and filled map visualizations in their reports.
Integration with SharePoint and Microsoft Lists Users in the organization can launch Power BI from SharePoint lists and Microsoft Lists. Then they can build Power BI reports on the data in those lists and publish them back to the lists.
Dremio SSO Enable SSO capability for Dremio. By enabling, user access token information, including name and email, will be sent to Dremio for authentication.
Snowflake SSO Enable SSO capability for Snowflake. By enabling, user access token information, including name and email, will be sent to Snowflake for authentication. Learn More
Redshift SSO Enable SSO capability for Redshift. By enabling, user access token information, including name and email, will be sent to Redshift for authentication.
Google BigQuery SSO Enable SSO capability for Google BigQuery. By enabling, user access token information, including name and email, will be sent to Google BigQuery for authentication.
Microsoft Entra single sign-on for data gateway Users can use Microsoft Entra single sign-on (SSO) to authenticate to on-premises data gateways and access data sources.

With this setting on, user access token information, including names and emails, is sent to data sources to authenticate to the on-premises data gateway service. Learn More
Users can view Power BI files saved in OneDrive and SharePoint (preview) Users in the organization can view Power BI files saved in OneDrive for Business or SharePoint document libraries. The permissions to save and share Power BI files in OneDrive and SharePoint document libraries are controlled by permissions managed in OneDrive and SharePoint. Learn More
Users can share links to Power BI files stored in OneDrive and SharePoint through Power BI Desktop (preview) Users who have saved Power BI files (.pbix) to OneDrive and SharePoint can share links to those files using Power BI Desktop. Learn More
Enable granular access control for all data connections Enforce strict access control for all data connection types. When this is turned on, shared items will be disconnected from data sources if they're edited by users who don't have permission to use the data connections. Learn More
Semantic models can export data to OneLake Semantic models configured for OneLake integration can send import tables to OneLake. Once the data is in OneLake, users can include the exported tables in Fabric items, including lakehouses and warehouses. Learn More
Semantic model owners can choose to automatically update semantic models from files imported from OneDrive or SharePoint Semantic model owners can choose to allow semantic models to be automatically updated with changes made to the corresponding Power BI files (.pbix) stored in OneDrive or SharePoint. File changes can include new and modified data connections.

Turn off this setting to prevent automatic updates to semantic models. Learn More
ArcGIS GeoAnalytics in Fabric Runtime (preview) Users in your organization can use ArcGIS GeoAnalytics provided by Esri in Fabric Runtime. ArcGIS GeoAnalytics delivers geospatial analysis to your big data by extending Apache Spark with ready-to-use SQL functions and analysis tools. Learn More
Allow non-Entra ID auth in Eventstream Users can enhance the security of data streaming by disabling key-based authentication in Eventstream's Custom Endpoint, ensuring that only Microsoft Entra ID (formerly Azure Active Directory) authentication is allowed. This reduces the risk of unauthorized access to Fabric Eventstream through non-Entra ID authentication methods. Learn more
Users can create "Direct Lake on OneLake semantic models" (preview) Users can create tables using "Direct Lake on OneLake" storage mode and have tables from one or more OneLake data sources in a Power BI semantic model when this setting is enabled. Direct Lake on OneLake storage mode does not require a SQL endpoint and does not support fallback to DirectQuery. If you disable this setting, you cannot create tables using Direct Lake on OneLake storage mode in semantic models. Existing semantic models using Direct Lake on OneLake storage mode are not affected and continue to use Direct Lake on OneLake. Learn More

Power BI visuals

Setting name Description
Allow visuals created using the Power BI SDK Users in the organization can add, view, share, and interact with visuals imported from AppSource or from a file. Visuals allowed in the "Organizational visuals" page are not affected by this setting. Learn More
Add and use certified visuals only (block uncertified) Users in the organization with permissions to add and use visuals can add and use certified visuals only. Visuals allowed in the "Organizational visuals" page are not affected by this setting, regardless of certification. Learn More
Allow downloads from custom visuals Enabling this setting will let custom visuals download any information available to the visual (such as summarized data and visual configuration) upon user consent. It is not affected by download restrictions applied in your organization's Export and sharing settings. Learn More
AppSource Custom Visuals SSO Enable SSO capability for AppSource custom visuals. This feature allows custom visuals from AppSource to get Microsoft Entra ID access tokens for signed-in users through the Authentication API. Microsoft Entra ID access tokens include personal information, including users' names and email addresses, and may be sent across regions and compliance boundaries. Learn More
Allow access to the browser's local storage When this setting is on, custom visuals can store information on the user's browser's local storage. Learn More

R and Python visuals settings

Setting name Description
Interact with and share R and Python visuals Users in the organization can interact with and share visuals created with R or Python scripts.

Audit and usage settings

Setting name Description
Usage metrics for content creators Users in the organization can see usage metrics for dashboards, reports and semantic models that they have appropriate permissions to. Learn More
Per-user data in usage metrics for content creators Usage metrics for content creators will expose display names and email addresses of users who are accessing content.
Show user data in the Fabric Capacity Metrics app and reports With this setting on, active user data, including names and email addresses, are displayed in the Capacity Metrics app and reports. Learn More
Azure Log Analytics connections for workspace administrators NO DESCRIPTION IN UI
Workspace admins can turn on monitoring for their workspaces (preview) Workspace admins can turn on monitoring for their workspaces. When a workspace admin turns on monitoring, a read-only Eventhouse that includes a KQL database is created. After the Eventhouse and KQL database are added to the workspace, logging is turned on and data is sent to the database. Learn More
Microsoft can store query text to aid in support investigations Query text for some items, including semantic models, is securely stored for usage during support investigations. Turn off this setting to stop the service from storing query text.

Turning off this setting might negatively impact Microsoft's ability to provide support for the Fabric service. Learn More

Dashboard settings

Setting name Description
Web content on dashboard tiles Users in the organization can add and view web content tiles on Power BI dashboards. Note: This may expose your org to security risks via malicious web content.

Developer settings

Setting name Description
Embed content in apps Users in the organization can embed Power BI dashboards and reports in Web applications using "Embed for your customers" method. Learn More
Service principals can create workspaces, connections, and deployment pipelines This setting allows service principals to create workspaces, connections, and deployment pipelines. To allow service principals to call the rest of Fabric public APIs, turn on the setting titled "Service principals can call Fabric public APIs". Learn More
Service principals can call Fabric public APIs This setting allows service principals with the appropriate roles and item permissions to call Fabric public APIs. To allow service principals to create workspaces, connections, and deployment pipelines turn on the setting titled "Service principals can create workspaces, connections, and deployment pipelines". Learn More
Allow service principals to create and use profiles Allow service principals in your organization to create and use profiles.
Block ResourceKey Authentication For extra security, block using resource key based authentication. This means users not allowed to use streaming semantic models API using resource key.

Admin API settings

Setting name Description
Service principals can access read-only admin APIs Web apps registered in Microsoft Entra ID can use service principals, rather than user credentials, to authenticate to read-only admin APIs.

To allow an app to use a service principal as an authentication method, the service principal must be added to an allowed security group. Service principals included in allowed security groups will have read-only access to all the information available through admin APIs, which can include users' names and emails, and detailed metadata about semantic models and reports. Learn More
Service principals can access admin APIs used for updates Web apps registered in Microsoft Entra ID can use service principals, rather than user credentials, to authenticate to admin APIs used for updates.

To allow an app to use a service principal as an authentication method, add the service principal to an allowed security group. Service principals in allowed security groups have full access to the information available through admin APIs, including users' names and emails, and detailed metadata about items. Learn More
Enhance admin APIs responses with detailed metadata Users and service principals allowed to call Power BI admin APIs may get detailed metadata about Power BI items. For example, responses from GetScanResult APIs will contain the names of semantic model tables and columns. Learn More

Note: For this setting to apply to service principals, make sure the tenant setting allowing service principals to use read-only admin APIs is enabled. Learn More
Enhance admin APIs responses with DAX and mashup expressions Users and service principals eligible to call Power BI admin APIs will get detailed metadata about queries and expressions comprising Power BI items. For example, responses from GetScanResult API will contain DAX and mashup expressions. Learn More

Note: For this setting to apply to service principals, make sure the tenant setting allowing service principals to use read-only admin APIs is enabled. Learn More

Gen1 dataflow settings

Setting name Description
Create and use Gen1 dataflows Users in the organization can create and use Gen1 dataflows. Learn More

Template app settings

Setting name Description
Publish template apps Users in the organization can publish template apps for distribution to clients outside of the organization. Learn More.
Install template apps Users in the organization can install template apps created outside the organization. When a template app is installed, an upgraded workspace is created. Learn More
Install template apps not listed in AppSource Users in the organization who have been granted permission to install template apps which were not published to Microsoft AppSource. Learn More.

Q&A settings

Setting name Description
Review questions Allow semantic model owners to review questions people asked about their data.
Synonym sharing Allow people to share Q&A synonyms with your organization. Learn More

Explore settings (preview)

Setting name Description
Users with view permission can launch Explore Explore is a light-weight visual data exploration experience that enables people to quickly and easily do ad hoc analysis. This setting allows people with view permission on a semantic model to launch Explore from that model and from items connected to it. Learn More

Semantic Model Security

Setting name Description
Block republish and disable package refresh Disable package refresh, and only allow the semantic model owner to publish updates.

Advanced networking

Setting name Description
Tenant-level Private Link Increase security by allowing people to use a Private Link to access your Fabric tenant. Someone will need to finish the set-up process in Azure. If that's not you, grant permission to the right person or group by entering their email. Learn More Set-up instructions

Review the considerations and limitations section before enabling private endpoints.
Block Public Internet Access For extra security, block access to your Fabric tenant via the public internet. This means people who don't have access to the Private Link won't be able to get in. Keep in mind, turning this on could take 10 to 20 minutes to take effect. Learn More Set-up instructions
Configure workspace-level inbound network rules (preview) With this setting on, workspace admins can configure inbound private link access protection in workspace settings. When a workspace is configured to restrict inbound network access, existing tenant-level private links can no longer connect to these workspaces. Turning off this setting reverts all workspaces to their previous configuration. Learn More
Configure workspace-level outbound network rules (preview) With this setting on, workspace admins can configure outbound access protection in workspace settings. Turning off this tenant setting also turns off outbound access protection in all the workspaces in the tenant. Learn More

Encryption

Setting name Description
Apply customer-managed keys (preview) With this setting turned on, users can configure workspace level encryption using customer-managed keys to protect their data. When turned off, the default is to use Microsoft managed keys. Learn More

Metrics settings

Setting name Description
Create and use Metrics Users in the organization can create and use Metrics

User experience experiments

Setting name Description
Help Power BI optimize your experience Users in this organization will get minor user experience variations that the Power BI team is experimenting with, including content, layout, and design, before they go live for all users.

Share data with your Microsoft 365 services

Setting name Description
Share Fabric data with your Microsoft 365 services When this setting is enabled, Microsoft Fabric data can be stored and displayed in Microsoft 365 services. Fabric data (including Power BI report titles, chart axis labels, Fabric data agent instructions, or open and sharing history) may be used to improve Microsoft 365 services like search results and recommended content lists. Learn More

Users can browse or get recommendations only for content they have access to. Users will see metadata about Fabric items (including refresh dates and workspace names in search listings) and see item content (like chart axis labels or titles reflected in Copilot summarizations) to enhance Microsoft 365 services.

This setting is automatically enabled only if your Microsoft Fabric and Microsoft 365 tenants are in the same geographical region. You may disable this setting. Where is my Microsoft Fabric tenant located?

Insights settings

Setting name Description
Receive notifications for top insights (preview) Users in the organization can enable notifications for top insights in report settings
Show entry points for insights (preview) Users in the organization can use entry points for requesting insights inside reports

Datamart settings

Setting name Description
Create Datamarts (preview) Users in the organization can create Datamarts

Data model settings

Setting name Description
Users can edit data models in the Power BI service (preview) Turn on this setting to allow users to edit data models in the service. This setting doesn't apply to DirectLake semantic models or editing a semantic model through an API or XMLA endpoint. Learn More

Scale-out settings

Setting name Description
Scale out queries for large semantic models For semantic models that use the large semantic model storage format, Power BI Premium can automatically distribute queries across additional semantic model replicas when query volume is high.

OneLake settings

Setting name Description
Users can access data stored in OneLake with apps external to Fabric Users can access data stored in OneLake with apps external to the Fabric environment, such as custom applications created with Azure Data Lake Storage (ADLS) APIs, OneLake File Explorer, and Databricks. Users can already access data stored in OneLake with apps internal to the Fabric environment, such as Spark, Data Engineering, and Data Warehouse. Learn More
Use short-lived user-delegated SAS tokens OneLake SAS tokens enable applications to access data in OneLake through short-lived SAS tokens, based on a Microsoft Fabric user's Entra identity. These token's permissions can be further limited to provide least privileged access and cannot exceed a lifetime of one hour. Learn More
Authenticate with OneLake user-delegated SAS tokens Allow applications to authenticate using a OneLake SAS token. Fabric users can create OneLake SAS by requesting a user delegation key. The tenant setting, Use short-lived user delegated SAS tokens, must be turned on to generate user delegation keys. The lifetimes of the user delegation keys and SAS tokens cannot exceed one hour. Learn More
Users can sync data in OneLake with the OneLake File Explorer app Turn on this setting to allow users to use OneLake File Explorer. This app will sync OneLake items to Windows File Explorer, similar to OneDrive. Learn More
Enable Delta Lake to Apache Iceberg table format virtualization (preview) Delta Lake tables will be virtually converted to have additional Iceberg table metadata. This allows different services/workloads to read your Delta Lake tables as Iceberg tables.

Note: This setting controls a feature that is currently in preview. This setting will be removed in a future update when the feature is no longer in preview.

Git integration

Setting name Description
Users can synchronize workspace items with their Git repositories Users can import and export workspace items to Git repositories for collaboration and version control. Turn off this setting to prevent users from syncing workspace items with their Git repositories. Learn More
Users can export items to Git repositories in other geographical locations The workspace and the Git repository may reside in different geographies. Turn on this setting to allow users to export items to Git repositories in other geographies.
Users can export workspace items with applied sensitivity labels to Git repositories Turn on this setting to allow users to export items with applied sensitivity labels to their Git repositories.
Users can sync workspace items with GitHub repositories Users can select GitHub as their Git provider and sync items in their workspaces with GitHub repositories.

Copilot and Azure OpenAI Service

Setting name Description
Users can use Copilot and other features powered by Azure OpenAI When this setting is on, users can access Fabric features powered by Azure OpenAI, including Copilot and Fabric AI agents. Check documentation for the most recent list of these features. This setting can be managed at both the tenant and the capacity levels. Learn More

For customers in the EU Data Boundary, this setting adheres to Microsoft Fabric's EU Data Boundary commitments. Learn More

By turning on this setting, you agree to the Preview Terms for any AI features in preview.
Users can access a standalone, cross-item Power BI Copilot experience (preview) When this setting is turned on, users will be able to access a Copilot experience that allows them to find, analyze, and discuss different Fabric items in a dedicated tab available via the Power BI navigation pane. This setting requires the following tenant setting to be enabled: "Users can use Copilot and other features powered by Azure OpenAI." Learn More
Data sent to Azure OpenAI can be processed outside your capacity's geographic region, compliance boundary, or national cloud instance This setting is only applicable for customers who want to use Copilot and AI features in Fabric powered by Azure OpenAI, and whose capacity's geographic region is outside of the EU Data Boundary or the United States. Learn More

When this setting is on, data sent to Copilot and other generative AI features can be processed outside your capacity's geographic region, compliance boundary, or national cloud instance. Check documentation for the types of data this might include. This setting can be managed at both the tenant and the capacity levels. Learn More

By turning on this setting, you agree to the Preview Terms for any AI features in preview.
Capacities can be designated as Fabric Copilot capacities With this setting on, capacity admins can designate capacities as Fabric Copilot capacities. Copilot capacities are special capacity types that allow your organization to consolidate users' Copilot usage and billing on a single capacity. Learn More

When users use Copilot features, capacity admins can see the names of the items associated with users' Copilot activity. Learn More
Data sent to Azure OpenAI can be stored outside your capacity's geographic region, compliance boundary, or national cloud instance This setting is only applicable for customers who want to use Copilot and AI features in Fabric powered by Azure OpenAI, and whose capacity's geographic region is outside of the EU Data Boundary or the United States. Learn More

When this setting is turned on, data sent to Azure OpenAI can be stored outside your capacity's geographic region, compliance boundary, or national cloud instance. Check documentation for the types of experiences and data this might include. Learn More

By turning on this setting, you agree to the Preview Terms for any AI features in preview.
Only show AI-prepped items in the standalone Copilot in Power BI experience (preview) When this is turned on, the standalone Copilot experience in Power BI won't show users Fabric items unless they're designated as prepped for AI. Users will still be able to manually attach items to ask questions. Copilot item usage is always subject to user permissions. Learn More

Azure Maps services

Setting name Description
Users can use Azure Maps services When this setting is enabled, users can access the features powered by Azure Maps services. Learn More

For customers in the EU Data Boundary, this setting adheres to Microsoft Fabric's EU Data Boundary commitments. Learn More

Use of Azure Maps is subject to the following Terms of use.
Data sent to Azure Maps can be processed outside your capacity's geographic region, compliance boundary or national cloud instance Azure Maps services are currently not available in all regions and geographies. With this setting on, data sent to Azure Maps can be processed in a region where the service is available, which might be outside your capacity's geographic region, compliance boundary, or national cloud instance. Learn More
Users can use Azure Maps Weather Services (Preview) When this setting is enabled, users can access weather data from Azure Maps Weather, sourced from AccuWeather Learn More

Additional workloads

Setting name Description
Workspace admins can add and remove additional workloads (preview) Workspace admins can add and remove workloads in their workspaces. If this setting is turned off, any existing workloads will stay added and items created with those workloads continue to work normally.

When users interact with a workload, their data and access tokens, including name and email, are sent to the publisher. Sensitivity labels and protection settings including encryption aren't applied to items created with workloads. Learn More
Capacity admins and contributors can add and remove additional workloads Capacity admins or individuals granted Contributor permission in Capacity settings can add and remove additional workloads in capacities. If this setting is turned off, any existing workloads will stay added and items created with those workloads continue to work normally.

When users interact with a workload, their data and access tokens, including name and email, are sent to the publisher. Sensitivity labels and protection settings including encryption aren't applied to items created with workloads. Learn More
Workspace admins can develop partner workloads Workspace admins can develop partner workloads with a local machine development environment. Turning off this feature will prevent developers from uploading to this workspace. Learn More
Users can see and work with additional workloads not validated by Microsoft Turn on this setting to allow users to see and work with additional workloads not validated by Microsoft. Make sure that you only add workloads from publishers that you trust to meet your organization's policies. Learn More