Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Workspace outbound access protection helps safeguard your data by controlling outbound connections from Data Warehouse items in your workspace to external data sources. When this feature is enabled, Data Warehouse items are restricted from making outbound connections. At this time, exceptions can't be configured. All outbound connections from warehouses and SQL analytics endpoints are blocked when outbound access protection is enabled.
Understanding outbound access protection with Data Warehouse
When outbound access protection is enabled, the workspace automatically blocks all outbound warehouse and SQL endpoint connections to external networks and other workspaces. Any attempt to access data, services, or resources outside the current workspace is denied.
Configuring outbound access protection for Data Warehouse
To configure outbound access protection for Data Warehouse, follow the steps in Enable workspace outbound access protection. At this time, exceptions can't be configured through managed private endpoints. All outbound connections from warehouses and SQL analytics endpoints are blocked when outbound access protection is enabled.
Supported Data Warehouse item types
These Data Warehouse item types are supported with outbound access protection:
- Warehouses
- SQL analytics endpoints
The following sections explain how outbound access protection affects these items in your workspace.
Warehouses
With outbound access protection enabled, Fabric warehouses restrict ingestion pipelines and data load operations to trusted sources only. Data loads through COPY INTO, OPENROWSET, Bulk Insert, and similar commands are blocked from unapproved endpoints, reducing the risk of accidental or unauthorized access.
SQL analytics endpoints
For SQL analytics endpoints, outbound access protection ensures that all queries and data retrieval operations are limited to resources within the current workspace. You can only use data import commands with data inside your workspace, unless you use COPY INTO to ingest data directly from OneLake as a source.
Considerations and limitations
- All outbound connections from warehouses and SQL analytics endpoints are blocked when outbound access protection is enabled. Currently, exceptions can't be configured through managed private endpoints.
- Data import commands (such as COPY INTO, OPENROWSET, Bulk Insert) are restricted to sources within the current workspace, except when using the COPY INTO feature to ingest data directly from OneLake as a source.
- For other limitations, refer to Workspace outbound access protection overview - Microsoft Fabric.