Forum

Please or Register to create posts and topics.

Quản lý Microsoft Fabric như thế nào

Administering Fabric involves a range of tasks that are essential for ensuring the efficient and effective use of the Fabric platform within an organization. As a Fabric administrator (admin), you need to have a solid understanding of the Fabric architecture, security and governance features, analytics capabilities, and various deployment and licensing options available. You also need to be familiar with the Fabric admin portal and other administrative tools, and be able to configure and manage the Fabric environment to meet the needs of your organization.

Understand the Fabric Architecture

Fabric admins work closely with business users, data analysts, and other IT professionals to ensure that Fabric is deployed and used in a way that meets business objectives and complies with organizational policies and standards.

By the end of this module, you’ll have an understanding of the Fabric administrator role and the tasks and tools involved in administering Fabric.

 

Microsoft Fabric is an all-in-one analytics solution for enterprises that covers everything from data movement to data science, real-time analytics, and business intelligence. It offers a comprehensive suite of services, including:

  • data warehousing
  • data engineering
  • data integration
  • data science
  • real-time analytics
  • business intelligence

The foundation of the platform is based on Software as a Service (SaaS), which provides a simple and integrated approach. The image below shows the Fabric architecture, with OneLake as the foundation, and each experience built on top.

Screenshot of Fabric architecture, show with OneLake as the foundation, with each experience built on top.

All of the Fabric experiences use OneLake as their native store without needing any additional configuration. OneLake is hierarchical in nature to simplify management across your organization. There’s only one OneLake per tenant and it provides a single-pane-of-glass file-system namespace that spans across users, regions and even clouds. The data in OneLake is divided into manageable containers for easy handling.

Understand Fabric concepts: tenant, capacity, domain, workspace, and item

A Fabric tenant is a dedicated space for organizations to create, store, and manage Fabric items. There’s often a single instance of Fabric for an organization, and it’s aligned with Microsoft Entra ID. The Fabric tenant maps to the root of OneLake and is at the top level of the hierarchy.

Capacity is a dedicated set of resources that is available at a given time to be used. A tenant can have one or more capacities associated with it. Capacity defines the ability of a resource to perform an activity or to produce output. Different items consume different capacity at a certain time. Fabric offers capacity through the Fabric SKU and Trials.

domain is a logical grouping of workspaces. Domains are used to organize items in a way that makes sense for your organization. You can group things together in a way that makes it easier for the right people to have access to the right workspaces. For example, you might have a domain for sales, another for marketing, and another for finance.

workspace is a collection of items that brings together different functionality in a single tenant. It acts as a container that leverages capacity for the work that is executed, and provides controls for who can access the items in it. For example, in a sales workspace, users associated with the sales organization can create a data warehouse, run notebooks, create datasets, create reports, etc.

Fabric items are the building blocks of the Fabric platform. They’re the objects that you create and manage in Fabric. There are different types of items, such as data warehouses, data pipelines, datasets, reports, and dashboards.

Understanding Fabric concepts is important for you as an admin, because it helps you understand how to manage the Fabric environment.

 Note

See Enable Microsoft Fabric for your organization to learn how to opt in to the Fabric public preview.

Understand the Fabric administrator role

 

Now that you understand the Fabric architecture and what you and your colleagues may be doing with the product, let’s look at the admin role and the tools you use to manage the platform.

There are several roles that work together to administer Microsoft Fabric for your organization. If you’re a Microsoft 365 admin, a Power Platform admin, or a Fabric capacity admin, you are involved in administering Fabric. The Power BI admin role will transition to become the Fabric admin.

 Note

See What is Microsoft Fabric administration? for specific details on the different admin roles and responsibilities.

As a Fabric admin, you work primarily in the Fabric admin portal. You may also need to familiarize yourself with: the Microsoft 365 admin center, the Microsoft 365 Security & Microsoft Purview compliance portalMicrosoft Entra ID in the Azure portalPowerShell cmdlets, and administrative APIs and SDK.

Describe admin tasks

As an admin, you may be responsible for a wide range of tasks to keep the Fabric platform running smoothly. These tasks include:

Security and access control: One of the most important aspects of Fabric administration is managing security and access control to ensure that only authorized users can access sensitive data. You can use role-based access control (RBAC) to define who can view and edit content, set up data gateways to securely connect to on-premises data sources, and use Microsoft Entra ID to manage user access.

Data governance: Effective Fabric administration requires a solid understanding of data governance principles. You should know how to secure inbound and outbound connectivity in your tenant and how to monitor usage and performance metrics. You should also know how to apply data governance policies to ensure data within your tenant is only accessible to authorized users.

Customization and configuration: Fabric administration also involves customizing and configuring the platform to meet the needs of your organization. This could include configuring private links to secure your tenant, defining data classification policies, and adjusting the look and feel of reports and dashboards.

Monitoring and optimization: As a Fabric admin, you need to know how to monitor the performance and usage of the platform, optimize resources, and troubleshoot issues. This includes configuring monitoring and alerting settings, optimizing query performance, managing capacity and scaling, and troubleshooting data refresh and connectivity issues.

Specific tasks may vary depending on the needs of your organization and the complexity of your Fabric implementation.

Describe admin tools

You need to familiarize yourself with a few tools to effectively implement the tasks outlined above. Fabric admins can perform most admin tasks using one or more of the following tools: the Fabric admin portal, PowerShell cmdlets, admin APIs and SDKs, and the admin monitoring workspace.

Fabric admin portal

Fabric’s admin portal is a web-based portal where you can manage all aspects of the platform. In the admin portal you can centrally manage, review, and apply settings for the entire tenant or by capacity. You can also manage users, admins and groups, access audit logs, and monitor usage and performance.

 Important

The Power BI admin portal has now extended to become the Fabric admin portal. See What is the Microsoft Fabric admin portal? for more information. The admin portal enables you to turn settings on and off. There are many settings located in the admin portal, but there’s one setting that we’d like to call out which may change how you and your users experience Fabric.

The Fabric on/off switch, located in tenant settings let’s organizations that use Power BI opt into Fabric. Here, you can enable Fabric for your tenant or allow capacity admins to enable Fabric.

Screenshot of Tenant settings in admin portal.

PowerShell cmdlets

Fabric provides a set of PowerShell cmdlets that you can use to automate common administrative tasks. A PowerShell cmdlet is a simple command that can be executed in PowerShell.

For example, you can use cmdlets in Fabric to systematically create and manage groups, configure data sources and gateways, and monitor usage and performance. You can also use the cmdlets to manage the Fabric admin APIs and SDKs.

 Note

See Microsoft Power BI Cmdlets for Windows PowerShell and PowerShell Core for more resources on PowerShell cmdlets that work with Fabric.

Admin APIs and SDKs

An admin API and SDK are tools that allow developers to interact with a software system programmatically. An API (Application Programming Interface) is a set of protocols and tools that enable communication between different software applications. An SDK (Software Development Kit) is a set of tools and libraries that helps developers create software applications that can interact with a specific system or platform. You can use APIs and SDKs to automate common administrative tasks and integrate Fabric with other systems.

For example, you can use the APIs and SDKs to create and manage groups, configure data sources and gateways, and monitor usage and performance. You can also use the APIs and SDKs to manage the Fabric admin APIs and SDKs.

You can make these requests using any HTTP client library that supports OAuth 2.0 authentication, such as Postman, or you can use PowerShell scripts to automate the process. For more information, see Microsoft Power BI REST APIs.

Admin monitoring workspace

Fabric tenant admins will have access to the new admin monitoring workspace. You can choose to share access to the workspace or specific items within it with other users in your organization. The admin monitoring workspace includes the Feature Usage and Adoption dataset and report, which together provide insights on the usage and performance of your Fabric environment. You can use this information to identify trends and patterns, and troubleshoot issues.

Screenshot of the Admin monitoring report.

 

Manage Fabric security

 

Microsoft Fabric security is based on Power BI security. Your role as an admin is to manage security for the Fabric environment, including managing users and groups, and managing how users interact with Fabric in terms of sharing and distribution of content.

Manage users: assign and manage licenses

Licenses control the level of access and functionality that users have within the Fabric environment. Administrators can ensure that licensed users have the necessary access to data and analytics to perform their roles effectively, while also limiting access to sensitive data and ensuring compliance with data protection laws and regulations.

Managing licenses allows administrators to monitor and control costs by ensuring that licenses are allocated efficiently and only to users who need them. This can help to prevent unnecessary expenses and ensure that the organization is utilizing its resources effectively.

Having the appropriate procedures in place to assign and manage licenses helps to control access to data and analytics, ensure compliance with regulations, and optimize costs.

License management for Fabric is handled in the Microsoft 365 admin center. For more information about managing licenses, see Assign licenses to users.

Manage items and sharing

As an admin, you can manage how users interact with Fabric in terms of sharing and distribution of content. This includes managing how users share content with others, and how they distribute content to others. You can also manage how users interact with items, such as data warehouses, data pipelines, datasets, reports, and dashboards.

Items in workspaces are best distributed through a workspace app or the workspace directly. Granting the least permissive rights is the first step is securing the data. Share the read only app for access to the reports or grant access to the workspaces for collaboration and development. Another aspect of managing and distributing items is enforcing such best practices.

You can manage sharing and distribution both internally and outside of your organization, in compliance with your organization’s policies and procedures.

 

Govern data in Fabric

 

Fabric has a few built-in governance features to help you manage and control your data. Endorsement is a way for you as an admin to designate specific Fabric items as trusted and approved for use across the organization.

Admins can also make use of the scanner API to scan Fabric items for sensitive data, and the data lineage feature to track the flow of data through Fabric.

Endorse Fabric content

Content endorsement is an essential governance feature that helps you establish trust in your data assets by promoting and certifying specific Fabric items as trusted and approved for use across the organization. All Fabric items can be endorsed except dashboards.

Endorsed assets are identified with a badge that indicates they have been reviewed and approved. Endorsement helps your users know which assets they can trust and rely on for accurate information, and it also helps you as an admin manage the overall growth of items across your environment.

Promoted Fabric content appears with a Promoted badge in the Fabric portal. Workspace members with the contributor or admin role can promote content within a workspace. The Fabric admin can promote content across the organization.

Screenshot of Promoted Fabric content in the workspace view.

Content certification is a more formal process that involves a review of the content by a designated reviewer. Certified Fabric content appears with a Certified badge in the Fabric portal. The certification process is managed by you, the admin, and can be customized to meet the needs of your organization.

If you aren’t an admin, you need to request item certification from an admin. You can do request certification by selecting the item in the Fabric portal, and then selecting Request certification from the More menu.

 Note

For more detailed information on the content endorsement process, see Promote or certify content.

Scan for sensitive data

Metadata scanning facilitates governance of data by enabling cataloging and reporting on all the metadata of your organization’s Fabric items. The scanner API is a set of Admin REST APIs that allows you to scan Fabric items for sensitive data. Use the scanner API to scan data warehouses, data pipelines, datasets, reports, and dashboards for sensitive data. The scanner API can be used to scan both structured and unstructured data.

 Important

Before metadata scanning can be run, it needs to be set up in your organization by an Admin. For more information, see the Metadata scanning overview.

Track data lineage

Data lineage is the ability to track the flow of data through Fabric. Data lineage allows you to see where data comes from, how it’s transformed, and where it goes. This helps you understand the data that is available in Fabric, and how it’s being used.