get role assignment azure rest api

Navigation Menu

Search code, repositories, users, issues, pull requests..., provide feedback.

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly.

To see all available qualifiers, see our documentation .

• Notifications You must be signed in to change notification settings

role-assignments-list-rest.md

Latest commit, file metadata and controls.

List Azure role assignments using the REST API

[!INCLUDE Azure RBAC definition list access ] This article describes how to list role assignments using the REST API.

If your organization has outsourced management functions to a service provider who uses Azure Lighthouse , role assignments authorized by that service provider won't be shown here. Similarly, users in the service provider tenant won't see role assignments for users in a customer's tenant, regardless of the role they've been assigned.

[!INCLUDE gdpr-dsr-and-stp-note ]

Prerequisites

You must use the following version:

• 2015-07-01 or later
• 2022-04-01 or later to include conditions

For more information, see API versions of Azure RBAC REST APIs .

List role assignments

In Azure RBAC, to list access, you list the role assignments. To list role assignments, use one of the Role Assignments Get or List REST APIs. To refine your results, you specify a scope and an optional filter.

Start with the following request:

Within the URI, replace {scope} with the scope for which you want to list the role assignments.

[!div class="mx-tableFixed"] Scope Type providers/Microsoft.Management/managementGroups/{groupId1} Management group subscriptions/{subscriptionId1} Subscription subscriptions/{subscriptionId1}/resourceGroups/myresourcegroup1 Resource group subscriptions/{subscriptionId1}/resourceGroups/myresourcegroup1/providers/Microsoft.Web/sites/mysite1 Resource

In the previous example, microsoft.web is a resource provider that refers to an App Service instance. Similarly, you can use any other resource providers and specify the scope. For more information, see Azure Resource providers and types and supported Azure resource provider operations .

Replace {filter} with the condition that you want to apply to filter the role assignment list.

[!div class="mx-tableFixed"] Filter Description $filter=atScope() Lists role assignments for only the specified scope, not including the role assignments at subscopes. $filter=assignedTo('{objectId}') Lists role assignments for a specified user or service principal. If the user is a member of a group that has a role assignment, that role assignment is also listed. This filter is transitive for groups which means that if the user is a member of a group and that group is a member of another group that has a role assignment, that role assignment is also listed. This filter only accepts an object ID for a user or a service principal. You cannot pass an object ID for a group. $filter=atScope()+and+assignedTo('{objectId}') Lists role assignments for the specified user or service principal and at the specified scope. $filter=principalId+eq+'{objectId}' Lists role assignments for a specified user, group, or service principal.

The following request lists all role assignments for the specified user at subscription scope:

The following shows an example of the output:

• Assign Azure roles using the REST API
• Azure REST API Reference

All about Microsoft 365

Generate a report of Azure AD role assignments via the Graph API or PowerShell

A while back, I published a short article and script to illustrate the process of obtaining a list of all Azure AD role assignments. The examples therein use the old MSOnline and Azure AD PowerShell modules, which are now on a deprecation path. Thus, it’s time to update the code to leverage the “latest and greatest”. Quotes are there for a reason…

The updated script comes in two flavors. The first one is based on direct web requests against the Graph API endpoints and uses application permissions, thus is suitable for automation scenarios. Do make sure to replace the authentication variables, which you can find on lines 11-13. Better yet, replace the whole authentication block (lines 7-36) with your preferred “connect to Graph” function. Also make sure that sufficient permissions are granted to the service principal under which you will be running the script. Those include the Directory.Read.All scope for fetching regular role assignments and performing directory-wide queries, and the RoleManagement.Read.Directory for PIM roles.

The second flavor is based on the cmdlets included as part of the Microsoft Graph SDK for PowerShell. As authentication is handled via the Connect-MGGraph cmdlet, the script is half the size of the first one. And it would’ve been even smaller were it not for few annoying bugs Microsoft is yet to address.

In all fairness, switching to the Graph does offer some improvements, such as being able to use a single call to list all role assignments. This is made possible thanks to the  /roleManagement/directory/roleAssignments endpoint (or calling the Get-MgRoleManagementDirectoryRoleAssignment cmdlet). Previously, we had to iterate over each admin role and list its members, which is not exactly optimal, and given the fact that the list of built-in roles has now grown to over 90, it does add up. On the negative side, we have a bunch of GUIDs in the output, most of which we will want to translate to human-readable values, as they designate the user, group or service principal to which a given role has been assigned, as well as the actual role. One way to go about this is to use the $expand operator (or the – ExpandProperty parameter if using the SDK) to request the full object.

While this is the quickest method, the lack of support for the $select operator inside an $expand query means we will be fetching a lot more data than what we need for the report. In addition, there seems to be an issue with the definition of the expandable properties for this specific endpoint, as trying to use the handy $expand=* value will result in an error ( “Could not find a property named ‘appScope’ on type ‘Microsoft.DirectoryServices.RoleAssignment'” ). In effect, to fetch both the expanded principal object and the expanded roleDefinition object, we need to run two separate queries and merge the results. Hopefully Microsoft will address this issue in the future (the /roleManagement/directory/roleEligibilitySchedules we will use to fetch PIM eligible role assignments does support $expand=* query).

Another option is to collect all the principalIDs and issue a POST request against the /directoryObjects/getByIds endpoint (or the corresponding Get-MgDirectoryObjectById cmdlet), which does have a proper support for $select . A single query can be used to “translate” up to 1000 principal values, which should be sufficient for most scenarios. With the information gathered from the query, we can construct a hash-table and use it to lookup the property values we want to expose in our report. Lastly, you can also query each principalID individually, but that’s the messiest option available.

Apart from role assignments obtained via the /roleManagement/directory/roleAssignments call, the script can also include any PIM eligible role assignments. To fetch those, invoke the script with the – IncludePIMEligibleAssignments switch. It will then call the /v1.0/roleManagement/directory/roleEligibilitySchedules endpoint, or similarly, use the Get-MgRoleManagementDirectoryRoleEligibilitySchedule cmdlet. Some minor adjustments are needed to ensure the output between the two is uniform, which includes the aforementioned issue with expanding the navigation properties. But hey, it wouldn’t be a Microsoft product if everything worked out of the box 🙂

Here are some examples on how to run the scripts. The first example uses the Graph API version and no parameters. For the second one, we invoke the – IncludePIMEligibleAssignments parameter in order to include PIM eligible role assignments as well. The last example does the same thing, but for the Graph SDK version of the script.

And with that, we’re ready to build the output. Thanks to the $expand operator and the workarounds used above, we should be able to present sufficient information about each role assignment, while minimizing the number of calls made. The output is automatically exported to a CSV in the script folder, and includes the following fields:

• Principal – an identifier for the user, group or service principal to which the role has been assigned. Depending on the object type, an UPN, appID or GUID value will be presented.
• PrincipalDisplayName – the display name for the principal.
• PrincipalType – the object type of the principal.
• AssignedRole – the display name of the role assigned.
• AssignedRoleScope – the assignment scope, either the whole directory (“/”) or a specific administrative unit.
• AssignmentType – the type of assignment (“Permanent” or “Eligible”).
• IsBuiltIn – indicates whether the role is a default one, or custom-created one.
• RoleTemplate – the GUID for the role template.

Now, it’s very important to understand that this script only covers Azure AD admin roles, either default or custom ones, and optionally eligible PIM-assignable roles (do note that the PIM cmdlets/endpoints do not cover all custom role scenarios). Apart from these, there are numerous workload-specific roles that can be granted across Office 365, such as the Exchange Online Roles and assignments, Roles in the Security and Compliance Center, site collection permissions in SharePoint Online, and so on. Just because a given user doesn’t appear in the admin role report, it doesn’t mean that he cannot have other permissions granted!

In addition, one should make sure to cover any applications (service principals) that have been granted permissions to execute operations against your tenant. Such permissions can range from being able to read directory data to full access to user’s messages and files, so it’s very important to keep track on them. We published an article  that can get you started with a sample script a while back.

9 thoughts on “ Generate a report of Azure AD role assignments via the Graph API or PowerShell ”

• Pingback: Reporting on Entra ID directory role assignments (including PIM) - Blog

This script is very nicely written, however the output of the Powershell Graph SDK version is incorrect (I didn’t check the other).

If I am eligible to activate a role I’ll be in the eligible list. However once I activate the role, my activated role assignment will show up in the list of role assignments from “Get-MgRoleManagementDirectoryRoleAssignment”. The output of that command doesn’t include a ‘status’ property. Your script assumes that if there’s no ‘status’ then the assignment is permanent, however that’s not accurate. So every eligible user who has activated a role shows up twice in the output of your script – once as as eligible for the role and once as a permanent assignment.

I came across your script because I’m trying to accomplish a similar task. My goal is to enumerate all the users who have eligible or permanent role assignments. I think the answer may be that if a user is in the eligible list, and also in the role assignment list, for the same role, then you can assume that the role assignment came from activation, but that doesn’t really seem very satisfactory.

Thanks Matt. The script is a bit outdated by now, I don’t even know if it runs with the “V2” Graph SDK. I’ll update it at some point 🙂

To further address your comment – neither the Get-MgRoleManagementDirectoryRoleAssignment nor the Get-MgRoleManagementDirectoryRoleEligibilitySchedule cmdlet returns sufficient information in order to determine whether a given (eligible) role assignment is currently activated. You can get this information via Get-MgRoleManagementDirectoryRoleAssignmentScheduleInstance, should be easy enough to add to the next iteration of the script.

Hi, thks for your great work. do you know why i dont see the eligible assignements ?

Seems they made some changes and you can no longer use $expand=* on the /v1.0 endpoint. Try using /beta, should work there. I’ll update the script when I get some time.

I’ve updated the script, let me know if you are still having issues.

Awesome, thank you very much.

Merci merci merci !!! Thanks thanks thanks !!

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Save my name, email, and website in this browser for the next time I comment.

This site uses Akismet to reduce spam. Learn how your comment data is processed .

Manage Azure Role Assignments Like a Pro with PowerShell

Today’s blog post is a little bit different. I have a couple of examples of how you can use PowerShell snippets and simple commandlets to get or set role assignmnets in your Azure Subscriptions.

PowerShell examples for managing Azure Role assignments

List all role assignments in a subscription, get all role assignments for a specific resource group, get all role assignments for a specific user, add a role assignment to a user, remove a role assignment for a user, remove all role assignments for a specific user, list all built-in roles, list all custom roles, create a custom role, update a custom role, delete a custom role, list all users or groups assigned to a specific role, list all permissions granted by a specific role, list all resource groups that a user has access to, create a role assignment for a service principal, powershell script to manage azure role assignments.

And now there is a script that combines some of these examples into one usable function:

I hope this was useful. Let me know if you liked the format of this blog and if you want me to include more of these examples.

Vukasin Terzic

Recent Update

• Writing your first Azure Terraform Configuration
• Transition from ARM Templates to Terraform with AI
• Getting started with Terraform for Azure
• Terraform Configuration Essentials: File Types, State Management, and Provider Selection
• Dynamically Managing Azure NSG Rules with PowerShell

Trending Tags

Retrieve azure resource group cost with powershell api.

The Future Of Azure Governance: Trends and Predictions

Further Reading

In my previous blog posts, I wrote about how simple PowerShell scripts can help speed up daily tasks for Azure administrators, and how you can convert them to your own API. One of these tasks is...

Azure Cost Optimization: 30 Ways to Save Money and Increase Efficiency

As organizations continue to migrate their applications and workloads to the cloud, managing and controlling cloud costs has become an increasingly critical issue. While Azure provides a robust s...

Custom PowerShell API for Azure Naming Policy

To continue our PowerShell API series, we have another example of a highly useful API that you can integrate into your environment. Choosing names for Azure resources can be a challenging task. ...

Security Café

Security Research and Services

AWS vs Azure: A “Secure by default” comparison

Whether you are in charge of deciding what Cloud solution to choose for your organization or you are a Security Professional trying to decide what Cloud technology to learn, when it comes to choosing the right Cloud solution there are multiple factors that need to be reviewed such as Services / Features , Costs and obviously Security which we will focus on.

AWS has been indeed first to market and has been a market leader ever since. However, as we will see, being second has its advantages and allowed Azure to design better and avoid some mistakes.

Even though other articles comparing these two cloud providers give an edge to AWS, based on our experience conducting both AWS and Azure assessments, we see misconfigurations affecting AWS more often than Azure due to a lack of “Secure by default” settings.

When deciding based on Services and Costs the choice between AWS and Azure would typically depend on your specific requirements and the needs of your organization. Both AWS and Azure offer a broad and deep set of capabilities with global coverage and both offer a pay-as-you-go pricing model with discounts applicable depending on the amount of resources consumed.

However, let’s take a closer look at the Security differences between the two cloud providers by reviewing the design choices, default settings and vulnerabilities that have been exploited over the years. We’ll focus on recuring issues that present constant problems, and not one time issues or CVEs.

Instance Metadata Service (Server-Side Request Forgery)

Lambda functions (local file inclusion), publicly exposed services, access keys (aws) vs interactive login (azure), aws iam policies vs azure roles (rbac), conclusions.

There are situations where a discovered Server-Side Request Forgery (SSRF) vulnerability (with read access) within a web application does not have a high impact because it cannot be leveraged to extract sensitive information.

However, SSRF has become a very high impact vulnerability if discovered on web applications hosted on AWS, mainly because the Instance Metadata Service API Version 1 ( IMDSv1 ) can be interrogated through a simple GET request from the EC2 instance. Through the SSRF vulnerability it is possible to initiate the GET request and receive from the Metadata Service API a session token with the permissions of the EC2 instance. This could lead to privilege escalation within the cloud environment.

AWS has introduced Instance Metadata Service  Version 2  ( IMDSv2 ) which prevents Server-Side requests from interrogating the Metadata Service API and obtaining a session token by requiring a PUT request instead of a GET request, therefore it is not possible to initiate a session with IMDSv2 using a SSRF vulnerability.

However, when creating a new EC2 instance, Version 1 of IMDS is selected by default and during our assessments we find many cases of new EC2 instances still using IMDSv1. Therefore, even though AWS offers a secure option through IMDSv2, it also allows room for misconfiguration by having IMDSv1 selected by default when creating a new EC2 instance.

On the other side, Azure has mitigated this issue from the start by requiring the presence of the “Metadata: true” header when initiating a session with the Metadata Service, which cannot be added through a Server-Side request thus preventing SSRF.

More details about this issue: https://hackingthe.cloud/aws/exploitation/ec2-metadata-ssrf

Similar to the previous attack vector but not as popular, Lambda functions affected by some kind of file read vulnerability (LFI, SSRF, XXE) can also lead to exposing IAM credentials stored in the Environment Variables (file:///proc/self/environ) of the container running the code. More details about this vulnerability: https://hackingthe.cloud/aws/exploitation/lambda-steal-iam-credentials/

Unlike AWS which stores these access credentials directly in Environment Variables, Azure Managed Identities that are used in multiple resource types (App Services, Azure Functions, Automation Accounts, etc.) use two environment variables called IDENTITY_ENDPOINT and IDENTITY_HEADER that contain information required to perform a specific HTTP GET request to a localhost endpoint that returns the Managed Identity access credentials (similar to how the Azure Metadata Service works). Therefore, you cannot retrieve access credentials through a file read vulnerability, instead you need full code execution on the container. Details about Azure Managed Identity headers: https://learn.microsoft.com/en-us/azure/app-service/overview-managed-identity#rest-endpoint-reference

Even though the Azure implementation is better designed to protect against credentials exposure which could lead to privilege escalation, mistakes have been made in the past that allowed critical Cross-Account unauthorized access to any other Azure customer accounts using services such as Azure Automation Account. This vulnerability was however mitigated promptly: https://orca.security/resources/blog/autowarp-microsoft-azure-automation-service-vulnerability/

One issue that we often encounter is regarding certain resource types, such as S3 Buckets / Storage Accounts and Container Registry images , that are exposed unintentionally to the Internet. Often times these resources do not contain anything sensitive of value, but it can be time consuming to review all the exposed resources to identify if they contain sensitive information, that is why in order to avoid misconfiguration when creating these resources the default configuration should have public access disabled and authentication should be required .

Public S3 buckets have been a serious security issue that has affected many organizations since 2006 when they were initially introduced. This is all due to the very simple fact that when they are created, the default configuration allows accessing them from the Internet without any type of authentication. It is up to the Cloud Admins to change these settings and restrict access.

Over the past decade this misconfiguration has resulted in many data leaks and bug bounties. However, after over a decade of many organizations making configuration mistakes, AWS has decided to change this default behavior in 2023 and block Public Access for new S3 Buckets.

Azure Blobs on the other hand, even if public access is enabled you need to configure authentication because “anonymous access” is disabled. Due to this “Secure by default” configuration that helps prevent mistakes and accidental exposure, we have rarely encountered issues with exposed Azure Storage Accounts.

The same goes for other resource types such as Container Registries where public access is sometimes preferred usually because 1) Admins are lead to believe that the Container Images have been “cleaned” and do not contain anything sensitive (tools such as Gitleaks , Trufflehog and Keyhacks can be useful in finding and verifying hidden secrets) 2) It makes network access configuration easier.

Fewer leaks have been encountered throughout the years on Azure compared to AWS, but even though disabling anonymous access and requiring authentication can help Azure Admins avoid accidental leaks, human mistakes still happen. ( 38TB Data Leak by Microsoft AI researchers – Wiz Article )

When not using the AWS Management Console, the main method of connecting programmatically or through CLI to the AWS Cloud environment has been Access Keys , and for good reason, they are indeed a convenient way to allow granular user access to AWS resources. However, this method places the responsibility on each individual user to securely handle these keys and ensure that they are stored properly, not shared or exposed to unauthorized individuals, and considering that Access Keys are long-term credentials that do not expire, they need to be deactivated when no longer used.

As you might have guessed, this has lead to many situations where keys were mishandled in various ways, hardcoded into application code or forgotten in configuration files (such as ~/.aws/credentials).

We recently conducted an investigation where we scanned over 30.000 public Amazon Machine Images and public Azure Shared Images (these images are shared by the community and used to create AWS EC2 Instances and Azure VMs) in order to find hidden secrets that most likely have been forgotten by those who exposed these images to the Internet. Results show that AWS Access Keys are one of the most commonly mishandled or forgotten secrets.

• AWS CloudQuarry research: https://securitycafe.ro/2024/05/08/aws-cloudquarry-digging-for-secrets-in-public-amis/
• Azure CloudQuarry research: Coming soon

AWS is recommending to avoid using long-term Access Keys and instead use the IAM Identity Center which allows Interactive Login including for AWS CLI V2, but most users and organization continue to use Access Keys because it is the default option, it is more familiar and easier to deploy.

On the other hand, Azure users wanting to authenticate and access Azure services (either through Web Portal, Azure Cloud Shell or CLI) must do it through Interactive Login which generates short-term access tokens (Refresh tokens expire after 90 days) and discourages using user account sessions for long-term purposes in order to avoid mishandling. If you require long-term credentials for a Service/Application then Azure provides the option to generate Service Principals (which are long-term credentials) through App Registrations.

Moreover, Azure short-term Refresh tokens are no longer stored plain-text in the “accessTokens.json” file on the local system, but instead they are encrypted: https://learn.microsoft.com/en-us/cli/azure/msal-based-azure-cli

We can all agree that AWS IAM offers a great deal of flexibility and control through the use of multiple Policies (such as Trust Relationship Policies , Service Control Policies , Resource-Based Policies , Identity Policies , Permission Boundaries , Session Policies ) and through permissions such as “ sts:AssumeRole ” and “ sts:PassRole “.

However, allowing great control does not guarantee great control. When highly complex environments with specific requirements are managed by multiple people, this can lead to an ambiguous Policy Evaluation Logic where even experienced administrators can sometimes fail to properly restrict access and avoid privilege escalation.

A very important aspect of IAM Policies is that the same JSON document contains both the permissions that are allowed and the target resources where access is granted. So everything you need to specify to enable access is grouped together in one place. As a result, it is enough for a wildcard “*” to be placed in the wrong place, which actually happens relatively often, and just like that you accidentally either allow too many permissions or allow access over all resources.

Azure uses the classic Role-Based Access Control (RBAC) architecture that I believe most IT Admins are much more familiar with.

Unlike AWS, in Azure the permissions and target resources are “decoupled”. When creating a Role in Azure, the JSON document contains only the defined permissions. A Role Assignment needs to be performed in order to apply those permissions to a specific Scope : resource, resource group, subscription. (more details: AWS, Azure and GCP: The Ultimate IAM Comparison )

When you apply a very permissive policy to an AWS user you might accidentally give access to more resources than required, however, when you assign a role to an Azure user you have to mention the exact resource where that role applies. I know this difference might seem basic but it could prevent admins from assigning very permissive rights without being aware of it.

Take for instance the following image where the default Azure “Reader” role has read access over any resource and unlimited “assignableScopes” (assignableScopes means where it could potentially be applied, not where it does apply). Only after performing the secondary Role Assignment step and mentioning the specific target resource, the permissions will take effect only on that defined resource.

I believe this decoupling is essential in helping prevent misconfiguration as it provides transparency and makes it harder to accidentally allow access over all resources. Moreover, the “evaluation logic” is simplified in Azure as you only need to take into account Inheritance from upper levels (Resource <- Resource Group <- Subscription).

Based on our assessments, over-privileged permissions and privilege escalation scenarios are encountered more often on AWS than on Azure.

Security misconfigurations and bad practices are the main reasons breaches occur in the Cloud. Therefore, when reviewing Cloud providers from a security perspective it is crucial to compare how well they protect company users from making configuration mistakes by implementing “secure by default” configuration settings.

Even though both Cloud providers enable companies to achieve a high security environment, AWS places more responsibility on the company users to implement secure settings. As a result, Azure’s default security settings and design have resulted in less issues than on AWS over the years, and it is all due to differences like the ones we mentioned. Not being first to market has allowed Microsoft to make different design choices that sometimes might help avoid incidents.

Therefore, if you value security when choosing between AWS and Azure, either for your company or even personal use, consider the importance of these key differences and how could they impact your situation, especially if you have a complex environment with many resources and permissions.

On the other hand, if you are a Security Professional interested in learning new Cloud technologies and are undecided between the two, I believe AWS can be more fun as it can lead to more interesting security findings.

Share this:

Leave a reply cancel reply.

• Already have a WordPress.com account? Log in now.
• Subscribe Subscribed
• Copy shortlink
• Report this content
• View post in Reader
• Manage subscriptions
• Collapse this bar

Please enter your information to subscribe to the Microsoft Fabric Blog.

Microsoft fabric updates blog.

Microsoft Fabric July 2024 Update

• Announcements

Data Engineering

Data factory.

• Real-Time Intelligence

Welcome to the July 2024 update.

Here are a few, select highlights of the many we have for Fabric. Creating and managing Git branches & connected workspaces with Git integration just got with the latest enhancements to Fabric Git integration. You now have the capability to perform restore-in-place of a warehouse in Microsoft Fabric through the Microsoft Fabric Warehouse Editor. Real-time Dashboards now support ultra-low refresh rates of just 1 and 10 seconds, ensuring you always have the freshest and most accurate data at your fingertips.

There is much more to explore, please continue to read on.

European Fabric Community Conference

Join us at Europe’s first  Fabric Community Conference , the ultimate  Power BI,   Fabric, SQL & AI  learning event in  Stockholm, Sweden  from  September 24 -27, 2024 .

With 120 sessions, daily keynotes, 10 pre-conference workshops, an expo hall with community lounge, and “ask the expert” area, the conference offers a rich learning experience you don’t want to miss. This is a unique opportunity to meet the Microsoft teams building these products, customers betting their business on them, and partners at the forefront of deployment and adoption.

Register today  using code MSCUST for an  exclusive discount  on top of  early bird pricing!

Get certified on Fabric!

We’d like to thank the thousands of you who completed the  Fabric AI  and  30 Days to Learn It Skills Challenge  and earned a discount voucher for  Exam DP-600  which leads to the  Fabric Analytics Engineer Associate  certification.

If you earned a discount voucher, you can find redemption instructions in your email. We recommend that you  schedule your exam  promptly, before your  discount voucher expires. 

If you need a little more help with exam prep, visit the  Fabric Career Hub  which has expert-led training, exam crams, practice tests and more.

Fabric Influencers Spotlight

Check out our latest initiative, the Fabric Influencers Spotlight .   Each month, we’ll be highlighting some of the great blog, videos presentations and other contributions submitted by members of Microsoft MVP & Fabric Super User communities that cover the Fabric Platform, Data Engineering & Data Science in Fabric, Data Warehousing, Power BI, Real-Time Intelligence, Data Integration, Fabric Administration & Governance, Databases and Learning. 

Governance, Databases, and Learning. 

Attention Power BI users! 

If you are accessing Power BI on a web browser version older than Chrome 94, Edge 94, Safari 16.4, Firefox 93, or equivalent, you need upgrade your web browser to a newer version by  August 31, 2024 . Using an outdated browser version after this date, may prevent you from accessing features in Power BI.

Customize your reference layers in the Azure Maps visual

• Announcing general availability of enhanced row-level security editor in Power BI Desktop

DAX query view is available in live connect

Add or update multiple measures in dax query view, certified connector updates, storytelling in powerpoint – new export to powerpoint dialog, new update for field parameter feature for custom visuals, power bi enhanced report format (pbir) update, new visuals in appsource, linear gauge by powerviz, drill down map pro by zoomcharts, powergantt chart by nova silva, advanced geospatial analytics made simple with icon map pro for power bi, bind to gateway api support for paginated reports, parameters, header/footer and much more in the web authoring experience for paginated reports (preview), power bi report server key in fabric capacities.

• General Availability of Fabric Private Links
• General Availability of Managed Private Endpoint
• General Availability of Trusted workspace access

CI/CD – GitHub integration for source control

New branching capabilities in fabric git integration, announcing the general availability of time travel and 30 days of data retention in fabric warehouse, seamless data recovery through warehouse restoration within fabric query editor, alter table, add nullable columns, capacity pools for spark in microsoft fabric for data engineering and data science, environment resources folder, mssparkutils new api, lakehouse schemas (public preview): a new way to organize your tables, real-time dashboards 1s and 10s refresh rate, kql database – .update command ga, global view in manage connections, support for editing navigation steps, on-premises support for fast copy, edit json code for data pipelines, new connectors, snowflake storage integration, use existing connections from the onelake datahub integration.

Check out or Monthly Update video here: 

Recently, we’ve brought you a lot of improvements to the Azure Maps visual, including reference layer support for a variety of new data formats . This month, we’re excited to announce several more improvements to reference layers: CSV support, new customization options, and dynamic URL sources!

First, the Azure Maps visual now supports CSV files as data sources for reference layers! Just as you can already use GeoJSON, Shapefiles, WKT, and KML files, you can now upload a CSV file instead in the reference layer section of the formatting pane.

You can also now format reference layer shapes from within the formatting pane. Previously, Azure Maps required you to define the color and width of points, lines, and polygons from within your reference layer files. Otherwise, these shapes would be drawn on your maps with the default colors and formatting. This requirement brought additional complexity to working with your reference layers in Power BI, since the files needed more than just the data you intended to visualize. Now, we’ve added these standard formatting settings to each type of object in your reference layers in the formatting pane, so you can customize them directly from within Power BI!

Lastly, for those of you who need your reference layers to change with time or other data-bound conditions, you can now provide a dynamic URL using conditional formatting! This allows you to set custom logic to determine the reference layer URL the Azure Maps visual will use. For example, you can load in different reference layers based on the categories selected by a slicer, like to visualize performance of different product lines over the same geography.

We’re still hard at work bringing you more improvements to the Azure Maps visual — let us know what you think about these new capabilities and keep an eye out for further updates in the future!

Check out a Reporting demo here: 

Announcing general availability of enhanced row-level security editor in Power BI Desktop

We are excited to announce the general availability of the enhanced row-level security editor in Power BI Desktop! With this editor, you can quickly and easily create row-level security roles and filters. Simply choose ‘Manage roles’ from the ribbon to open the editor.

By default, this will open an easy-to-use drop-down interface for creating and editing security roles all without having to write any DAX!

If you prefer using DAX or need it for your filter definitions, you can switch to use the DAX editor to define your role. This is a rich editor complete with autocomplete for formulas (intellisense). It also allows you to easily verify the validity of your DAX expressions by selecting the check button and revert any changes by selecting the X button. At any point you can also switch back to the default editor by selecting ‘Switch to default editor’. All changes made in either editor persist when switching interfaces when possible, giving you maximum flexibility as you create your row-level security roles.

Learn more information about Power BI row-level security including limitations in our  documentation .

Check out Modeling demos here:

We heard your request and have added the ability to use DAX query view while live connected to a published semantic model. With this release you can write DAX queries with DAX query view when live connected to a published semantic model in Power BI Desktop!

This includes live connecting to the amazing Direct Lake semantic models created in Microsoft Fabric. Live connects to your published Direct Lake, import, DirectQuery, or composite semantic model in Desktop and use the DAX query view to quickly view data without having to create any visuals. Use quick queries to have a DAX query generated for you from any table, column, or measure, and Copilot can help you as you write your DAX queries.

This can be helpful to further your analysis beyond just report authoring even when you are using a published semantic model managed by someone else.

Try it out today and learn more about DAX query view .

Another popular ask for DAX query view is also now available – add or update the model with multiple measure changes.

In a DAX query, you can use the DEFINE syntax to add a measure. These DAX query scoped measures are helpful for authoring DAX formulas and trying them out with different groups by columns before adding them to the model. In DAX query view, we made it easy to then add these measures to the model by clicking the text between the lines above the DEFINE MEASURE. DAX queries also allow you to define many measures at once, so it can be tedious to click each one. Now this task is very easy with the option to update the model with a single click for all measures!

This can be handy to quickly format all your DAX formulas at once.

• In DAX query view, right-click in the Data pane and choose Quick queries > Define all measures in this model
• Click the Format query button in the ribbon.
• Click Update model with changes button.

And you are done! Try it out today and let us know what you think by using the Share feedback button.

Data connectivity

We’re pleased to announce the new and updated connectors in this release:

• [New] Windsor
• [Update] SingleStore
• [Update] Smartsheet
• [New] BuildingConnected

Are you interested in creating your own connector and publishing it for your customers? Learn more about the  Power Query SDK  and the  Connector Certification program .

To reduce complexity and drive more clarity we merged the two options to export to PowerPoint into a single dialog. You can now choose between embedding live data using Power BI add-in for PowerPoint and exporting the report as images from the same dialog.

Check out a Service demo here: 

sourceFieldParameters is a new property in DataViewMetadataColumn that identifies whether a query field results from a field parameter resolution. If a single field can originate from multiple field parameters, this property will list all the related field parameters. This new update is available with API v5.10.0.

The following previously announced limitations of the PBIR format have been resolved:

• Can’t be exported to PPTX or PDF.
• Can’t be included in Subscriptions
• Mobile layouts aren’t applied.
• Can’t be utilized in Power BI Embedded.

For further information regarding PBIR, please refer to the  documentation .

Visualizations

Icon Map Pro

StackedTrends Visual

Smart Grid-Map Multilevel Matrix Xerppa

Sankey Diagram Waffle Chart Maker Waterfall Chart SPC_Visual

Powerviz Linear Gauge is an advanced visual that is used to display the progress against set targets on a linear scale, with an axis displaying a range of values or percentages. The Linear Gauge quickly conveys the status or progress of a task or value being measured.

Key Features:

• Gauge Styles: Four different gauges including Linear, Bar in Bar, Cylinder, Thermometer, and customization option.
• Templates: Select from pre-made templates or customize your own.
• Scale: Select an absolute or percentage scale, with a customizable min-max range.
• Targets: Set a custom target or apply a target using a value field.
• Data Colors : 30+ color palettes available.
• Band: 30+ color palettes and customization options.
• Labels: Improve readability with labels.
• Small Multiples: Divide visuals based on fields.
• Ranking: Filter Top/Bottom N shows remaining as “Others”.

Other features included are fill pattern, annotation, grid view, show condition, and more.

Business Use Cases:

Sales Performance Tracking, Project Milestone Monitoring, Financial KPI Analysis,

🔗 Try Word Cloud Visual for FREE from AppSource

📊 Check out all features of the visual: Demo file

📃 Step-by-step instructions: Documentation

💡 YouTube Video: Video Link

📍 Learn more about visuals: https://powerviz.ai/

✅ Follow Powerviz : https://lnkd.in/gN_9Sa6U

When visualizing data with geographic coordinates, what better way to do it than literally placing it on a map? That’s why map charts are a growingly popular visualization type in Power BI reports, and the Drill Down Map PRO custom visual by ZoomCharts expands on the capabilities of map charts.

• Node Clustering: Multiple nearby nodes can create clusters and even display the values as pie charts. Simply zoom in to drill down.
• Base Layer Customization: Choose between AzureMaps or any custom tileserver, use your own images as the base layer, or disable it entirely.
• Custom Shape Layers: Enable up to 10 individually customizable shape layers. Use preset shapes or import your own KML/GeoJSON files.
• Conditional Formatting: Automatically apply color fill to each area by comparing their values against other shapes or by using each shape’s own reference value.
• And More: Paginated tooltip s, custom tooltip fields, auras, node images, lasso tool.

Drill Down Map PRO works incredibly well with other visuals by dynamically cross-filtering data, enabling you to build even more insightful and user-friendly Power BI reports.

🌐 Get Drill Down Map PRO on AppSource

Product Page | Documentation | LinkedIn | Community

We are excited to receive ongoing feedback from you and want to express our gratitude for your valuable contributions. Your insights help us make significant enhancements to our visuals.

In the latest releases of the PowerGantt Chart, we have added many new features based on your feedback. These include the ability to show incomplete tasks and display progress as a separate column. We’ve also included links in the additional columns and enhanced their formatting options. You can now change the milestone shapes and wrap text in columns for better readability.

• Progress column
• Milestone shapes
• Milestone labels
• Dynamic zoom slider period
• Vertical grid lines
• Expand & Collapse all

Additionally, we’ve added the option to preset the zoom slider, expand and collapse all hierarchy elements, and add milestone labels. To further improve your experience, we’ve enabled the display and formatting of vertical grid lines. These updates are designed to provide you with more flexibility and control over your project visuals.

We appreciate your continued support and look forward to receiving more of your valuable feedback. Together, we can keep enhancing PowerGantt Chart to meet your needs.

Try the PowerGantt Chart for FREE now on your own project data by downloading it from the AppSource .

Questions or remarks? Visit us at: https://visuals.novasilva.com/ .

Icon Map Pro , the new professional version of Icon Map , has been built from the ground up with an extensive set of new features and a simplified interface. This tool offers a robust solution for visualising and analysing geospatial data within Power BI. It is designed for data analysts, GIS specialists, and business intelligence professionals, addressing the need for seamless integration of geographic insights into BI dashboards. Users can effortlessly transform complex geospatial data into actionable visuals, enhancing decision-making and strategic planning with the intuitive low/no-code Power BI interface.

Visit the supporting website iconmappro.com for:

• Extensive documentation
• Supporting videos
• Professional help and support

Try Icon Map Pro for free from Microsoft AppSource

Paginated Reports

You can now bind your paginated reports to gateways with a REST API. This will allow paginated reports to connect to on-prem gateways without requiring users to go to the UI in the Power BI service and bind the report to the specified gateway. Learn more about the Bind to Gateway API for paginated reports .

We have introduced a new experience to web author paginated reports! It’s not just an update to the look and feel, but we’ve also introduced a host of new capabilities. You can now define parameters, headers, footers, page numbers in your web authored reports. The update will be rolling out in the coming weeks. Please check again in a couple of weeks, if you don’t see it.

Once you select the fields, they will appear in the “Editor” along with a “Preview” of the report with sample data. You can move the table in the “Editor” and the preview will reflect the change as well.

You can choose to add a header, footer, textbox or image. To add a footer, choose “Insert” and select “Footer”.

Add a Text box, Image, page number and/or execution time. You can choose to display the footer and header on the first and last pages as well.

Exit the footer by clicking out, once you are in the body of the report, you can “Create parameter”. By creating a parameter, you can create a report that requires the viewer of the report to enter one or more values to view the report.

When you “Create parameter”, you can see the parameter at the top of the “Preview” portion of the screen. You can show/hide the parameter by clicking on the “Parameters” on the preview ribbon.

When you save the report, it is saved with the parameter defined and the viewer of the report must specify the parameters to view the report. You can now share the report with others!

This is a preview feature and will not be available on Sovereign clouds until we are generally available.

Check out a Paginated Reports demo here: 

Power BI Report Server

Power BI Report Server is now included with F64+ Reserved Instance purchases. It continues to be available with SQL Server Enterprise core licenses with software assurance. You can get the PBIRS key in the “Fabric Capacity” tab under “Capacity Settings” in the admin portal.

Learn more about ways to get the Power BI report server key .

Check out a Power BI Report Server demo here: 

General Availability of Fabric Private Links

Private links for Fabric tenant  secures inbound access to Fabric from select virtual networks (VNets) and allow you to block access from the internet. Tw With this feature enabled, you can secure connectivity to Fabric  Onelake  and experiences like  Data Warehouse ,  Data Engineering ,  Data Science  and  Data Factory . In addition to the above, we also announced private link support for  Eventhouses . To learn more about Azure Private Link Support for Microsoft Fabric.

Check out the blog post to learn more – About private Links for secure access to Fabric  – Microsoft Fabric | Microsoft Learn

General Availability of Managed Private Endpoint

Managed private endpoints provide secure connectivity from Fabric to data sources that are behind a firewall or not accessible from the public internet. Managed Private Endpoints currently enable Fabric Data Engineering items to access data sources securely without exposing them to the public network or requiring complex network configurations. Managed private endpoints are supported for various data sources, such as Azure Storage, Azure SQL Database, and many others- the most recent addition being Azure Event Hub and Azure IOT Hub. We will also expand to more workloads as we go.

To learn more about Managed Private Endpoints and supported data sources see Overview of managed private endpoints for Microsoft Fabric – Microsoft Fabric | Microsoft Learn

General Availability of Trusted workspace access

Trusted workspace access allows seamless and secure access to firewall enabled Azure storage accounts. It is designed to help you securely and easily access data stored in Storage accounts from Fabric workspaces, without compromising on performance or functionality. This feature extends the power and flexibility of OneLake shortcuts to work with data in protected storage accounts in place without compromising on security. You can also use this capability with Data pipelines and the COPY INTO feature of Fabric warehouses to ingest data securely and easily into Fabric workspaces.

Trusted workspace access is based on the concept of workspace identity, which is a unique identity that can be associated with workspaces that are in Fabric capacities. When you create a workspace identity, Fabric creates a service principal in Microsoft Entra ID to represent the identity.

A workspace identity enables OneLake shortcuts, data pipelines, and warehouse Copy INTO command to access Storage accounts that have resource instance rules configured. Resource instance rules are a way to grant access to specific resources based on the workspace identity or managed identity. You can create resource instance rules by deploying an ARM template with the resource instance rule details.

To get started with this feature and to learn about limitations, see Trusted workspace access in Microsoft Fabric – Microsoft Fabric | Microsoft Learn

Organizations who use GitHub or GitHub Enterprise as their source control tool, can now seamlessly integrate with Fabric by connecting Fabric workspaces to GitHub and backup their work. This integration will enjoy the same functionalities that the integration with Azure DevOps offers in Fabric today.

Learn more about the new release.

Creating and managing Git branches & connected workspaces with Git integration just got with the latest enhancements to Fabric Git integration. The updated source control pane in every Git-connected workspace now includes these features:

• Branch Out to a New Workspace – Effortlessly create a new isolated environment, allowing developers to work independently without impacting the team’s shared workspace. This makes it quick and easy to get started on new tasks.
• Explore related workspaces – Easily access any workspace connected to the same Git repository and folder, enabling seamless work across different workspaces and branches directly from your current workspace.

These new capabilities come with a redesigned source control pane, which now organizes all features into a couple of streamlined tabs.

For more details and to explore these options, read the full update here .

Check out Core demos here: 

Data Warehouse

In the rapidly evolving world of generative artificial intelligence, historical data plays a significant role in influencing the decision-making process and shaping organizational strategies. Data retention within data warehouse refers to the practice of preserving and managing previous iterations of the data encompassing any inserts, updates or deletes made to the warehouse for a specified period. As a quick response to the valuable customer feedback, we are thrilled to extend the data retention period to 30 calendar days from 7 calendar days and announce the General availability of Time travel at the T-SQL Statement level.

Extending the data retention period to 30 calendar days opens new avenues for exploration, by leveraging Fabric warehouse features – Time travel at T-SQL statement level, Time travel with table clone, and restore in place.

In the data-centric world, data retention is pivotal in modern data management enabling organizations to utilize historical data effectively for analysis, reporting, compliance, and strategic decision-making. By the utilization of data retention, businesses can extract valuable insights from the past to drive success both now and in the future. In today’s rapidly evolving digital landscape, adaptability is crucial. Our decision to extend the data retention period from 7 to 30 calendar days underscores our commitment to agility and customer-centricity. Come embrace the data retention of 30 calendar days to obtain deeper insights and stay ahead of the curve.

We are thrilled to announce the capability to perform restore-in-place of a warehouse in Microsoft Fabric through the Fabric Warehouse Editor.

In today’s rapidly evolving data management landscape, maintaining the resilience and continuity of your data infrastructure is essential. Unplanned system failures and scheduled maintenance alike demand the ability to restore data warehouses swiftly and seamlessly. This capability is no longer just a feature – it’s a critical necessity in modern analytics environments. A quick and reliable data warehouse recovery solution is indispensable, not only to protect against data corruption but also to ensure business continuity.

From the moment the warehouse item is created, system restore points are created at least every 8 hours. You can create any number of user-defined restore points aligned with your specific business or organizational recovery strategy. Both system-created and user-defined restore points come with a retention period of 30 calendar days. You can view all restore points in warehouse settings.

To create user-defined restore points, go to Warehouse Settings -> Restore points and Add a restore point by providing Name and Description. Then click on context menu action to restore the warehouse item back to that point.

To learn more about Restore in-place of a warehouse, please refer to documentation and announcement

We are excited to announce the General Availability of Alter Table – Add Nullable columns! In the ever-evolving data landscape of data organizations, schemas are shifting and changing to keep up with the influx of new data.

Whether your schema modifications are few and far between, or a regular occurrence that constantly needs to adapt to changing requirements, we have you covered. Our goal is to ensure that customers have everything they need for a seamless warehousing experience, and we continue to strive towards ensuring our TSQL surface area meets the needs of our customers.

Here are some example syntaxes to get started with ALTER TABLE functionality. Note that today we only support the ability to add nullable columns to the Warehouse table.

ALTER TABLE [Contoso].[dbo].[Customers]

ADD [Customer_County] varchar(30)

Learn more here .

Check out our Data Warehouse demo here: 

We’re excited to introduce the public preview of Capacity Pools, designed specifically for Fabric Data Engineering and Data Science workloads. With this new feature, capacity administrators can create custom pools using the capacity spark settings option. Here’s how:

Navigate to the Capacity Settings Page:

• Go to the Admin Poral -> Capacity Settings Page.
• Navigate to the “Data Engineering/Science Settings”.

Create New Pools:

• Within the Spark Settings, you’ll find the option to create new pools.

• These pools can be sized based on the Max Burst Cores limit for Spark your Fabric Capacity SKU.

Availability Across Workspaces:

• Once configured and saved, these pools become available for all workspaces connected to the Fabric capacity.
• Workspace administrators will see the newly created Capacity pool listed among their available options.

• Data Engineers or Data Scientists using Environments will also see the newly created Capacity pool listed among their available compute options.

With these options Capacity admins gain additional controls to manage compute governance for Spark compute in Microsoft Fabric. You can create pools for specific workspaces and even disable workspace-level customization.

We are thrilled to announce the launch of our new Environment Resources Folder, a shared repository designed to streamline collaboration across multiple notebooks! In the existing notebook the resources folder provides a per notebook resources to store small sized dataset, sample files, code modules and configuration files etc. It provides convenient browsing, folder structure management, upload/download, drag and drop and simple file interactions.

In the recent release, the resources functionality is extended to the Environment, you can find the Resources tab inside the environment and have the full operations to manage the resource files here, and these files can be shared across multiple notebooks once the notebook is attached to the current environment, you can leverage this enhancement to better collaborate with the team on large project with shared resources.

In the Notebook page, you can easily find a second root folder under Resources inherited from the attached environment, and you operate on the files/folders just same with the Built-in resources folder, you can easily drag & drop different files into the code cell, and we’ll generate the executable code snippet to help you consume the file easily. The Environment resource path will be automatically mounted to the notebook cluster, you can use the relative path /env to access the environment resources.

For more detailed usage please find the public document here: How to use notebooks – Microsoft Fabric | Microsoft Learn

We are excited to announce that mssparkutils.runtime.context is available to all now! With the new API you can get the context information of the current live session, including the notebook name, default lakehouse, workspace info, if it’s a pipeline run, etc. And the context information is very useful when you want to have more advanced implementation logic inside notebook.

For more information, see Microsoft Spark utilities documentation.

We are excited to announce the release of lakehouse schemas. It is a new feature that allows you to group and manage your tables in logical namespaces. With lakehouse schemas, you can organize your tables into categories, such as business domains, projects, or teams. You can reference multiple tables at once using schema shortcuts, instead of shortcutting each table individually. Apply security policies to schemas for more granular access control, such as granting or revoking permissions to a group of tables at once. You can also cross-reference and join tables from different workspaces using Spark SQL, without having to copy or move data.

• Lakehouse schemas is a new feature that enables logical grouping and management of tables in namespaces.
• With lakehouse schemas, users can organize tables by categories, use schema shortcuts, apply security policies, and cross-reference tables from different workspaces.
• The feature is available for public preview.

For more detailed information find the public documentation here: Lakehouse schemas (Preview) – Microsoft Fabric | Microsoft Learn

Check out our Data Engineering demo here: 

Real-time Intelligence

Real-time Dashboards now support ultra-low refresh rates of just 1 and 10 seconds, ensuring you always have the freshest and most accurate data at your fingertips. With the auto-refresh feature, your dashboards update automatically, eliminating the need to manually reload the page or click a refresh button.

Learn more about enabling Real-Time Dashboards auto refresh and setting the refresh rate Create a Real-Time Dashboard (preview) – Microsoft Fabric | Microsoft Learn

Eventhouse and KQL databases are optimized for append ingestion.

In recent years, we’ve introduced the  .delete command , allowing you to selectively delete records.

In February, we introduced the  .update command in public preview .  This command allows you to update records by deleting existing records and appending new ones in a single transaction.

The .update command is now Generally Available (GA)!

We encourage you to go through the  many examples of the online documentation page  to familiarize yourself with the syntax.

Dataflow Gen2

Manage connections is the feature that allows you to see and edit all the connections in your Dataflow and data sources that don’t have any linked connection so you can create a new one.

Starting today, we’re adding a new Global view to the Manage Connections that will also allow you to see all the available connections in your Fabric environment so you can modify them or delete them without ever having to leave the Dataflow experience.

Previously, if you wanted to delete a connection you would’ve had to go into the Manage Connections and Gateways portal to do so, but now you have an alternative way without ever having to leave the Dataflow experience.

You can learn more about the Manage Connections feature from the official documentation article .

Whenever you connect to a data source that showcases a Navigation dialog you end up with a query that has a Source step and either one or a series of Navigation steps. For example, when you use the Lakehouse connector you can navigate to the workspaces that you have access to, then the Lakehouse within them and the objects found within your Lakehouse so you can navigate to them. Another example is when you connect to an OData service like Northwind that displays a list of tables available to you.

What if you wanted to connect to a different object within your Lakehouse or perhaps a completely different Lakehouse?

Introducing the new experience to edit navigation steps within DataflowYou can find it inside of the Applied steps  section of the Query settings pane by double clicking a Navigation step or clicking on the gear icon.

It is similar to the way that a navigation step behaves in Power Query Desktop (in Excel and Power BI Desktop), but the main difference is that it is available for all Navigation steps, and it only modifies the Navigation steps. It doesn’t result in deletion of subsequent steps like it happens in Power Query Desktop (in Excel and Power BI Desktop).

We encourage you to give this new feature a try and share your feedback in our Data Factory community forum .

You can now boost your performance with Fast Copy in Dataflow gen2 when loading data from on-premises data stores including SQL Server.

The way you configure Gateway in Dataflow gen2 to get access to on-premises data stores, it is the same for Fast Copy in Dataflow gen2. By doing so, you can ingest terabytes of data from on premise store with the easy experience of dataflows, but with the scalable back end of the pipeline Copy Activity.

Learn more about Fast Copy in Dataflow Gen2 .

Check out the new and updated connectors in this release:

• [New] OneStream
• [Update] Exact Online Premium v
• [Update] Funnel
• [Update] Wolters Kluwer CCH Tagetik
• [Update] Delta Sharing

Data pipeline

You can now edit the JSON behind your Data Factory pipelines in Fabric

Fabric Data Factory is the low-code data integration service in Microsoft Fabric that includes dataflows, data pipelines, and many other data integrations and ETL capabilities. When designing your low-code pipeline workflows, directly editing the JSON code behind your visual pipeline canvas can increase your flexibility and improve your market time. Long-time ADF and Synapse developers have also asked for this capability in Fabric, and we are super excited to now announce the edit JSON capability has been added to Fabric Data Factory data pipelines!

We are excited to announce the release of two powerful new connectors in Fabric Data Factory data pipeline: Azure MySQL Database Connector and Azure Cosmos DB for MongoDB Connector.

These connectors are designed to significantly enhance your data integration and management capabilities. The Azure MySQL Database Connector enables seamless, secure, and efficient integration with MySQL databases hosted on Azure, simplifying data workflows and ensuring robust performance.

Meanwhile, the Azure Cosmos DB for MongoDB Connector offers unparalleled ease of connection to Azure Cosmos DB for MongoDB instances, providing high compatibility and performance for your NoSQL data needs.

Elevate your data integration experience with these new connectors in Fabric Data Factory and unlock the full potential of your data ecosystems.

We are thrilled to announce a powerful new feature in the Fabric Data Factory Snowflake Connector to support Snowflake storage integration.

This enhancement allows users to seamlessly connect and integrate Snowflake’s storage integration , enabling more efficient and secure data movement. With Snowflake storage integration, you can streamline data workflows, optimize performance across all staging scenarios without the need to bring external storage to stage your dataset as you do today. This update not only simplifies your data integration processes but also significantly expands your ability to move data from or to Snowflake with richer authentication methods through staged approach and thus improves the security.

We are excited to share the new capability of OneLake Datahub at the homepage of Modern Get Data in Data Pipeline. Now you can select any existing connections from OneLake Datahub, not just your recent and favorite ones. This makes it easier to access your data sources from the homepage of modern get data in data pipeline.

Related blog posts

Microsoft fabric august 2024 update.

Welcome to the August 2024 Update. Here are a few, select highlights of the many we have for Fabric. V-Order behavior of Fabric Warehouses allows you to manage the V-Order behavior at the warehouse level. Monitor ML Experiments from the Monitor Hub allows you to integrate experiment items into Monitoring Hub with this new feature. … Continue reading “Microsoft Fabric August 2024 Update”

Fabric Community Sticker Challenge 2024

Hey Community Members! Are you a sticker enthusiast, do you enjoy adding stickers to your laptop?  We invite all Fabric Community members to participate in the Fabric Community Sticker Challenge through August 28th. Your creative submissions will be voted on by the community to determine the best of the best!  The challenge winners will have their … Continue reading “Fabric Community Sticker Challenge 2024”

An official website of the United States government

Here’s how you know

Official websites use .gov A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS A lock ( Lock A locked padlock ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Free Cyber Services #protect2024 Secure Our World Shields Up Report A Cyber Issue

Vulnerability Summary for the Week of August 19, 2024

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the  National Institute of Standards and Technology  (NIST)  National Vulnerability Database  (NVD) in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the  Common Vulnerabilities and Exposures  (CVE) vulnerability naming standard and are organized according to severity, determined by the  Common Vulnerability Scoring System  (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

• High : vulnerabilities with a CVSS base score of 7.0–10.0
• Medium : vulnerabilities with a CVSS base score of 4.0–6.9
• Low : vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.  

High Vulnerabilities

Back to top

Medium Vulnerabilities

Low Vulnerabilities

Severity Not Yet Assigned

Please share your thoughts

We recently updated our anonymous product survey ; we’d welcome your feedback.

This browser is no longer supported.

Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.

Role Assignment Schedule Instances - Get

Gets the specified role assignment schedule instance.

URI Parameters

Azure Active Directory OAuth2 Flow

Type: oauth2 Flow: implicit Authorization URL: https://login.microsoftonline.com/common/oauth2/authorize

Get Role Assignment Schedule Instance ByName

Sample request.

To use the Azure SDK library in your project, see this documentation . To provide feedback on this code sample, open a GitHub issue

Sample response

Definitions.

Assignment Type

Assignment type of the role assignment schedule

Cloud Error

An error response from the service.

Cloud Error Body

Expanded Properties