Microsoft Fabric · Tenant Administration
Fabric Administrator
Tenant-wide Fabric administration. Enable/disable Fabric features, configure tenant settings, monitor usage, manage audit logs, and govern embed codes. Cross-listed from Microsoft Entra ID (this is the same role as the entra-fabric-admin entry).
Scope: Tenant-wide administration of Microsoft Fabric and Power BI
Permissions
- Tenant settings - Configure all Fabric tenant-level settings
- Feature governance - Enable or disable Fabric features org-wide
- Usage metrics - View tenant-wide adoption and consumption data
- Audit logs - Review and manage Fabric audit activity (surfaces in Purview portal)
- Workspaces - View and govern all workspaces in the tenant
- Embed codes - Manage embed codes for sharing reports publicly
- Capacity - Pause, resume, and scale capacities
Common use cases
- Initial Fabric tenant configuration
- Org-wide policy enforcement (data classification, export controls, sharing limits)
- Audit and compliance reporting on Fabric usage
- Capacity planning and cost management
Best practices
- Limit to 2-5 people; use PIM for just-in-time activation
- Delegate domain-level governance to Domain Admins
- Delegate capacity-level governance to Capacity Administrators
- Pair with Purview Compliance Administrator for data governance coordination
Security considerations
- Can view all workspaces and reports across the tenant
- Cannot bypass workspace-level data permissions (RLS/OLS still enforced)
- Does not grant access to data inside workspaces by default - tenant admins must add themselves to workspaces