Share via

Why is my Fabric agent able to access the lakehouse despite restrictive labels and DLP policy

Sania Syeda 20 Reputation points
2026-05-19T09:51:36.1+00:00

I have created a DLP policy for fabric, with a restrictive sensitivity label. The DLP policy restricts access to labelled artifacts in Fabric or any data with credit card number SIT except for owners/admin. I have also included the location ID of those labelled artifacts (a lakehouse and an eventhouse) in my DLP policy. The agent was given contributor access on the workspace. I am trying to test how purview polices can govern fabric agents. The problem is, despite all the policies in place, the agent can still access the labelled artifacts. I tried changing its role to viewer but to no avail. Even my colleagues who are contributors on the workspace can access the artifacts despite the policy restricting access for all users except owner/admin. I thought sensitivity labels/DLP policies always override workspace permissions, but it doesn't seem to be true in this case?

Microsoft Security | Microsoft Purview
0 comments

Answer accepted by question author

Pilladi Padma Sai Manisha 9,945 Reputation points Microsoft External Staff Moderator
2026-05-21T09:46:53.9333333+00:00

Hey Sania Syeda,

what you are seeing is generally expected behavior because Microsoft Purview sensitivity labels, DLP policies, and Microsoft Fabric permissions operate through different enforcement layers.

Applying a restrictive sensitivity label to a lakehouse or eventhouse does not automatically override existing Fabric workspace roles or OneLake permissions. Users who already have effective access through Contributor, Viewer, or item-level permissions may still be able to browse or query the data unless additional protection policies are enforced.

Whether access is restricted depends on several factors, including whether the Fabric item matches the DLP policy conditions, whether the sensitivity label is associated with an active protection policy, whether policy evaluation and propagation have completed, and whether the user falls under an allowed or exempted scenario. Because of this, enforcement may not appear immediately after configuration changes.

Fabric agents and connected experiences operate using the requesting user’s identity and effective permissions. If the user still has access through workspace roles, OneLake permissions, or item-level authorization, the agent can also access the data.

I would recommend confirming that the lakehouse is properly onboarded and governed through Microsoft Purview, verifying that the sensitivity label is correctly published and applied, reviewing the DLP rule scope and conditions, and checking the item’s effective permissions in Fabric. In many cases, restricting OneLake permissions and workspace access is the most immediate way to prevent contributors or agents from accessing a lakehouse.

References:
• Policy enforcement in Microsoft Purview (prereqs & enforcement times) https://docs.microsoft.com/azure/purview/microsoft-purview-connector-overview#access-policy • Classification & sensitivity labels – missing or incorrectly labeled assets https://docs.microsoft.com/azure/purview/concept-best-practices-classification#classification-considerations • Use Microsoft Purview to govern Microsoft Fabric (DLP overview) https://learn.microsoft.com/fabric/governance/microsoft-purview-fabric?wt.mc_id=knowledgesearch_inproduct_azure-cxp-community-insider#microsoft-purview-and-microsoft-fabric-together • Connect Sales Research Agent to Microsoft Fabric Lakehouse (agent security model) https://learn.microsoft.com/dynamics365/sales/sales-research-agent-lakehouse-integration • OneLake security for SQL analytics endpoints (access modes) https://learn.microsoft.com/fabric/onelake/security/sql-analytics-endpoint-onelake-security?wt.mc_id=knowledgesearch_inproduct_azure-cxp-community-insider

Was this answer helpful?

3 people found this answer helpful.

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest

  1. AI answer

    2026-05-19T09:52:31.14+00:00

    In this scenario, the behavior is consistent with how Microsoft Purview protection policies, sensitivity labels, and DLP policies for Fabric work:

    1. Protection policies control access only when configured as Purview protection policies
      • Sensitivity labels by themselves do not override workspace permissions.
      • A Microsoft Purview protection policy must be explicitly associated with the sensitivity label to enforce access restrictions in Fabric.
      • When such a protection policy is in place, it “allows users and groups specified in the policy to retain permissions they have on the item, while blocking access for everyone else.” Users not covered by the policy are blocked, but:
        • The label issuer (the user who last applied the label) is not blocked by that policy.
        • The item creator retains access when labels are applied automatically.
      • If contributors (including the agent’s user identity) are still accessing the lakehouse/eventhouse, either:
        • The label is not associated with an active protection policy, or
        • Those users are included in the protection policy’s allowed users/groups, or
        • The label issuer/item creator scenario applies, so they are intentionally exempt.
    2. DLP policies with “restrict access” act at evaluation time and are scoped by configuration
      • DLP policies for Fabric and Power BI support a “restrict access” action that, on a policy match, “restricts access to the data owners or to members of the organization, depending on the policy configuration. All other users lose access to the item.”
      • DLP policies use conditions such as sensitivity labels and sensitive info types (like credit card number SIT).
      • For Fabric, they apply to supported item types (semantic models, lakehouses, warehouses, KQL databases, mirrored databases, SQL databases).
      • If the agent and colleagues are still accessing the labeled lakehouse/eventhouse, likely causes include:
        • The DLP policy scope or conditions do not actually match the items (for example, the label condition or location scoping does not evaluate as expected).
        • The DLP policy’s restrict access configuration is set to allow members of the organization (internal users) to retain access, so contributors inside the tenant are not blocked.
        • A DLP evaluation has not been triggered yet for the item (for example, no operation that triggers DLP evaluation has occurred on that item since the policy was configured).
    3. Policies do not always override workspace permissions for all principals
      • Protection policies and DLP policies can override workspace permissions, but with explicit exceptions:
        • Label issuers and item creators can retain access even when protection policies are in place.
        • DLP “restrict access” can be configured to still allow data owners or all members of the organization.
      • Therefore, a contributor (including a Fabric agent identity) may still access artifacts if:
        • They fall into one of these exception categories, or
        • The policy configuration is set to allow them (for example, “members of the organization” in the DLP policy), or
        • The policy is not actually matching the item.
    4. How to validate and troubleshoot in this scenario
      To confirm whether policies are actually restricting access and why the agent/colleagues are not blocked:
      1. Check if a policy is the cause at all
        • Look for symptoms such as:
          • Items disappearing from workspace list/OneLake catalog.
          • “Permission required” or “Sorry we couldn’t locate that artifact” when opening via link.
          • Indicators that the item contains data from a restricted underlying source.
        • If none of these appear, the policies may not be matching or enforcing on those items.
      2. Use Manage Permissions / OneLake catalog
        • As workspace admin, open the item’s Manage Permissions page or the Permissions tab in OneLake catalog.
        • Check if affected users (agent identity, colleagues) show User is blocked.
          • If User is blocked appears, an organizational security policy (protection or DLP) is revoking access.
          • If it does not, the issue is likely workspace permissions or policy misconfiguration rather than policy enforcement.
      3. Identify whether it’s protection policy vs DLP
        • Recent label changes suggest a protection policy issue.
        • Recent item updates or sensitive data changes suggest a DLP restriction issue.
        • If neither is present, the policies may not be applied or evaluated as expected.
      4. Review DLP policy configuration
        • Confirm that:
          • The policy includes Fabric and Power BI workspaces as locations.
          • The Content contains condition uses the correct sensitivity label and/or sensitive info type.
          • The restrict access action is configured to block the intended users (for example, not leaving “members of the organization” with access if the goal is to block contributors).
          • The specific lakehouse/eventhouse are within the policy’s scope.
      5. Review protection policy configuration
        • Ensure the sensitivity label applied to the workspace/items is associated with a Fabric protection policy.
        • Verify which users/groups are allowed in that policy; remove the agent or contributors if they should be blocked.
        • Remember that the label issuer and item creator will retain access even if not explicitly listed.
    5. Fabric data agent enforcement
      • The Fabric data agent uses the requesting user’s credentials and “respects Microsoft Purview governance controls applied to the underlying Fabric data sources, including Data Loss Prevention (DLP) and access restriction policies.”
      • If the agent can still access the data, that indicates the underlying user identity still has access according to the current protection/DLP policy configuration. The agent does not bypass policies; it enforces them based on the user’s effective permissions and policy outcomes.

    In summary, sensitivity labels and DLP policies do not automatically override workspace permissions in all cases; their effect depends on how protection policies and DLP “restrict access” rules are configured, including exceptions for label issuers, item creators, and members of the organization. The next step is to verify that the label is tied to a protection policy, that the DLP policy truly matches the items and is configured to block the desired users, and that the agent’s user identity is not in an allowed category.

    References:

    AI-generated content may be incorrect. Read our transparency notes for more information.

    Was this answer helpful?

    1 person found this answer helpful.

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.