Changes to Fabric Tenant Settings for API's

If you are a Fabric Administrator, either for your own tenant / company or for customers, you might get the weekly emails from Microsoft 365 Message center. I've mentioned this briefly in an earlier post about Changes to default values for a tenant setting for SQL Database.

I advice you to at least have a look through that weekly email and check for any Fabric or Power BI updates. An example update you can get is like the below. This screenshot is actually from the Message Center itself, not from the email.

The problem with the M365 Message Center is that only people with privileged roles can access it. And not all updates shown there are communicated in other ways by Microsoft. Sometimes they write a blog post, like this one: Cognitive services and Azure ML will be fully retired, sometimes there's a specific info message in Fabric, or there might be a new tag in the tenant settings, but more often you don't see any other communications around the topic.

So if you are not a Fabric Admin, you probably haven't seen the message I want to inform you about today, so that's why I'm writing this post!

Call To Action

TL;DR

Two new admin toggles are live in the Fabric Tenant Settings, under Developer settings. Check your Tenant Settings and see how they relate to your policies and governance!

Action Required on API Access Setting Split

Microsoft Fabric is changing how service principal access to public APIs is controlled. The existing all-or-nothing tenant setting was split into two separate settings — giving us admins more granular control, but also introducing a change you might need to act on after August 1, 2025.

The previous setting

What Has Changed?

From mid-May to early June 2025, the previous admin setting for public API access via service principals was replaced with:

1. Service principals can create workspaces, connections, and deployment pipelines
   → Governs “global” APIs not tied to specific Fabric permissions (e.g., workspace creation).
   → Disabled by default.

2. Service principals can call Fabric public APIs
   → Governs APIs protected by the Fabric permission model (CRUD access to workspaces, folders, etc).
   → Enabled by default.

The new settings

Why This Matters

This split is a long-needed improvement: previously, disabling API access to protect core resources also blocked developers from using safe, permission-based APIs.

Now, you can lock down the high-risk parts (like workspace creation) without blocking everything else.

But: Microsoft may have enabled the second setting (permission-based API access) by default in your tenant unless you opted out.

Why should I care? You might have service principals running scripts to create workspaces, deploy certain items or manage workspace objects for example.

What You Should Do Now

• Check your Fabric admin portal for the two new settings under Developer Settings

• Before August 1, 2025, you could've shown a checkbox labeled "Accept Microsoft’s change to enable...", and you want to keep permission-based API access disabled, uncheck the box and hit Apply

• Check the values of both settings

Timeline Recap

• May–June 2025: Settings split rolls out

• July 31, 2025: Last day to opt out of automatic enablement

• August 1, 2025: Microsoft finalizes the transition

Conclusion

In case you are running a monitoring solution that keeps a history of Tenant Settings, for example FUAM, you can check the Tenant Settings history and see when the change became active in your tenant. If you don't have such a monitoring solution, I highly recommend checking FUAM out. You can get started with setup and deployment of the solution with a few hours of work.

I spotted this setting shift on telemetry around June 1 in my tenant:

There were some changes in how tenant settings can control access for Service Principals to API's. Make sure to check your settings and adjust them accordingly.

If you want to read more info on the exact workings of the tenant settings, have a look at the Tenant Settings documentation.

Did you already notice these changes and take action?

Let me know in the comments.