Security Baseline
Threat Model (High Level)
- Primary users: internal analytics users
- Assets to protect:
- Customer PII (anonymized in demo)
- Event data integrity
- Connection strings and secrets
Required Controls
Authentication
- Use Azure AD / Entra ID for Fabric workspace access
- Service principals for automated pipelines
Authorization
- Enforce least privilege on Fabric items
- Separate dev/prod workspaces
Input Validation & Output Encoding
- Validate all untrusted input at boundaries
- Sanitize or encode output where appropriate
Secrets Management
- Store secrets in Azure Key Vault, never in code or config files
- Use Fabric-managed connections where possible
Logging & Auditing
- Log security-relevant events
- Avoid logging sensitive data
Common Vulnerabilities
- Never embed connection strings in notebooks
- Validate JSON payloads in streaming pipelines
微信扫一扫