My older son, Stephen, and I have been vibe coding information-dense solutions for Fabric lately. The latest application is Fabric Navigator, which simplifies navigation between Fabric Data Factory pipelines and notebooks. While Fabric Navigator includes links to instructions about configuring Azure and Fabric security to allow read access to Fabric Data Factory pipelines and notebooks, I feel a walk-through of a minimally-viable security configuration is in order. Hence, this post.

In this post, we will discuss and demonstrate:

• Create an Azure App Registration
• Create a Microsoft Entra Group
• Configure Fabric Admin API Settings
• Connect Fabric Navigator to Fabric
• “Why Fabric Navigator?”
• Conclusion
• Upcoming Presentations

Create an Azure App Registration

To begin, open your favorite web browser and navigate to the Azure Portal (https://portal.azure.com). In the top-most search, search for App Registrations. Click on App Registrations to proceed:

When the App Registration blade displays, click the “new registration” button:

When the “Register an application” blade displays:

1. Enter a name for the App Registration
2. Select a “Supported account type” option. I selected “Accounts in this organizational directory only”
3. Configure “Redirect URI,” selecting the platform “Public client/native (mobile & desktop)”
4. Set the value of the Redirect URI to “https://localhost”
5. Click the “Register” button:

The App Registration is created and the configuration blade displays.

Save the highlighted values:

1. Application ID is the Client ID
2. Tenant ID

You will need these values in a later section of this post:

Expand the “Manage” category and click the “Authentication (Preview)” page. The Redirect URI should be configured as shown. Click the link labeled “To switch to the old experience, please click here”:

When the “platform configurations” blade displays:

1. Under “Advanced settings,” “Allow public client flows,” set “Enable the following mobile and desktop flows” to “Yes”
2. Click “Save”:

Next:

1. Click “API permissions” under “Manage”
2. Click the “+ Add a permission” button:

When the “Request API permissions” blade displays, click the “power BI Service” tile:

When the “Power BI Service” permissions type blade displays, click the “Delegated permissions” tile:

When the “Request API permissions” permissions list blade displays:

1. Expand DataPipeline and then select the DataPipeline.Read.All permission
2. Expand Notebook and then select the Notebook.Read.All permission
3. Expand Workspace and then select the Workspace.Read.All permission
4. Click the “Add permissions” button:

The updated API permissions will display:

Keep in mind that this API permissions configuration represents minimally-viable, read-only access for the Azure app registration.

The next step is to create a Microsoft Entra Group.

Create a Microsoft Entra Group

Return to the Azure Portal home screen and search for “Entra”. Click “Microsoft Entra ID” from the Services category:

When the subscription’s Entra blade displays, click “Groups” on the left menu:

When the Groups blade displays, click the “New group” button:

When the “New Group” blade displays:

1. Set the “Group type” to “Security” (Security is the default group type)
2. Enter a “Group name” (I entered “grpOne”)
3. Enter a “Group description” (optional)
4. Click the “No owners selected” link in the “Owners” property:

When the “Add owners” blade displays:

1. Select at least one owner
2. The selected owner(s) will display in the “Owners” list to the right
3. Click the “Select” button:

When the “New Group” blade is displayed again – indicating “1 owner selected” – click the “No members selected” link in the Members property:

When the “Add members” blade displays, search for Azure App Registration, and then:

1. Select the Azure App Registration
2. Click the “Select” button:

Rhe “New Group” blade is displayed again – indicating:

1. “1 owner selected”; and
2. “1 member selected”

Click the “Create” button:

Once the new group is created, the Groups Overview blade displays – indicating a new group has been created:

Configure Fabric Admin API Settings

Open your favorite web browser and navigate to the Microsoft Fabric Portal (https://app.fabric.microsoft.com) and then click the [Fabric] Settings gear icon:

When the Settings blade displays, click “Admin portal”:

When the “Admin portal” blade displays:

1. Search for “api”
2. Scroll until you reach the “Developer settings” category, and expand the node labeled “Service principals can call Fabric public APIs”
3. Click the “Disabled” option to set it to “Enabled”
4. Select the “Apply to” option to “Specific security groups”
5. Enter the named of the Microsoft Entra Group you created in the previous section
6. Click the “Apply” button:

Connect Fabric Navigator to Fabric

Open Fabric Navigator – a free utility that’s part of the Data Engineering Lifecycle Management Suite (https://delmsuite.com), click the “Login to Microsoft 365” button, enter the Client ID and Tenant ID you saved earlier, and then click the “OK” button:

The first time you use the Client and Tenant IDs to connect to an instance of Fabric, you are prompted to accept a permissions request. Click the “Accept” button to connect and continue:

When the “Permissions requested” are accepted, the “Microsoft Fabric Structure” treeview control in Fabric Navigator is populated with Fabric workspaces. Expanding a workspace reveals a Pipelines and/or Notebooks virtual node, depending on the presence of pipelines and/or notebooks in a given workspace. Users may right-click on a pipeline or notebook to open the artifact in their default browser:

In the screenshot below, observe the Fabric Data Factory pipeline named “controller”:

Why Fabric Navigator

I can hear some of you thinking, “Andy, why did you write Fabric Navigator?” I’m so glad you asked!

I wrote Fabric Navigator to help data engineers navigate Fabric Data Factory. When I and my team build enterprise data engineering solutions, we often need to have several pipelines, notebooks, and additional Fabric and Azure artifacts open at the same time. Fabric Navigator offers a way to navigate Fabric artifacts in an information-dense manner. In my opinion, web browsers – in the age of multiple tabs – offer an excellent mechanism for displaying multiple Fabric Data Factory artifacts. The hierarchical view in a treeview control provides information density in a control familiar to nearly every user.

Conclusion

In this post, we:

• Created an Azure App Registration
• Created a Microsoft Entra Group
• Configured Fabric Admin API Settings
• Connected Fabric Navigator to Fabric using the Microsoft Entra Group credentials

Upcoming Presentations

Stephen and I are co-presenting a PASS Data Community Summit precon titled “Data Engineering Fundamentals with Fabric Data Factory” 17 Nov 2025. The precon description has not been updated at the time of this writing because I’ve not yet sent the updates to the PASS Data Community Summit Speakers People! I hope to accomplish that task – along with shooting a video with Stephen about the precon – by mid-August.

EDNA is Here to Help

Enterprise Data & Analytics (EDNA) is here to help your enterprise implement modern data solutions using Fabric and Azure. We specialize in data engineering, which is just another way of saying we understand the implications of all things data (since data engineering involves all things data!).

We offer consulting and training to level-up you and your enterprise Data Engineering team. How might we help you and your enterprise implement an awesome solution? Contact us today!