September 16, 2025Microsoft Fabric

Episode 305 – On the Road: OneLake Security Goes Public (Maybe), Materialized Views & The Branson Adventure

Recording from the road between Branson and St. Louis after North American Collaboration Summit, Jason and John discussed the mysterious appearance and disappearance of the OneLake Security public preview announcement, Josh Caplan’s comprehensive OneLake foundation post, warehouse improvements, and why materialized views in Lakehouse are worth trusting—despite being “brand new” to Fabric.

Third Mobile Recording: Branson Wrap-Up

The duo’s third road show recording (following previous episodes from Germany and elsewhere) captured them post-conference in high spirits despite sugar crashes from Mark’s diabetes-inducing pastry selection at the “mingle with the experts” session.

“I don’t know that we’ve had this engaged an audience in a long time,” Jason reflected. “Into the weeds detailed people solving problems in the room.”

The Sunday full-day tutorial ran long (as usual), followed by a real-time intelligence session and Power BI with SharePoint/Teams presentation. Attendees asked sophisticated questions about feature gaps, workarounds, and real-world Fabric implementations—sending the hosts back to hotel rooms to test solutions for next-day demonstrations.

Mark already announced next year’s return in October—”Try and keep us away,” Jason challenged.

The OneLake Security Mystery

Monday morning at 10 AM, Jason received an alert about a new blog post: “OneLake Security Preview.” The post announced OneLake Security transitioning from private to public preview—particularly notable since they’d discussed it the day before at the conference.

Then it vanished.

“I went looking for it today… somebody talked about it, and it wasn’t there,” John reported. “There was supposedly a link to it. I clicked on the link and it was page not found.”

The official Microsoft documentation still references public preview status. Speculation ranged from rollout delays to holding the announcement for FabCon Europe.

Private preview limitations included:

Five workspace maximum per tenant
No ability to disable once enabled (“If it wasn’t working for you, sorry”)

“I got to think for public preview, that’s not going to be the case,” John reasoned.

By publication time, the conversation might be moot—but the core principle remains sound.

OneLake: Foundation for AI-Ready Data Estate

Josh Caplan’s comprehensive post “OneLake, Your Foundation for an AI Ready Data Estate” provides the real substance—detailed enough for a FabCon keynote, covering domains, subdomains, workspaces, and security architecture.

“OneLake security at its core is the right answer,” Jason declared.

John agreed emphatically: “Put that permission model right alongside of the data… if you’re going to have a single data layer, I think it’s necessary to have a single security layer and have all of those engines respect it.”

Private preview didn’t support all engines respecting OneLake security—public preview promises full integration.

The One Copy Philosophy

The post discusses connecting “any data anywhere without duplication” via shortcuts, prompting philosophical debate about what “one copy” actually means.

John’s nuanced take: “One copy in Fabric, I think that’s fair to say.” He acknowledged mirroring creates two copies but framed it as caching for performance—”one copy to a purpose.” Medallion architectures (bronze, silver, gold) similarly serve specific needs rather than representing redundant duplication.

The key distinction: no copying data between workspaces purely for access. “If it must live in a source system or once it’s brought into fabric the first time, let’s not have to copy it over again from workspace to workspace for that sort of reason.”

Jason refined it further: “One copy of authoritative data.” When authoritative sources change, updates replicate so quickly it functions as single truth—even with technical duplication behind the scenes.

“When you say, I want this data to no longer be available to anyone, you can make that a thing,” Jason emphasized. No broken replicas creating multiple sources of truth.

OneLake Catalog as Security Hub

The post positions the OneLake Catalog as governance center—where Jason starts when looking for data and hopes others do too.

“We’re not looking at it at the workload level, we’re looking at it at the data level,” Jason explained. “You can go in and manage through the OneLake Catalog… from that row level security, role level security mentality.”

John clarified the layered approach: row level, column level, table level security—with row level being “most in your face” for Power BI practitioners.

The enunciation challenge: “Row level and role level,” Jason emphasized, distinguishing between data-level restrictions and role-based access control.

Source Security Integration

A remaining question: how do permissions interact between source systems, OneLake Security, and engine-level configurations?

For shortcuts: security depends on the account connecting to the source system. Configure access via OneLake Security since source permissions don’t carry through.

For mirroring: source security replicates into OneLake automatically.

The unanswered question: can additional restrictions layer on top of mirrored source security within OneLake? “Something we’re going to have to play with,” Jason admitted, hesitant to enable features in customer environments without reversibility assurance.

John recommended Christian Penski’s FabCon session with Marco Russo for “excruciating detail” (meant as highest praise): “Super smart guy… if you want to really go deep on it, you should check that one out.”

Eight Follow-Up Topics Coming

Josh’s post promises eight additional OneLake integration articles:

Azure AI Foundry
Azure Databases
Azure Databricks
Snowflake
Azure Data Factory
Microsoft 365 (Jason’s curiosity piqued)
Microsoft Copilot
Open source solutions

The first—”Build Data-Driven Agents with Curated Data from OneLake”—published April 23, 2025. The rest are “coming soon.”

“I’ll definitely be revisiting this post quite frequently until they’re all out,” Jason promised.

John summarized the strategic importance: “OneLake is at the heart of Fabric… anything good happens to OneLake, it accrues to everything within the stack.”

Warehouse Updates: Copy Job Improvements

A parallel post covered Fabric Data Warehouse updates, primarily focusing on copy job enhancements (already discussed in previous episodes) but pulling from historical May releases as well:

Workspace-level private link (preview)
Warehouse with copilot and data agents
Copy activity in pipelines (preview)

Jason’s hands-on experience: Fast Copy from Azure SQL to Lakehouse “worked flawlessly and fast.” The 50-table limitation presented challenges (“I had more than that in the database I was trying to play with”), solvable by switching to pipelines or—better—pulling only needed tables.

His Azure SQL to Fabric SQL migration adventure involved:

Removing SQL users (Fabric SQL doesn’t support them—”a big thing”)
Transferring schema ownership from SQL users
Using Entra ID accounts for access
Exporting as data-tier application (BACPAC file)
Importing into Fabric SQL database

“No SQL users” represents a significant departure from traditional SQL Server workflows—and a feature gap that’ll persist “for a while personally.”

Materialized Views in Lakehouse

The “Mastering Declarative Data Transformations with Materialized Lake Views” post introduced Event House’s beloved feature to Lakehouse contexts.

John explained for the uninitiated: traditional views are “really not much more than a stored query”—defining join patterns but executing on demand. Complex multi-table joins with wild relationships consume significant resources.

Materialized views pre-compute and store query results: “If I was to take the output of that query and just drop that into a straight up table and query, that’s obviously going to have lower requirements computationally and higher performance.”

The system maintains synchronization automatically—though storage increases since “you’re storing multiple copies of the data.”

John’s Event House experience: “Almost zero latency when the source tables are updated as to when the materialized views are updated.” Lakehouse performance remains to be tested given SQL endpoint involvement.

Jason’s deadpan provocation: “Would you say materialized views are trustworthy? It’s a brand new Fabric thing. Nobody else has ever done this before. It’s never existed in the history of the world until now.”

John caught the sarcasm: “They’ve been around different places, different implementations.”

Jason clarified the recurring question: “Can you trust it? It’s a new thing in Fabric. Sort of like folders in Power BI. Do you trust folders yet?”

The only real consideration: potential latency between source updates and materialized view refreshes—an acceptable tradeoff for dramatic performance gains.

Looking Ahead: Africa, Ireland & Mystery Projects

With the Gateway Arch ahead and Ireland their next joint appearance, the duo outlined diverging schedules:

John’s adventures:

CollabDays Ottawa (couple weeks out)
Three weeks in Africa
More gallivanting
ESPC Ireland (early December)

Jason’s focus:

Band dad duties
Theater dad responsibilities (son’s Amadeus costume looking “amazing”)
Grand Nationals with the marching band
No community talks until Ireland
Guest hosts covering during John’s absence

The episode-ending tease: “We are working on some other fun things together that we’re hoping to get announced by the end of the year.”

FabCon Europe coverage will happen before John’s departure, with regular podcasts continuing despite scheduling gymnastics.

The road stretched long, the day stretched longer, but the community connections from Branson—engaged audiences solving real problems with evolving tools—reminded them why conference travel, road recordings, and late-night hotel room testing sessions remain worthwhile.

Links:

Subscribe: SoundCloud | iTunes | Spotify | TuneIn | Amazon Music

Tags: 50 table limit, Africa travel, AI ready data estate, authoritative data, Azure AI Foundry, Azure Data Factory, Azure Databases, Azure Databricks, Azure SQL, BACPAC, Branson, bronze silver gold, cache, CollabDays Ottawa, Column Level Security, community engagement, computational expense, conference questions, copy job, Data Governance, data tier application, Data Warehouse, domain, engine level security, Entra ID, ESPC Ireland, Event House, FabCon Europe, FabCon session, Fabric SQL, fast copy, feature gaps, feature parity, Gateway Arch, Lakehouse, materialized views, medallion architecture, Microsoft 365, Microsoft Copilot, Mirroring, mobile recording, NACS, North American Collaboration Summit, one copy, OneLake catalog, OneLake foundation, OneLake Security, open source, Performance, private preview, public preview, query optimization, road recording, role level security, Row Level Security, Shortcuts, single data layer, single security layer, Snowflake, source security, SQL users, stored query, subdomain, Table Level Security, trust folders, view performance, workarounds, workspace security, zero latency

One Reply to “Episode 305 – On the Road: OneLake Security Goes Public (Maybe), Materialized Views & The Branson Adventure”

Pingback: Episode 306 - Fabric September 2025 Part 1: The Multitasking UI Revolution, Variable Libraries GA & User-Defined Functions - BIFocal Podcast