Skip to content

Commit b49cb05

Browse files
Merge pull request #3155 from MicrosoftDocs/main639195376274525809sync_temp
For protected branch, push strategy should use PR and merge to target branch method to work around git push error
2 parents aafd734 + 2b8f158 commit b49cb05

8 files changed

Lines changed: 193 additions & 11 deletions

File tree

docs/real-time-intelligence/operations-agent-tocs/toc.yml

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -9,4 +9,6 @@ items:
99
- name: Operations agents limitations
1010
href: ../operations-agent-limitations.md
1111
- name: Operations agent transparency note
12-
href: ../operations-agent-transparency-note.md
12+
href: ../operations-agent-transparency-note.md
13+
- name: Workspace outbound access protection for operations agent
14+
href: ../../security/workspace-outbound-access-protection-operations-agent.md

docs/real-time-intelligence/operations-agent.md

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -133,4 +133,5 @@ In the **Operation details page** you can view the operation details and status.
133133

134134
* [Operations agent billing](operations-agent-billing.md)
135135
* [Operations agent limitations](operations-agent-limitations.md)
136-
* [Operations agent transparency note](operations-agent-transparency-note.md)
136+
* [Workspace outbound access protection for operations agent](../security/workspace-outbound-access-protection-operations-agent.md)
137+
* [Operations agent transparency note](operations-agent-transparency-note.md)

docs/security/.openpublishing.redirection.security.json

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -39,6 +39,11 @@
3939
"source_path_from_root": "/docs/security/workspace-outbound-access-protection-event-stream.md",
4040
"redirect_url": "/fabric/security/workspace-outbound-access-protection-eventstream",
4141
"redirect_document_id": false
42+
},
43+
{
44+
"source_path_from_root": "/docs/security/workspace-outbound-access-protection-iq.md",
45+
"redirect_url": "/fabric/security/workspace-outbound-access-protection-graph",
46+
"redirect_document_id": false
4247
}
4348
]
4449
}
24.1 KB
Loading

docs/security/toc.yml

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -130,7 +130,11 @@ items:
130130
- name: Data Warehouse
131131
href: workspace-outbound-access-protection-data-warehouse.md
132132
- name: Fabric IQ
133-
href: workspace-outbound-access-protection-iq.md
133+
items:
134+
- name: Graph
135+
href: workspace-outbound-access-protection-graph.md
136+
- name: Operations agent
137+
href: workspace-outbound-access-protection-operations-agent.md
134138
- name: Mirrored databases
135139
href: workspace-outbound-access-protection-mirrored-databases.md
136140
- name: OneLake (preview)
@@ -149,6 +153,8 @@ items:
149153
href: workspace-outbound-access-protection-eventstream.md
150154
- name: KQL queryset
151155
href: workspace-outbound-access-protection-queryset.md
156+
- name: Operations agent
157+
href: workspace-outbound-access-protection-operations-agent.md
152158
- name: Real-Time Dashboard
153159
href: workspace-outbound-access-protection-dashboard.md
154160
- name: Trusted workspace access

docs/security/workspace-outbound-access-protection-iq.md renamed to docs/security/workspace-outbound-access-protection-graph.md

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -1,19 +1,19 @@
11
---
2-
title: Workspace outbound access protection for Fabric IQ
3-
description: Learn how to configure Workspace Outbound Access Protection to secure your Fabric IQ artifacts.
2+
title: Workspace outbound access protection for graph
3+
description: Learn how to configure Workspace Outbound Access Protection to secure your graph artifacts.
44
#customer intent: As a workspace admin, I want to enable outbound access protection for my workspace so that I can secure Fabric IQ data connections to only approved destinations.
55
author: msmimart
66
ms.author: mimart
77
ms.reviewer: wangwilliam
8-
ms.date: 04/27/2026
8+
ms.date: 06/17/2026
99
ms.topic: how-to
1010
---
1111

12-
# Workspace outbound access protection for Fabric IQ (preview)
12+
# Workspace outbound access protection for graph (preview)
1313

14-
Workspace outbound access protection helps safeguard your data by controlling outbound connections from Fabric IQ items in your workspace to external data sources. When this feature is enabled, items are restricted from making outbound connections unless access is explicitly granted through approved data connection rules.
14+
Workspace outbound access protection helps safeguard your data by controlling outbound connections from graph in Microsoft Fabric items in your workspace to external data sources. When you enable this feature, items can't make outbound connections unless you explicitly grant access through approved data connection rules.
1515

16-
Workspace outbound access protection for Fabric IQ currently supports only graph.
16+
Workspace outbound access protection for Fabric IQ supports graph (described in this article) and [operations agent](workspace-outbound-access-protection-operations-agent.md).
1717

1818
## Understanding workspace outbound access protection for graph
1919

Lines changed: 168 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,168 @@
1+
---
2+
title: Outbound Access Protection for Operations Agent (Preview)
3+
description: Learn how workspace outbound access protection governs the outbound actions an operations agent can take, and what's supported during outbound access protection for operations agent preview.
4+
author: baanders
5+
ms.author: baanders
6+
ms.reviewer: bisiadele
7+
ms.topic: concept-article
8+
ms.date: 06/17/2026
9+
ai-usage: ai-assisted
10+
#customer intent: As a workspace admin or operations agent creator, I want to understand how workspace outbound access protection affects an operations agent so that I can keep the agent working while my workspace is locked down.
11+
---
12+
13+
# Workspace outbound access protection for operations agent (preview)
14+
15+
[Workspace outbound access protection (OAP)](workspace-outbound-access-protection-overview.md) is a Microsoft Fabric workspace security feature that lets workspace admins control which outbound network connections that items in the workspace can make. When you enable OAP on a workspace that contains an [operations agent](../real-time-intelligence/operations-agent.md), the workspace's connection policy governs the agent's outbound actions.
16+
17+
If your workspace runs an operations agent and has OAP turned on, OAP blocks some of the agent's actions, such as Teams notifications, Power Automate flows, and cross-workspace actions, unless the admin explicitly allows them. During preview, extra limitations apply that affect which actions you can permit.
18+
19+
This article explains what OAP covers for operations agent during preview and what you see when the protection blocks an action.
20+
21+
> [!IMPORTANT]
22+
> Operations agent is generally available. Support for operations agent with workspace OAP is in preview. The capabilities and limitations described here apply while support for operations agent is in preview.
23+
24+
## What outbound access protection covers
25+
26+
When you enable OAP on a workspace that contains an operations agent, the policy governs the following outbound actions.
27+
28+
| Capability | Governed by OAP? | Notes |
29+
|---|---|---|
30+
| Teams notifications the agent sends | Yes | The agent checks the workspace OAP policy before sending. |
31+
| Power Automate flows the agent triggers | Yes | Enforced when the [Activator](../real-time-intelligence/data-activator/activator-introduction.md) action runs. Not available during preview (for recommendations, see [Preview limitations](#preview-limitations)). |
32+
| Fabric jobs in a different workspace | Yes | Enforced when the Activator action runs. Not available during preview (for recommendations, see [Preview limitations](#preview-limitations)). |
33+
| Fabric actions in the same workspace as the agent | No | Internal to the workspace. |
34+
| Large language model (LLM) reasoning calls | No | The tenant-level LLM setting governs these calls. |
35+
| Agent rule evaluation and internal telemetry | No | Internal to Fabric. |
36+
37+
OAP affects only the final outbound execution step. The agent's reasoning, rules, and internal logging continue to operate normally.
38+
39+
## Preview limitations
40+
41+
Plan around the following limitations while operations agent with workspace OAP is in preview.
42+
43+
### Cross-workspace actions aren't supported
44+
45+
Preview supports only in-workspace scenarios. OAP blocks outbound actions that target a different workspace.
46+
47+
**Recommendation:** Keep the agent and its action targets, such as Activator items and other Fabric items, in the same workspace.
48+
49+
### Power Automate actions are blocked
50+
51+
Currently there's no per-workspace toggle for Power Automate. While OAP is on, it blocks [Power Automate actions](../real-time-intelligence/operations-agent-actions.md#configure-a-power-automate-action) that the agent triggers.
52+
53+
**Recommendation:** If your agent depends on Power Automate, keep OAP turned off on that workspace until the toggle ships, or replace the action with a Teams notification or an in-workspace Fabric job.
54+
55+
### Other Fabric item outbound actions are blocked
56+
57+
Per-workspace control for other Fabric item outbound actions isn't currently available. At this time, if OAP is on and you don't explicitly allow the required connection policies, Fabric blocks those actions.
58+
59+
### Connectors without an outbound access protection toggle are blocked
60+
61+
Workspace rules can allow only connectors that explicitly support workspace OAP policy. Fabric blocks any other outbound connector while OAP is on.
62+
63+
### Teams notification delivery depends on the tenant Teams setting
64+
65+
The agent sends Teams notifications directly. Its behavior depends on the [tenant level admin setting](../admin/tenant-settings-index.md) for Teams:
66+
67+
- **Teams allowed in the tenant settings**: When OAP blocks an action, the agent sends a Teams card to the agent creator that explains the block.
68+
- **Teams not allowed in the tenant settings**: The agent doesn't send a Teams card. Use the Activity Log (see [Monitoring and troubleshooting section](#monitoring-and-troubleshooting)) to verify agent activity and delivery outcomes, including when OAP policies affect operations or block related messaging actions.
69+
70+
### No programmatic bypass
71+
72+
Fabric enforces OAP at the API layer. There's no supported way to bypass workspace OAP from code, scripts, or external API calls.
73+
74+
Use the Activity Log to verify agent activity and delivery outcomes, including when Outbound Access Protection (OAP) policies affect operations or block related messaging actions.
75+
76+
## What you see when an action is blocked
77+
78+
The operations agent doesn't fail silently. When OAP blocks an outbound action, the agent surfaces it as follows.
79+
80+
### In the operations agent UI
81+
82+
A banner appears at the top of the agent window with the following text:
83+
84+
*Limited agent functionality — This workspace has outbound access restrictions that may block some agent actions or notifications.*
85+
86+
:::image type="content" source="media/workspace-outbound-access-protection-operations-agent/error-banner.png" alt-text="Screenshot of the error banner." lightbox="media/workspace-outbound-access-protection-operations-agent/error-banner.png":::
87+
88+
### In Microsoft Teams (when Teams is allowed)
89+
90+
The agent creator receives a Teams card.
91+
92+
## Settings that affect operations agent
93+
94+
The following settings determine how OAP interacts with an operations agent.
95+
96+
| Setting | Who controls it | Effect on the agent |
97+
|---|---|---|
98+
| Workspace OAP policy | Workspace admin | Determines which outbound connections the agent can use. |
99+
| Teams tenant setting | Tenant admin | Determines whether Teams delivers blocked-action notifications. When off, the agent falls back to the in-app banner. |
100+
| LLM enablement | Tenant admin | Governs LLM calls. OAP doesn't change this behavior. |
101+
102+
If the agent behaves unexpectedly after OAP is enabled, ask the workspace admin to review the workspace's allowed connections and confirm that it explicitly permits the connectors the agent depends on.
103+
104+
## Monitoring and troubleshooting
105+
106+
Use Activity Log to monitor OAP.
107+
108+
The Activity Log provides visibility into operations agent activities, including how OAP affects agent operations.
109+
110+
To access the Activity Log:
111+
1. Open your operations agent in Fabric.
112+
1. In the left navigation pane, under your agent name, select **Activity Log**.
113+
114+
Look for these items in the Activity Log:
115+
* Blocked outbound requests: Entries showing operations that OAP policies blocked.
116+
* Failed actions: Check if failures correlate with OAP restrictions.
117+
* Timestamps: Correlate agent activity with expected behavior.
118+
119+
## Frequently asked questions
120+
121+
This section contains common questions about how OAP affects the operations agent during preview.
122+
123+
### Will my agent stop working as soon as my admin enables outbound access protection?
124+
125+
No. The agent's reasoning, rules, and internal logging continue to operate. OAP blocks only outbound actions that aren't on the workspace allowlist. The agent surfaces those blocks through a banner and, when available, a Teams notification.
126+
127+
### Can I use operations agent without outbound access protection?
128+
129+
Yes. Operations agent is generally available and works without OAP. Enabling OAP is a workspace admin decision. If OAP isn't on for the workspace, none of the preview limitations described here apply.
130+
131+
### Does outbound access protection affect what data the agent reasons over or sends to the LLM?
132+
133+
No. The tenant-level LLM setting governs LLM calls, not workspace OAP. OAP doesn't affect the agent's reasoning step.
134+
135+
### Why does Power Automate get blocked even if it's the only connector the agent uses?
136+
137+
Power Automate doesn't currently have its own OAP toggle for operations agent. While OAP is on, it blocks Power Automate actions. At this time, keep OAP off on workspaces that depend on Power Automate, or substitute a Teams notification.
138+
139+
### My action targets a Fabric item. Does it work?
140+
141+
When the target is in the same workspace as the agent, yes. OAP doesn't apply. When the target is in a different workspace, OAP blocks the action during preview.
142+
143+
### Who sees the blocked-action Teams card?
144+
145+
The agent creator.
146+
147+
### Can I test outbound access protection behavior with operations agent before turning it on in production?
148+
149+
Yes, test in a nonproduction workspace first. Enable OAP, exercise each agent action, and confirm that both the banner and the Teams card render the way you expect for your tenant's Teams configuration.
150+
151+
### What happens to actions that are running when the admin turns on outbound access protection?
152+
153+
OAP evaluates new action attempts against the current policy. If it blocks an attempt, the agent surfaces the block through the standard fallback banner or a Teams card.
154+
155+
### Can I appeal or override a block?
156+
157+
No. There's no programmatic override. To allow a blocked outbound path, the workspace admin needs to add the relevant connection to the workspace's allowlist.
158+
159+
### Where can I follow what's coming next?
160+
161+
Watch your Fabric admin update channels and the [operations agent documentation](../real-time-intelligence/operations-agent.md) for announcements as more features roll out.
162+
163+
## Where to get help
164+
165+
For help with...
166+
- Workspace allowlists and OAP policy: Contact your Fabric workspace admin.
167+
- Tenant-level Teams or LLM settings: Contact your Microsoft 365 or Fabric tenant admin.
168+
- Product issues or feedback: Submit through your standard Microsoft support channel.

docs/security/workspace-outbound-access-protection-overview.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -61,8 +61,8 @@ The following table summarizes the supported workloads and item types that can b
6161
| Data Factory | Data connection rules | <ul><li>Data Flows Gen2 (with CICD)</li><li>Pipelines</li><li>Copy Jobs</li></ul> | [Workspace outbound access protection for Data Factory](workspace-outbound-access-protection-data-factory.md) |
6262
| Data Science | Not applicable | <ul><li>Machine Learning Experiments</li><li>Machine Learning Models</li></ul> | [Workspace outbound access protection for Data Science](workspace-outbound-access-protection-data-science.md) |
6363
| Data Warehouse | Not applicable | <ul><li>Warehouses</li><li>SQL analytics endpoints</li></ul> | [Workspace outbound access protection for data warehouse workloads](workspace-outbound-access-protection-data-warehouse.md) |
64-
| Fabric IQ | Data connection rules | <ul><li>Graph</li></ul> | [Workspace outbound access protection for Fabric IQ](workspace-outbound-access-protection-iq.md) |
65-
| Real-Time Intelligence | Data connection rules | <ul>><li>Activator</li><li>Eventstream</li><li>Eventhouse</li></ul> | Workspace outbound access protection for Real-Time Intelligence: [Activator](workspace-outbound-access-protection-activator.md), [Eventstream](workspace-outbound-access-protection-eventstream.md), and [Eventhouse](workspace-outbound-access-protection-eventhouse.md) |
64+
| Fabric IQ | Data connection rules | <ul><li>Graph</li><li>Operations agent</li></ul> | Workspace outbound access protection for Fabric IQ: [Graph](workspace-outbound-access-protection-graph.md) and [Operations agent](workspace-outbound-access-protection-operations-agent.md) |
65+
| Real-Time Intelligence | Data connection rules | <ul><li>Activator</li><li>Eventstream</li><li>Eventhouse</li></ul> | Workspace outbound access protection for Real-Time Intelligence: [Activator](workspace-outbound-access-protection-activator.md), [Eventstream](workspace-outbound-access-protection-eventstream.md), and [Eventhouse](workspace-outbound-access-protection-eventhouse.md) |
6666
| Mirrored databases | Data connection rules | <ul><li>Mirrored databases</li></ul> | [Workspace outbound access protection for mirrored databases](workspace-outbound-access-protection-mirrored-databases.md) |
6767
| OneLake | Managed private endpoints | <ul><li>OneLake shortcuts</li></ul> | [Workspace outbound access protection for OneLake](workspace-outbound-access-protection-onelake.md) |
6868
| Real-Time Events (preview) | Data connection rules | <ul><li>Azure and Fabric events</li></ul> | [Workspace outbound access protection for Real-Time Events](workspace-outbound-access-protection-real-time-events.md) |

0 commit comments

Comments
 (0)