Data Governance for Microsoft Fabric: Starting Small and Scaling Up

The Governance Paradox: Why Most Programs Fail

EPC Group has seen the pattern dozens of times: an enterprise adopts Microsoft Fabric, the CISO demands a comprehensive governance program, a committee drafts a 150-page governance charter, and eighteen months later nothing is implemented because the scope was too large, the requirements too abstract, and the stakeholders too overwhelmed.

Meanwhile, ungoverned Fabric workspaces proliferate. Sensitive data lands in lakehouses without classification. Reports are shared externally without review. Nobody knows who owns which datasets. The governance program that was supposed to prevent this chaos is still in draft.

The solution is not less governance — it is incremental governance. Start with the minimum viable governance that reduces your top risks, deliver measurable value in 4-6 weeks, and expand based on what you learn. This is the approach EPC Group uses for every enterprise governance implementation, and it works because it aligns governance investment with demonstrated ROI.

Phase 1: Foundation (Weeks 1-6) — Start Small

Phase 1 focuses on a single business domain — the one with the highest data risk or the strongest executive sponsor. You implement the governance essentials that address your top three risks, and you do it in six weeks or less.

1.1 Choose Your Pilot Domain

Select one domain: Finance, Sales, HR, or Operations. The ideal pilot domain has: (1) a willing executive sponsor, (2) 3-5 Fabric workspaces already in use, (3) data with clear sensitivity requirements (PII, financial data, health records), and (4) a small team (5-15 people) who will participate in the pilot. Do not pick the largest or most complex domain — pick the one where you can succeed quickly.

1.2 Implement Core Governance Controls

1.3 Establish Ownership

Assign a domain data steward — a business user (not IT) who is accountable for the pilot domain's data quality, access, and compliance. The steward reviews access requests, monitors data quality alerts, and represents the domain in governance meetings. EPC Group provides steward training as part of every Phase 1 engagement.

Phase 2: Expansion (Weeks 7-18) — Grow the Process

After Phase 1 proves governance value in a single domain, Phase 2 expands to 3-5 additional domains and introduces automated governance policies.

2.1 Domain-Driven Governance with Fabric Domains

Configure Fabric Domains to organize workspaces by business function. Each domain gets its own governance boundary with a designated owner, access policies, and data quality thresholds. Use Fabric's domain admin role to delegate governance responsibilities without granting tenant-level admin access.

2.2 Automated Data Quality Rules

Manual data quality checks do not scale. In Phase 2, implement automated data quality rules using Fabric notebooks or Great Expectations integration:

• Completeness rules — Percentage of non-null values in required columns (threshold: 99%+)
• Uniqueness rules — Primary key uniqueness validation (threshold: 100%)
• Freshness rules — Maximum age of data since last refresh (threshold: domain-specific SLA)
• Validity rules — Values within expected ranges, formats, and reference sets (e.g., state codes, currency codes)
• Consistency rules — Cross-table relationship integrity (e.g., every order has a valid customer ID)

Run quality rules on a daily schedule via Fabric pipelines. Store results in a governance Lakehouse. Build a Power BI data quality dashboard that domain stewards review weekly. Escalate quality failures above threshold to the domain owner.

2.3 Lineage and Impact Analysis

Enable Purview lineage tracking for all Fabric workspaces. Lineage shows the complete data flow: from source system through Data Factory pipelines, Lakehouse tables, Warehouse views, semantic models, and reports. This answers two critical questions: (1) "Where does this report's data come from?" — trace upstream. (2) "If I change this Lakehouse table, what breaks?" — trace downstream (impact analysis). Lineage is automatic for Fabric-native operations; external sources require Purview connector configuration.

Phase 3: Enterprise Scale (Weeks 19-34) — Mature the Program

Phase 3 transforms governance from a project into an operating capability. This phase addresses enterprise-wide policies, self-service governance tools, and compliance reporting.

3.1 Governance Council and Operating Model

Establish a cross-functional data governance council with representation from each domain, IT, security, compliance, and executive leadership. The council meets monthly to: review governance metrics, approve policy changes, resolve cross-domain data conflicts, and prioritize governance investments. EPC Group provides a governance operating model template with defined roles, responsibilities, escalation paths, and decision rights.

3.2 Self-Service Data Marketplace

Build a self-service data marketplace using Purview Data Catalog and Fabric endorsement labels. Certified datasets (endorsed by domain stewards) are discoverable in the marketplace. Business users search for data by business terms, not technical table names. Access requests route through an automated approval workflow: requester submits request, domain steward reviews, access is provisioned via Fabric workspace roles or item-level sharing. No more ad-hoc email requests.

3.3 Compliance Dashboards and Audit Readiness

For regulated industries — healthcare (HIPAA), financial services (SOX, SOC 2), government (FedRAMP) — Phase 3 delivers compliance dashboards that auditors can access directly. These dashboards show: data classification coverage, access review completion, data quality scores, sensitivity label compliance, and incident response metrics. When auditors arrive, you have real-time evidence instead of scrambled spreadsheets.

3.4 Automated Policy Enforcement

Move from advisory governance (recommendations) to automated governance (enforcement). Examples: (1) prevent creation of Fabric items without sensitivity labels using Purview policies, (2) block external sharing of Highly Confidential items using DLP policies, (3) auto-archive stale workspaces not accessed in 90 days, (4) enforce naming conventions for Lakehouses and Warehouses using custom Fabric admin policies. Automation eliminates human error and scales governance without scaling headcount.

Purview Integration: The Technical Deep Dive

Microsoft Purview is the governance backbone for Fabric. Here is what the integration provides and how to configure it:

Common Governance Anti-Patterns to Avoid

EPC Group has seen these governance anti-patterns repeatedly across enterprise Fabric implementations. Avoid them:

• Governance-as-gatekeeping. If governance slows every request to a crawl, users will bypass it. Governance should enable safe self-service, not block productivity.
• IT-only governance. When IT owns governance without business involvement, policies do not reflect business reality. Domain stewards must be business users, not IT staff.
• Boil-the-ocean scope. Trying to govern everything on day one guarantees nothing gets governed. Start with one domain, one risk.
• Documentation without automation. A governance policy that requires manual compliance is a governance policy that will not be followed. Automate enforcement from Phase 2 onward.
• No metrics. If you cannot measure governance adoption, you cannot improve it. Instrument everything from day one.

Frequently Asked Questions