Data Governance for Microsoft Fabric: Starting Small and Scaling Up

The Governance Paradox: Why Most Programs Fail

EPC Group has observed this pattern many times. An enterprise adopts Microsoft Fabric. The CISO then demands a complete governance program. A committee drafts a 150-page governance charter. However, eighteen months later, nothing is implemented. This often happens because the scope is too large, the requirements are too abstract, and the stakeholders feel overwhelmed.

Ungoverned Fabric workspaces are expanding quickly. Sensitive data is appearing in lakehouses without proper classification. Reports are being shared externally without review. This leads to confusion about dataset ownership. The governance program designed to address this issue is still in draft form.

The solution is not less governance — it is incremental governance. Start with the minimum viable governance that reduces your top risks, deliver measurable value in 4-6 weeks, and expand based on what you learn. This is the approach EPC Group uses for every enterprise governance implementation, and it works because it aligns governance investment with demonstrated ROI.

Phase 1: Foundation (Weeks 1-6) — Start Small

Phase 1 focuses on a single business domain — the one with the highest data risk or the strongest executive sponsor. You implement the governance essentials that address your top three risks, and you do it in six weeks or less.

1.1 Choose Your Pilot Domain

Choose one domain: Finance, Sales, HR, or Operations. The best pilot domain should have:

• A willing executive sponsor
• 3-5 Fabric workspaces already in use
• Data with clear sensitivity requirements (PII, financial data, health records)
• A small team of 5-15 people to participate in the pilot

Avoid selecting the largest or most complex domain. Instead, focus on the one where you can achieve quick success.

1.2 Implement Core Governance Controls

1.3 Establish Ownership

Assign a domain data steward. This is a business user (not IT) who is responsible for the pilot domain's data quality, access, and compliance.

The steward has several key responsibilities:

• Reviews access requests
• Monitors data quality alerts
• Represents the domain in governance meetings

EPC Group offers steward training as part of every Phase 1 engagement.

Phase 2: Expansion (Weeks 7-18) — Grow the Process

After Phase 1 proves governance value in a single domain, Phase 2 expands to 3-5 additional domains and introduces automated governance policies.

2.1 Domain-Driven Governance with Fabric Domains

Configure Fabric Domains to organize workspaces by business function. Each domain has its own governance boundary, a designated owner, access policies, and data quality thresholds.

Utilize Fabric's domain admin role to delegate governance responsibilities. This allows you to assign tasks without giving tenant-level admin access.

2.2 Automated Data Quality Rules

Manual data quality checks do not scale. In Phase 2, implement automated data quality rules using Fabric notebooks or Great Expectations integration:

• Completeness rules — Percentage of non-null values in required columns (threshold: 99%+)
• Uniqueness rules — Primary key uniqueness validation (threshold: 100%)
• Freshness rules — Maximum age of data since last refresh (threshold: domain-specific SLA)
• Validity rules — Values within expected ranges, formats, and reference sets (e.g., state codes, currency codes)
• Consistency rules — Cross-table relationship integrity (e.g., every order has a valid customer ID)

Run quality rules on a daily schedule via Fabric pipelines. Store results in a governance Lakehouse. Build a Power BI data quality dashboard that domain stewards review weekly. Escalate quality failures above threshold to the domain owner.

2.3 Lineage and Impact Analysis

Enable Purview lineage tracking for all Fabric workspaces. Lineage shows the full data flow from the source system through different components. These components include:

• Data Factory pipelines
• Lakehouse tables
• Warehouse views
• Semantic models
• Reports

This feature answers two critical questions:

• Where does this report's data come from? — trace upstream.
• If I change this Lakehouse table, what breaks? — trace downstream (impact analysis).

Lineage is automatic for Fabric-native operations. However, external sources require Purview connector configuration.

Phase 3: Enterprise Scale (Weeks 19-34) — Mature the Program

Phase 3 transforms governance from a project into an operating capability. This phase addresses enterprise-wide policies, self-service governance tools, and compliance reporting.

3.1 Governance Council and Operating Model

Establish a cross-functional data governance council. This council should include members from each domain, IT, security, compliance, and executive leadership. The council meets monthly to:

• Review governance metrics
• Approve policy changes
• Resolve cross-domain data conflicts
• Prioritize governance investments

EPC Group provides a governance operating model template. This template includes defined roles, responsibilities, escalation paths, and decision rights.

3.2 Self-Service Data Marketplace

Build a self-service data marketplace with Purview Data Catalog and Fabric endorsement labels. Certified datasets are endorsed by domain stewards and are easy to find in the marketplace.

Business users can search for data using familiar business terms instead of technical table names.

Access requests follow an automated approval workflow:

• The requester submits a request.
• The domain steward reviews the request.
• Access is granted through Fabric workspace roles or item-level sharing.

No more ad-hoc email requests.

3.3 Compliance Dashboards and Audit Readiness

For regulated industries such as healthcare (HIPAA), financial services (SOX, SOC 2), and government (FedRAMP), Phase 3 provides compliance dashboards. Auditors can access these dashboards directly.

• Data classification coverage
• Access review completion
• Data quality scores
• Sensitivity label compliance
• Incident response metrics

With these tools, you have real-time evidence ready for auditors, eliminating the need for scrambled spreadsheets.

3.4 Automated Policy Enforcement

Transition from advisory governance, which offers recommendations, to automated governance that enforces rules. This approach includes:

• Preventing the creation of Fabric items without sensitivity labels using Purview policies.
• Blocking external sharing of Highly Confidential items with DLP policies.
• Automatically archiving stale workspaces that have not been accessed in 90 days.
• Enforcing naming conventions for Lakehouses and Warehouses through custom Fabric admin policies.

Automation reduces human error and allows governance to scale without increasing headcount.

Purview Integration: The Technical Deep Dive

Microsoft Purview is the governance backbone for Fabric. Here is what the integration provides and how to configure it:

Common Governance Anti-Patterns to Avoid

EPC Group has seen these governance anti-patterns repeatedly across enterprise Fabric implementations. Avoid them:

• Governance-as-gatekeeping. If governance slows every request to a crawl, users will bypass it. Governance should enable safe self-service, not block productivity.
• IT-only governance. When IT owns governance without business involvement, policies do not reflect business reality. Domain stewards must be business users, not IT staff.
• Boil-the-ocean scope. Trying to govern everything on day one guarantees nothing gets governed. Start with one domain, one risk.
• Documentation without automation. A governance policy that requires manual compliance is a governance policy that will not be followed. Automate enforcement from Phase 2 onward.
• No metrics. If you cannot measure governance adoption, you cannot improve it. Instrument everything from day one.

Frequently Asked Questions