Tag: Top Technology Certification for 2026

Analytics, BI Administration, Business Intelligence, Business Intelligence (BI) Development, Business Intelligence Platform, Data Development, Data Governance, Data Integration, Data Integration (ETL), Data Modeling, Data Security, Data Strategy, Data Warehousing, DP-600, Microsoft Certification, Microsoft Fabric, Microsoft OneLake, Performance Tuning

Choose Between Direct Lake on OneLake and Direct Lake on SQL Endpoints

 
This post is a part of the DP-600: Implementing Analytics Solutions Using Microsoft Fabric Exam Prep Hub; and this topic falls under these sections: 
Implement and manage semantic models (25-30%) 
    --> Optimize enterprise-scale semantic models 
        --> Choose between Direct Lake on OneLake and Direct Lake on SQL endpoints

In Microsoft Fabric, Direct Lake is a high-performance semantic model storage mode that allows Power BI and Fabric semantic models to query data directly from OneLake without importing it into VertiPaq. When implementing Direct Lake, you must choose where the semantic model reads from, either:

  • Direct Lake on OneLake
  • Direct Lake on SQL endpoints

Understanding the differences, trade-offs, and use cases for each option is critical for optimizing enterprise-scale semantic models, and this topic appears explicitly in the DP-600 exam blueprint.

Direct Lake on OneLake

What It Is

Direct Lake on OneLake connects the semantic model directly to Delta tables stored in OneLake, bypassing SQL engines entirely. Queries operate directly on Parquet/Delta files using the Fabric Direct Lake engine.

Key Characteristics

  • Reads Delta tables directly from OneLake
  • No dependency on a SQL query engine
  • Near-Import performance with zero data duplication
  • Minimal latency between data ingestion and reporting
  • Requires supported Delta table structures and data types

Advantages

  • Best performance for large-scale analytics
  • Always reflects the latest data written to OneLake
  • Eliminates Import refresh overhead
  • Ideal for lakehouse-centric architectures

Limitations

  • Some complex DAX patterns may cause fallback
  • Requires schema compatibility with Direct Lake
  • Less flexibility for SQL-based transformations

Typical Use Cases

  • Enterprise lakehouse analytics
  • High-volume fact tables
  • Near-real-time reporting
  • Fabric-native data pipelines

Direct Lake on SQL Endpoints

What It Is

Direct Lake on SQL endpoints connects the semantic model to the SQL analytics endpoint of a Lakehouse or Warehouse, while still using Direct Lake storage mode behind the scenes.

Instead of reading files directly, the semantic model relies on the SQL endpoint to expose the data.

Key Characteristics

  • Queries go through the SQL endpoint
  • Still benefits from Direct Lake storage
  • Enables SQL views and transformations
  • Slightly higher latency than pure OneLake access

Advantages

  • Supports SQL-based modeling (views, joins, calculated columns)
  • Easier integration with existing SQL logic
  • Familiar experience for SQL-first teams
  • Useful when business logic is already defined in SQL

Limitations

  • Additional query layer may impact performance
  • Less efficient than direct file access
  • SQL endpoint availability becomes a dependency

Typical Use Cases

  • Organizations with strong SQL development practices
  • Reuse of existing SQL views and transformations
  • Gradual migration from Warehouse or SQL models
  • Mixed BI and ad-hoc SQL workloads

Key Comparison Summary

AspectDirect Lake on OneLakeDirect Lake on SQL Endpoint
Data accessDirect file accessVia SQL analytics endpoint
PerformanceHighestSlightly lower
SQL dependencyNoneRequired
Schema flexibilityLowerHigher
Transformation styleLakehouse / SparkSQL-based
Ideal forScale & performanceSQL reuse & flexibility

Choosing Between the Two (Exam-Focused Guidance)

On the DP-600 exam, questions typically focus on architectural intent and performance optimization:

Choose Direct Lake on OneLake when:

  • Performance is the top priority
  • Data is already modeled in Delta tables
  • You want the simplest, most scalable architecture
  • Near-real-time analytics are required

Choose Direct Lake on SQL endpoints when:

  • You need SQL views or transformations
  • Existing logic already exists in SQL
  • Teams are more comfortable with SQL than Spark
  • Some flexibility is preferred over maximum performance

Exam Tip 💡

If a question emphasizes:

  • Maximum performance, minimal latency, or scalability/large-scale analyticsDirect Lake on OneLake
  • SQL views, SQL transformations, or SQL reuseDirect Lake on SQL endpoints

Expect scenario-based questions where both options are technically valid, but only one best aligns with the business and performance requirements.

Practice Questions:

Here are 10 questions to test and help solidify your learning and knowledge. As you review these and other questions in your preparation, make sure to …

  • Identifying and understand why an option is correct (or incorrect) — not just which one
  • Look for and understand the usage scenario of keywords in exam questions to guide you
  • Expect scenario-based questions rather than direct definitions

Question 1

A company has Delta tables stored in OneLake and wants the lowest possible query latency for Power BI reports without using SQL views. Which option should they choose?

A. Import mode
B. DirectQuery on SQL endpoint
C. Direct Lake on SQL endpoint
D. Direct Lake on OneLake

Correct Answer: D

Explanation:
Direct Lake on OneLake reads Delta tables directly from OneLake without a SQL layer, delivering the best performance and lowest latency.

Question 2

Which requirement would most strongly favor Direct Lake on SQL endpoints over Direct Lake on OneLake?

A. Maximum performance
B. Real-time data visibility
C. Use of SQL views for business logic
D. Minimal infrastructure dependencies

Correct Answer: C

Explanation:
Direct Lake on SQL endpoints allows semantic models to consume SQL views and transformations, making it ideal when business logic is defined in SQL.

Question 3

What is a key architectural difference between Direct Lake on OneLake and Direct Lake on SQL endpoints?

A. Only OneLake supports Delta tables
B. SQL endpoints require data import
C. OneLake access bypasses the SQL engine
D. SQL endpoints cannot be used with semantic models

Correct Answer: C

Explanation:
Direct Lake on OneLake reads Delta files directly from storage, while SQL endpoints introduce an additional SQL query layer.

Question 4

A Fabric semantic model uses Direct Lake on OneLake. Under which condition might it fallback to DirectQuery?

A. The model contains calculated columns
B. The dataset exceeds 1 TB
C. The Delta table schema is unsupported
D. The SQL endpoint is unavailable

Correct Answer: C

Explanation:
If the Delta table schema or data types are not supported by Direct Lake, Fabric automatically falls back to DirectQuery.

Question 5

Which scenario is best suited for Direct Lake on SQL endpoints?

A. High-volume streaming telemetry
B. SQL-first team reusing existing warehouse views
C. Near-real-time dashboards on raw lake data
D. Large fact tables optimized for scan performance

Correct Answer: B

Explanation:
Direct Lake on SQL endpoints is ideal when teams rely on SQL views and want to reuse existing SQL logic.

Question 6

Which statement about performance is most accurate?

A. SQL endpoints always outperform OneLake
B. OneLake always requires Import mode
C. Direct Lake on OneLake typically offers better performance
D. Direct Lake on SQL endpoints does not use Direct Lake

Correct Answer: C

Explanation:
Direct Lake on OneLake avoids the SQL layer, resulting in faster query execution in most scenarios.

Question 7

A Power BI model must reflect new data immediately after ingestion into OneLake. Which option best supports this requirement?

A. Import mode
B. DirectQuery
C. Direct Lake on SQL endpoint
D. Direct Lake on OneLake

Correct Answer: D

Explanation:
Direct Lake on OneLake reads data directly from Delta tables and reflects changes immediately without refresh.

Question 8

Which dependency exists when using Direct Lake on SQL endpoints that does not exist with Direct Lake on OneLake?

A. Delta Lake support
B. VertiPaq compression
C. SQL analytics endpoint availability
D. Semantic model compatibility

Correct Answer: C

Explanation:
Direct Lake on SQL endpoints depends on the SQL analytics endpoint being available, while OneLake access does not.

Question 9

From a DP-600 exam perspective, which factor most often determines the correct choice between these two options?

A. Dataset size alone
B. Whether SQL transformations are required
C. Number of report users
D. Power BI license type

Correct Answer: B

Explanation:
Exam questions typically focus on whether SQL logic (views, joins, transformations) is needed, which drives the choice.

Question 10

You are designing an enterprise semantic model focused on scalability and minimal complexity. The data is already curated as Delta tables. What is the best choice?

A. Import mode
B. DirectQuery on SQL endpoint
C. Direct Lake on SQL endpoint
D. Direct Lake on OneLake

Correct Answer: D

Explanation:
Direct Lake on OneLake offers the simplest architecture with the highest scalability and performance when Delta tables are already prepared.

Analytics, BI Administration, Business Intelligence, Business Intelligence (BI) Development, Data Integration, Data Integration (ETL), Data Modeling, Data Strategy, Data Warehousing, DP-600, Microsoft Certification, Microsoft Fabric, Power BI, Power Query

Implement Incremental Refresh for Semantic Models

 
This post is a part of the DP-600: Implementing Analytics Solutions Using Microsoft Fabric Exam Prep Hub; and this topic falls under these sections: 
Implement and manage semantic models (25-30%) 
    --> Optimize enterprise-scale semantic models 
        --> Implement Incremental Refresh for Semantic Models

Overview

Incremental refresh is a key optimization technique for enterprise-scale semantic models in Microsoft Fabric and Power BI. Instead of fully refreshing all data during each refresh cycle, incremental refresh allows you to refresh only new or changed data, significantly improving refresh performance, reducing resource consumption, and enabling scalability for large datasets.

In the DP-600 exam, this topic appears under Optimize enterprise-scale semantic models and focuses on when, why, and how to configure incremental refresh correctly.

What Is Incremental Refresh?

Incremental refresh is a feature for Import mode and Hybrid (Import + DirectQuery) semantic models that:

  • Partitions data based on date/time columns
  • Refreshes only a recent portion of data
  • Retains historical data without reprocessing it
  • Optionally supports real-time data using DirectQuery

Incremental refresh is not applicable to:

  • Direct Lake–only semantic models
  • Pure DirectQuery models

Key Benefits

Incremental refresh provides several enterprise-level advantages:

  • Faster refresh times for large datasets
  • Reduced memory and CPU usage
  • Improved reliability of scheduled refreshes
  • Better scalability for growing fact tables
  • Enables near-real-time analytics when combined with DirectQuery

Core Configuration Components

1. Date/Time Column Requirement

Incremental refresh requires a column that:

  • Is of type Date, DateTime, or DateTimeZone
  • Represents a monotonically increasing timeline (for example, OrderDate or TransactionDate)

This column is used to define data partitions.

2. RangeStart and RangeEnd Parameters

Incremental refresh relies on two Power Query parameters:

  • RangeStart – Beginning of the refresh window
  • RangeEnd – End of the refresh window

These parameters:

  • Must be of type Date/Time
  • Are used in a filter step in Power Query
  • Are evaluated dynamically during refresh

Exam tip: These parameters are required, not optional.

3. Refresh and Storage Policies

When configuring incremental refresh, you define two key time windows:

PolicyPurpose
Store rows from the pastDefines how much historical data is retained
Refresh rows from the pastDefines how much recent data is refreshed

Example:

  • Store data for 5 years
  • Refresh data from the last 7 days

Only the refresh window is reprocessed during each refresh.

4. Optional: Detect Data Changes

Incremental refresh can optionally use a change detection column (for example, LastModifiedDate):

  • Only refreshes partitions where data has changed
  • Reduces unnecessary refresh operations
  • Column must be reliably updated when records change

This is especially useful for slowly changing dimensions.

Incremental Refresh with Real-Time Data (Hybrid Tables)

Incremental refresh can be combined with DirectQuery to support real-time data:

  • Historical data → Import mode
  • Recent data → DirectQuery

This configuration:

  • Uses the “Get the latest data in real time” option
  • Is commonly referred to as a Hybrid table
  • Balances performance with freshness

Deployment and Execution Behavior

  • Incremental refresh is defined in Power BI Desktop
  • Partitions are created only after publishing
  • Refresh execution happens in the Fabric service
  • Desktop refresh does not create partitions

Exam tip: Many questions test the difference between design-time configuration and service-side execution.

Limitations and Considerations

  • Requires Import or Hybrid mode
  • Date column must exist in the fact table
  • Cannot be configured directly in Fabric service
  • Schema changes may require full refresh
  • Partition count should be managed to avoid excessive overhead

Common DP-600 Exam Scenarios

You may be asked to:

  • Choose incremental refresh to solve long refresh times
  • Identify missing requirements (RangeStart/RangeEnd)
  • Decide between full refresh vs incremental refresh
  • Configure refresh windows for historical vs recent data
  • Combine incremental refresh with real-time analytics

When to Use Incremental Refresh (Exam Heuristic)

Choose incremental refresh when:

  • Fact tables are large and growing
  • Only recent data changes
  • Full refresh times are too long
  • Import mode is required for performance

Avoid it when:

  • Data volume is small
  • Real-time access is required for all data
  • Using Direct Lake–only models

Exam Tips

For DP-600, remember:

  • RangeStart / RangeEnd are mandatory
  • Incremental refresh = Import or Hybrid
  • Partitions are service-side
  • Refresh window ≠ storage window
  • Hybrid tables enable real-time + performance

Summary

Incremental refresh is a foundational optimization technique for large semantic models in Microsoft Fabric. For the DP-600 exam, focus on:

  • Required parameters (RangeStart, RangeEnd)
  • Refresh vs storage windows
  • Import and Hybrid model compatibility
  • Real-time and change detection scenarios
  • Service-side execution behavior

Practice Questions:

Here are 10 questions to test and help solidify your learning and knowledge. As you review these and other questions in your preparation, make sure to …

  • Identifying and understand why an option is correct (or incorrect) — not just which one
  • Look for and understand the usage scenario of keywords in exam questions to guide you
  • Expect scenario-based questions rather than direct definitions

Question 1

You have a large fact table with 5 years of historical data. Only the most recent data changes daily. Which feature should you implement to reduce refresh time?

A. DirectQuery mode
B. Incremental refresh
C. Calculated tables
D. Composite models

Correct Answer: B

Explanation:
Incremental refresh is designed to refresh only recent data while retaining historical partitions, significantly improving refresh performance for large datasets.

Question 2

Which two Power Query parameters are required to configure incremental refresh?

A. StartDate and EndDate
B. MinDate and MaxDate
C. RangeStart and RangeEnd
D. RefreshStart and RefreshEnd

Correct Answer: C

Explanation:
Incremental refresh requires RangeStart and RangeEnd parameters of type Date/Time to define partition boundaries.

Question 3

Where are incremental refresh partitions actually created?

A. Power BI Desktop during data load
B. Fabric Data Factory
C. Microsoft Fabric service after publishing
D. SQL endpoint

Correct Answer: C

Explanation:
Partitions are created and managed only in the Fabric service after the model is published. Desktop refresh does not create partitions.

Question 4

Which storage mode is required to use incremental refresh?

A. DirectQuery only
B. Direct Lake only
C. Import or Hybrid
D. Dual only

Correct Answer: C

Explanation:
Incremental refresh works with Import mode and Hybrid tables. It is not supported for DirectQuery-only or Direct Lake–only models.

Question 5

You configure incremental refresh to store 5 years of data and refresh the last 7 days. What happens during a scheduled refresh?

A. All data is fully refreshed
B. Only the last 7 days are refreshed
C. Only the last year is refreshed
D. Only new rows are loaded

Correct Answer: B

Explanation:
The refresh window defines how much data is reprocessed. Historical partitions outside that window are retained without refresh.

Question 6

Which column type is required for incremental refresh filtering?

A. Text
B. Integer
C. Boolean
D. Date/DateTime

Correct Answer: D

Explanation:
Incremental refresh requires a Date, DateTime, or DateTimeZone column to define time-based partitions.

Question 7

What is the purpose of the Detect data changes option?

A. To refresh all partitions automatically
B. To detect schema changes
C. To refresh only partitions where data has changed
D. To enable real-time DirectQuery

Correct Answer: C

Explanation:
Detect data changes uses a change-tracking column (e.g., LastModifiedDate) to avoid refreshing partitions when no data has changed.

Question 8

Which scenario best fits a Hybrid incremental refresh configuration?

A. All data must be queried in real time
B. Small dataset refreshed once per day
C. Historical data rarely changes, but recent data must be real time
D. Streaming data only

Correct Answer: C

Explanation:
Hybrid tables combine Import for historical data and DirectQuery for recent data, providing real-time access where needed.

Question 9

What happens if the date column used for incremental refresh contains null values?

A. Incremental refresh is automatically disabled
B. Only historical partitions fail
C. Refresh may fail or produce incorrect partitions
D. Null values are ignored safely

Correct Answer: C

Explanation:
The date column must be reliable. Null or invalid values can break partition logic and cause refresh failures.

Question 10

When should you avoid using incremental refresh?

A. When the dataset is large
B. When only recent data changes
C. When using Direct Lake–only semantic models
D. When refresh duration is long

Correct Answer: C

Explanation:
Incremental refresh is not supported for Direct Lake–only models, as Direct Lake handles freshness differently through OneLake access.

BI Administration, Business Intelligence Platform, Data Security, DP-600, Microsoft Certification, Microsoft Fabric

Implement workspace-level access controls in Microsoft Fabric

 
This post is a part of the DP-600: Implementing Analytics Solutions Using Microsoft Fabric Exam Prep Hub; and this topic falls under these sections: 
Maintain a data analytics solution 
    --> Implement security and governance 
        --> Implement workspace-level access controls

To Do:
Complete the related module for this topic in the Microsoft Learn course: Secure data access in Microsoft Fabric

Workspace-level access control is the first and most fundamental security boundary in Microsoft Fabric. It determines who can access a workspace, what actions they can perform, and how they can interact with Fabric items such as Lakehouses, Warehouses, semantic models, reports, notebooks, and pipelines.

For the DP-600 exam, you should clearly understand workspace roles, their permissions, and how workspace security integrates with broader governance practices.

What Are Workspace-Level Access Controls?

Workspace-level access controls define permissions at the workspace scope, applying to all items within that workspace unless further restricted by item-level or data-level security.

These controls are managed through workspace roles, which are assigned to:

  • Individual users
  • Microsoft Entra ID (Azure AD) security groups
  • Distribution lists (limited scenarios)

Workspace Roles in Microsoft Fabric

Microsoft Fabric workspaces use role-based access control (RBAC). There are 4 roles that users can be assigned to for workspace access and each role grants a predefined set of permissions.

1. Admin

Highest level of access

Admins can:

  • Manage workspace settings
  • Add or remove users and assign roles
  • Delete the workspace
  • Control capacity assignment
  • Access and manage all items

Typical use cases

  • Platform administrators
  • Lead analytics engineers

Exam note
Admins automatically have all permissions of lower roles.

2. Member

Full content creation and collaboration role

Members can:

  • Create, edit, and delete Fabric items
  • Publish and update semantic models and reports
  • Share content
  • Run pipelines and notebooks

Members cannot:

  • Delete the workspace
  • Manage capacity settings

Typical use cases

  • Analytics engineers
  • Senior analysts

3. Contributor

Content creation with limited governance control

Contributors can:

  • Create and modify items they have access to
  • Run notebooks, pipelines, and queries
  • Publish reports and datasets

Contributors cannot:

  • Manage workspace users
  • Modify workspace settings

Typical use cases

  • Data analysts
  • Developers contributing content

4. Viewer

Read-only access

Viewers can:

  • View reports and dashboards
  • Read data from semantic models
  • Execute queries if explicitly allowed

Viewers cannot:

  • Create or edit items
  • Publish or share content

Typical use cases

  • Business users
  • Report consumers

Summary table:

RoleDescriptionCan / CannotTypical use cases
Admin– Highest level of access.
– Full workspace administration access including ability to delete.		Admins Can:
– Manage workspace settings
– Add or remove users and assign roles
– Delete the workspace
– Control capacity assignment
– Access and manage all items		– Platform administrators
– Lead analytics engineers
MemberFull content creation and collaboration role.
– Can manage members with same or lower permissions.		Members can:
– Create, edit, and delete Fabric items
– Publish and update semantic models and reports
– Share content
– Run pipelines and notebooks

Members cannot:
– Delete the workspace
– Manage capacity settings		– Analytics engineers
– Senior analysts
Contributor– Content creation with limited governance control
– Can create and manage workspace content		Contributors can:
– Create and modify items they have access to
– Run notebooks, pipelines, and queries
– Publish reports and datasets

Contributors cannot:
– Manage workspace users
– Modify workspace settings		– Data analysts
– Developers contributing content
Viewer– Read-only access to the workspaceViewers can:
– View reports and dashboards
– Read data from semantic models
– Execute queries if explicitly allowed

Viewers cannot:
– Create or edit items
– Publish or share content		– Business users
– Report consumers

How Workspace-Level Security Is Enforced

Workspace-level access controls:

  • Are evaluated before item-level or data-level security
  • Determine whether a user can even see workspace content
  • Apply consistently across all Fabric workloads (Power BI, Lakehouse, Warehouse, Data Factory, Real-Time Analytics)

This makes workspace roles the entry point for all other security mechanisms.

Best Practices for Workspace-Level Access Control

Use Security Groups Instead of Individuals

  • Assign Microsoft Entra ID security groups to workspace roles
  • Simplifies access management
  • Supports scalable governance

Separate Workspaces by Purpose

Common patterns include:

  • Development vs Test vs Production
  • Department-specific workspaces
  • Consumer-only (Viewer) workspaces

Apply Least Privilege

  • Grant users the lowest role necessary
  • Avoid overusing Admin and Member roles

Relationship to Other Security Layers

Workspace-level access controls work alongside:

  • Item-level permissions (e.g., sharing a report)
  • Row-level, column-level, and object-level security in semantic models
  • File-level security in OneLake
  • Capacity-level governance

For exam scenarios, always identify which security layer is being tested.

Common Exam Scenarios to Watch For

You may be asked to:

  • Choose the correct workspace role for a given user persona
  • Identify why a user cannot see or edit workspace content
  • Decide when to use Viewer vs Contributor
  • Understand how workspace roles interact with RLS or file access

Key Exam Takeaways

  • Workspace roles control who can access a workspace and what actions they can perform
  • Admin, Member, Contributor, and Viewer each have distinct permission boundaries
  • Workspace security is broader than item-level sharing
  • Always think workspace first, data second when designing security

Exam Tips

If the question is about who can create, edit, share, or manage content, the answer almost always involves workspace-level access controls.

Expect scenario-based questions that test:

  • Choosing the least-privileged role
  • Understanding the difference between Member vs Contributor
  • Knowing when workspace security is not enough and must be combined with RLS or item-level access

Practice Questions

Question 1 (Single choice)

Which workspace role in Microsoft Fabric allows a user to publish content, manage permissions, and delete the workspace?

A. Viewer
B. Contributor
C. Member
D. Admin

Correct Answer: D

Explanation:

  • Admin is the highest workspace role and includes full control, including managing access, deleting the workspace, and assigning roles.
  • Contributors and Members cannot manage workspace-level permissions.
  • Viewers have read-only access.

Question 2 (Scenario-based)

You want analysts to create and edit items (lakehouses, notebooks, reports) but prevent them from managing access or deleting the workspace. Which role should you assign?

A. Viewer
B. Contributor
C. Member
D. Admin

Correct Answer: C

Explanation:

  • Members can create, edit, and publish content but cannot manage workspace access or delete the workspace.
  • Contributors have more limited permissions.
  • Admins have excessive privileges for this scenario.

Question 3 (Multi-select)

Which actions are possible for a user assigned the Contributor role? (Select all that apply.)

A. Create new items
B. Edit existing items
C. Manage workspace permissions
D. Publish reports to the workspace

Correct Answers: A, B

Explanation:

  • Contributors can create and edit items.
  • They cannot manage permissions or perform full publishing/administrative actions.
  • Publishing to app audiences or managing access requires Member or Admin.

Question 4 (Scenario-based)

A workspace contains sensitive data. You want executives to view reports only, without seeing datasets, lakehouses, or notebooks. What is the BEST approach?

A. Assign Viewer role
B. Assign Contributor role
C. Assign Member role
D. Assign Admin role

Correct Answer: A

Explanation:

  • Viewer role provides read-only access and prevents exposure to underlying assets beyond consumption.
  • Other roles expose authoring and object-level visibility.

Question 5 (Single choice)

Workspace-level access controls in Fabric are applied to:

A. Individual tables only
B. Semantic models only
C. All items within the workspace
D. Reports published to apps only

Correct Answer: C

Explanation:

  • Workspace-level roles apply across all items in the workspace unless further restricted using item-level or semantic-model security.
  • Finer-grained security must be implemented separately.

Question 6 (Scenario-based)

You need to ensure that workspace access is centrally governed and users cannot self-assign roles. What is the BEST practice?

A. Allow Members to manage access
B. Restrict access management to Admins only
C. Use Viewer roles exclusively
D. Disable workspace sharing

Correct Answer: B

Explanation:

  • Only Admins should manage workspace access for governance and compliance.
  • Members should not be allowed to assign roles in controlled environments.

Question 7 (Multi-select)

Which of the following are valid workspace roles in Microsoft Fabric? (Select all that apply.)

A. Viewer
B. Contributor
C. Member
D. Owner

Correct Answers: A, B, C

Explanation:

  • Valid Fabric workspace roles are Viewer, Contributor, Member, and Admin.
  • “Owner” is not a Fabric workspace role.

Question 8 (Scenario-based)

A user can view reports but receives an error when attempting to open a semantic model directly. What is the MOST likely reason?

A. They are a Contributor
B. They are a Viewer
C. The dataset is in Import mode
D. XMLA endpoint is disabled

Correct Answer: B

Explanation:

  • Viewers can consume reports but may not have permissions to explore or access underlying semantic models directly.
  • This behavior aligns with workspace-level access restrictions.

Question 9 (Single choice)

Which statement about workspace-level access vs. item-level security is TRUE?

A. Workspace access overrides all other security
B. Workspace access is more granular than item-level security
C. Item-level security can further restrict access granted by workspace roles
D. Workspace access only applies to reports

Correct Answer: C

Explanation:

  • Workspace roles grant baseline access, which can then be restricted using item-level security, RLS, or object-level permissions.
  • Workspace access does not override more restrictive controls.

Question 10 (Scenario-based)

You want to minimize administrative overhead while allowing self-service analytics. Which workspace role strategy is MOST appropriate?

A. Assign Admin to all users
B. Assign Member to authors and Viewer to consumers
C. Assign Contributor to executives
D. Assign Viewer to data engineers

Correct Answer: B

Explanation:

  • This is a recommended best practice:
    • Members for authors/builders
    • Viewers for consumers
  • It balances governance and agility while minimizing risk.
Analytics, BI Administration, Data Security, Data Strategy, DP-600, Microsoft Certification, Microsoft Fabric

Implement Row-Level, Column-Level, Object-Level, and File-Level Access Controls in Microsoft Fabric

 
This post is a part of the DP-600: Implementing Analytics Solutions Using Microsoft Fabric Exam Prep Hub; and this topic falls under these sections: 
Maintain a data analytics solution 
 --> Implement security and governance
  --> Implement row-level, column-level, object-level, and file-level access control

To Do:
Complete the related module for this topic in the Microsoft Learn course: Secure data access in Microsoft Fabric

Security and governance are foundational responsibilities of a Fabric Analytics Engineer. Microsoft Fabric provides multiple layers of access control to ensure users can only see and interact with the data they are authorized to access. For the DP-600 exam, it is important to understand what each access control type does, where it is applied, and when to use it.

1. Row-Level Security (RLS)

What it is

Row-Level Security (RLS) restricts access to specific rows in a table based on the identity or role of the user querying the data.

Where it is implemented

  • Power BI semantic models (datasets)
  • Direct Lake or Import models in Fabric
  • Applies at query time

How it works

  • You define DAX filter expressions on tables.
  • Users are assigned to roles, and those roles determine which rows are visible.
  • The filtering is enforced automatically whenever the model is queried.

Common use cases

  • Sales users see only their assigned regions
  • Managers see only their department’s data
  • Multi-tenant reporting scenarios

Exam tips

  • RLS filters rows, not columns
  • RLS is evaluated dynamically based on user context
  • Know the difference between static RLS (hard-coded filters) and dynamic RLS (based on USERPRINCIPALNAME or lookup tables)

2. Column-Level Security (CLS)

What it is

Column-Level Security (CLS) restricts access to specific columns within a table, preventing sensitive fields from being exposed.

Where it is implemented

  • Power BI semantic models
  • Defined within the model, not in reports

How it works

  • Columns are marked as hidden for certain roles
  • Users in those roles cannot query or visualize the restricted columns

Common use cases

  • Hiding personally identifiable information (PII)
  • Restricting access to salary, cost, or confidential metrics

Exam tips

  • CLS does not hide entire rows
  • Users without access cannot bypass CLS using visuals or queries
  • CLS is evaluated before data reaches the report layer

3. Object-Level Security (OLS)

What it is

Object-Level Security (OLS) controls access to entire objects within a semantic model, such as:

  • Tables
  • Columns
  • Measures

Where it is implemented

  • Power BI semantic models in Fabric
  • Typically managed using external tools or advanced model editing

How it works

  • Objects are explicitly denied to specific roles
  • Denied objects are completely invisible to the user

Common use cases

  • Hiding technical or staging tables
  • Preventing access to internal calculation measures
  • Supporting multiple audiences from the same model

Exam tips

  • OLS is stronger than CLS (objects are invisible, not just hidden)
  • OLS affects metadata discovery
  • Users cannot query objects they do not have access to

4. File-Level Access Controls

What it is

File-level access control governs who can access files stored in OneLake, including:

  • Lakehouse files
  • Warehouse data
  • Files accessed via notebooks or Spark jobs

Where it is implemented

  • OneLake
  • Workspace permissions
  • Underlying Azure Data Lake Gen2 permission model

How it works

  • Permissions are assigned at:
    • Workspace level
    • Item level (Lakehouse, Warehouse)
    • Folder or file level (where applicable)
  • Uses role-based access control (RBAC)

Common use cases

  • Restricting raw data access to engineers only
  • Allowing analysts read-only access to curated zones
  • Enforcing separation between development and production data

Exam tips

  • File-level security applies before data reaches semantic models
  • Workspace roles (Admin, Member, Contributor, Viewer) matter
  • OneLake follows a centralized storage model across Fabric workloads

Key Comparisons to Remember for the Exam

Security TypeScopeEnforced AtTypical Use
Row-Level (RLS)RowsQuery timeUser-specific data filtering
Column-Level (CLS)ColumnsModel levelProtect sensitive fields
Object-Level (OLS)Tables, columns, measuresModel metadataHide entire objects
File-LevelFiles and foldersStorage/workspaceControl raw and curated data access

How This Fits into Fabric Governance

In Microsoft Fabric, these access controls work together:

  • File-level security protects data at rest
  • Object-, column-, and row-level security protect data at the semantic model layer
  • Workspace roles govern who can create, modify, or consume items

For the DP-600 exam, expect scenario-based questions that test:

  • Choosing the right level of security
  • Understanding where security is enforced
  • Knowing limitations and interactions between security types

Final Exam Tips

If the question mentions who can see which data values, think RLS or CLS.
If it mentions who can see which objects, think OLS.
If it mentions access to files or raw data, think file-level and workspace permissions.

DP-600 Exam Strategy Notes

  • Security evaluation order (exam favorite):
    1. Workspace access
    2. Item-level access
    3. Object-level security
    4. Column-level security
    5. Row-level security
  • Use:
    • RLSWho sees which rows?
    • CLSWho sees which columns?
    • OLSWho sees which tables/measures?
    • File-levelWho sees which files?

Practice Questions

Question 1 (Single choice)

Which access control mechanism restricts which rows of data a user can see in a semantic model?

A. Column-level security
B. Object-level security
C. Row-level security
D. Item-level access

Correct Answer: C

Explanation:

  • Row-level security (RLS) filters rows dynamically based on user identity.
  • CLS restricts columns, OLS restricts objects, and item-level controls access to the artifact itself.

Question 2 (Scenario-based)

A sales manager should only see sales data for their assigned region across all reports. Which solution should you implement?

A. Column-level security
B. Row-level security with dynamic DAX
C. Object-level security
D. Workspace Viewer role

Correct Answer: B

Explanation:

  • Dynamic RLS uses functions like USERPRINCIPALNAME() to filter rows per user.
  • Workspace roles do not filter data.

Question 3 (Multi-select)

Which security types are configured within a Power BI semantic model? (Select all that apply.)

A. Row-level security
B. Column-level security
C. Object-level security
D. File-level security

Correct Answers: A, B, C

Explanation:

  • RLS, CLS, and OLS are semantic model features.
  • File-level security applies to OneLake files, not semantic models.

Question 4 (Scenario-based)

You want to prevent users from seeing a Salary column but still allow access to other columns in the table. What should you use?

A. Row-level security
B. Object-level security
C. Column-level security
D. Item-level access

Correct Answer: C

Explanation:

  • Column-level security hides specific columns from unauthorized users.
  • RLS filters rows, not columns.

Question 5 (Single choice)

Which access control hides entire tables or measures from users?

A. Row-level security
B. Column-level security
C. Object-level security
D. File-level security

Correct Answer: C

Explanation:

  • Object-level security (OLS) hides tables, columns, or measures completely.
  • Users won’t even see them in the field list.

Question 6 (Scenario-based)

A user should be able to query a semantic model but must not see a calculated measure used only internally. Which control is BEST?

A. Column-level security
B. Object-level security
C. Row-level security
D. Workspace permission

Correct Answer: B

Explanation:

  • OLS can hide measures entirely.
  • CLS only applies to columns, not measures.

Question 7 (Multi-select)

Which scenarios require file-level access controls in Microsoft Fabric? (Select all that apply.)

A. Restricting access to specific Parquet files in OneLake
B. Limiting access to a lakehouse table
C. Controlling access to raw ingestion files
D. Filtering rows in a semantic model

Correct Answers: A, C

Explanation:

  • File-level access applies to files and folders in OneLake.
  • Table and row access are handled elsewhere.

Question 8 (Scenario-based)

A data engineer needs access to raw files in OneLake, but analysts should only see curated tables. What should you implement?

A. Row-level security
B. Column-level security
C. File-level access controls
D. Object-level security

Correct Answer: C

Explanation:

  • File-level access ensures analysts cannot browse or access raw files.
  • RLS and CLS don’t apply at the file system level.

Question 9 (Single choice)

Which security type is evaluated first when a user attempts to access data?

A. Row-level security
B. Column-level security
C. Item-level access
D. Object-level security

Correct Answer: C

Explanation:

  • Item-level access determines whether the user can access the artifact at all.
  • If denied, other security layers are never evaluated.

Question 10 (Scenario-based)

A user can access a report but receives an error when querying a table directly from the semantic model. What is the MOST likely cause?

A. Missing Row-Level Security role
B. Column-level security blocking access
C. Object-level security hiding the table
D. File-level security restriction

Correct Answer: C

Explanation:

  • If OLS hides a table, it cannot be queried—even if reports still function.
  • Reports may rely on cached or abstracted queries.
Analytics, BI Administration, Business Intelligence (BI) Development, Business Intelligence Platform, Data Analysis, Data Governance, Data Quality Assurance, Data Security, DP-600, Microsoft Certification, Microsoft Fabric

Apply sensitivity labels to items in Microsoft Fabric

 
This post is a part of the DP-600: Implementing Analytics Solutions Using Microsoft Fabric Exam Prep Hub; and this topic falls under these sections: 
Maintain a data analytics solution 
   --> Implement security and governance
      --> Apply sensitivity labels to items

To Do:
Complete the related module for this topic in the Microsoft Learn course: Secure data access in Microsoft Fabric

Sensitivity labels are a data protection and governance feature in Microsoft Fabric that help organizations classify, protect, and control the handling of sensitive data. They integrate with Microsoft Purview Information Protection and extend data protection consistently across Fabric, Power BI, and Microsoft 365.

For the DP-600 exam, you should understand what sensitivity labels are, how they are applied, what they affect, and how they differ from access controls.

What Are Sensitivity Labels?

Sensitivity labels:

  • Classify data based on confidentiality and business impact
  • Travel with the data across supported services
  • Can trigger protection behaviors, such as encryption or usage restrictions

Common label examples include:

  • Public
  • Internal
  • Confidential
  • Highly Confidential

Labels are organizationally defined and managed centrally.

Where Sensitivity Labels Come From

Sensitivity labels in Fabric are:

  • Created and managed in Microsoft Purview
  • Defined at the tenant level by security or compliance administrators
  • Made available to Fabric and Power BI through tenant settings

Fabric users apply labels, but typically do not define them.

Items That Can Be Labeled in Microsoft Fabric

Sensitivity labels can be applied to many Fabric items, including:

  • Semantic models (datasets)
  • Reports
  • Dashboards
  • Dataflows
  • Lakehouses and Warehouses (where supported)
  • Exported artifacts (Excel, PowerPoint, PDF)

This makes labeling a cross-workload governance mechanism.

How Sensitivity Labels Are Applied

Labels can be applied:

  • Manually by item owners or authorized users
  • Automatically through inherited labeling
  • Programmatically via APIs (advanced scenarios)

Label Inheritance

In many cases:

  • Reports inherit the label from their underlying semantic model
  • Dashboards inherit labels from pinned tiles
  • Exported files inherit the label of the source item

This inheritance model is frequently tested in exam scenarios.

What Sensitivity Labels Do (and Do Not Do)

What they do:

  • Classify data for compliance and governance
  • Enable protection such as:
    • Encryption
    • Watermarking
    • Usage restrictions (e.g., block external sharing)
  • Travel with data when exported or shared

What they do NOT do:

  • Grant or restrict user access
  • Replace workspace, item-level, or data-level security
  • Filter rows or columns

Key exam distinction:
Sensitivity labels protect data after access is granted.

Sensitivity Labels vs Endorsements

These two concepts are often confused on exams.

FeatureSensitivity LabelsEndorsements
PurposeData protectionTrust and quality
EnforcedYesNo
Affects behaviorYes (encryption, sharing rules)No
Security-relatedYesGovernance guidance

Governance and Compliance Benefits

Sensitivity labels support:

  • Regulatory compliance (e.g., GDPR, HIPAA)
  • Data loss prevention (DLP)
  • Auditing and reporting
  • Consistent handling of sensitive data across platforms

They are especially important in environments with:

  • Self-service analytics
  • Data exports to Excel or PowerPoint
  • External sharing scenarios

Common Exam Scenarios

You may see questions such as:

  • A report exported to Excel must remain encrypted → sensitivity label
  • Data should be classified as confidential but still shared internally → labeling, not access restriction
  • Users can view data but cannot share externally → label-driven protection
  • A report automatically inherits its dataset’s classification → label inheritance

Best Practices to Remember

  • Apply labels at the semantic model level to ensure inheritance
  • Use sensitivity labels alongside:
    • Workspace and item-level access controls
    • RLS and CLS
    • Endorsements
  • Review labeling regularly to ensure accuracy
  • Educate users on selecting the correct label

Key Exam Takeaways

  • Sensitivity labels classify and protect data
  • They are defined in Microsoft Purview
  • Labels can enforce encryption and sharing restrictions
  • Labels do not control access
  • Inheritance behavior is important for DP-600 questions

Exam Tips

  • If a question focuses on classifying, protecting, or controlling how data is shared after access, think sensitivity labels.
  • If it focuses on who can see the data, think security roles or permissions.
  • Expect scenario questions involving:
    • PII, financial data, or confidential data
    • Export restrictions
    • Label inheritance
  • Know the difference between:
    • Security (RLS, OLS, item access)
    • Governance & compliance (sensitivity labels)
  • Always associate sensitivity labels with Microsoft Purview

Practice Questions

Question 1 (Single choice)

What is the PRIMARY purpose of applying sensitivity labels to items in Microsoft Fabric?

A. Improve query performance
B. Control row-level data access
C. Classify and protect data based on sensitivity
D. Grant workspace permissions

Correct Answer: C

Explanation:
Sensitivity labels are used for data classification, protection, and governance, not for performance or access control.

Question 2 (Scenario-based)

Your organization requires that all reports containing customer PII automatically display a watermark and restrict external sharing. What feature enables this?

A. Row-level security
B. Sensitivity labels with protection settings
C. Item-level access controls
D. Conditional access policies

Correct Answer: B

Explanation:
Sensitivity labels can apply visual markings, encryption, and sharing restrictions when integrated with Microsoft Purview.

Question 3 (Multi-select)

Which Fabric items can have sensitivity labels applied? (Select all that apply.)

A. Power BI reports
B. Semantic models
C. Lakehouses and warehouses
D. Notebooks

Correct Answers: A, B, C, D

Explanation:
Sensitivity labels can be applied to most Fabric artifacts, enabling consistent governance across analytics assets.

Question 4 (Scenario-based)

A semantic model inherits a sensitivity label from its underlying data source. What does this behavior represent?

A. Manual labeling
B. Label inheritance
C. Workspace-level labeling
D. Object-level security

Correct Answer: B

Explanation:
Label inheritance ensures that downstream artifacts maintain appropriate sensitivity classifications automatically.

Question 5 (Single choice)

Which service must be configured to define and manage sensitivity labels used in Microsoft Fabric?

A. Azure Active Directory
B. Microsoft Defender
C. Microsoft Purview
D. Power BI Admin portal

Correct Answer: C

Explanation:
Sensitivity labels are defined and managed in Microsoft Purview, then applied across Microsoft Fabric and Power BI.

Question 6 (Scenario-based)

A report is labeled Highly Confidential, but a user attempts to export its data to Excel. What is the expected behavior?

A. Export always succeeds
B. Export is blocked or encrypted based on label policy
C. Export ignores sensitivity labels
D. Only row-level security applies

Correct Answer: B

Explanation:
Sensitivity labels can restrict exports, apply encryption, or enforce protection based on policy.

Question 7 (Multi-select)

Which actions can sensitivity labels enforce? (Select all that apply.)

A. Data encryption
B. Watermarks and headers
C. External sharing restrictions
D. Row-level filtering

Correct Answers: A, B, C

Explanation:
Sensitivity labels control protection and compliance, not data filtering.

Question 8 (Scenario-based)

You apply a sensitivity label to a lakehouse. Which downstream artifact is MOST likely to automatically inherit the label?

A. A Power BI report built on the semantic model
B. A notebook in a different workspace
C. An external CSV export
D. An Azure SQL Database

Correct Answer: A

Explanation:
Label inheritance flows through Fabric analytics artifacts, especially semantic models and reports.

Question 9 (Single choice)

Who is typically allowed to apply or change sensitivity labels on Fabric items?

A. Any workspace Viewer
B. Only Microsoft admins
C. Users with sufficient item permissions
D. External users

Correct Answer: C

Explanation:
Users must have appropriate permissions (Contributor/Owner or item-level rights) to apply labels.

Question 10 (Scenario-based)

Your compliance team wants visibility into how sensitive data is used across Fabric. Which feature supports this requirement?

A. Query caching
B. Audit logs
C. Sensitivity labels with Purview reporting
D. Direct Lake mode

Correct Answer: C

Explanation:
Sensitivity labels integrate with Microsoft Purview reporting and auditing for compliance and governance tracking.

BI Administration, Business Intelligence Platform, Data Governance, Data Quality Assurance, Data Security, Data Strategy, DP-600, Microsoft Certification, Microsoft Fabric

Endorse items in Microsoft Fabric

 
This post is a part of the DP-600: Implementing Analytics Solutions Using Microsoft Fabric Exam Prep Hub; and this topic falls under these sections: 
Maintain a data analytics solution 
    --> Implement security and governance 
        --> Endorse items

To Do:
Complete the related module for this topic in the Microsoft Learn course: Secure data access in Microsoft Fabric

Item endorsement is a governance feature in Microsoft Fabric that helps organizations identify trusted, high-quality, and officially supported analytics assets. Endorsements guide users toward the right data and reports, reduce duplication, and promote consistent decision-making.

For the DP-600 exam, you should understand what endorsement is, the types of endorsements available, who can apply them, and how endorsements affect user behavior (not security).

What Does It Mean to Endorse an Item?

Endorsing an item signals to users that the content is:

  • Reliable
  • Well-maintained
  • Appropriate for reuse and decision-making

Endorsement is not a security mechanism. It does not grant or restrict access—it provides trust and visibility cues within the Fabric experience.

Endorsements can be applied to:

  • Semantic models (datasets)
  • Reports
  • Dashboards
  • Other supported Fabric items

Types of Endorsements

Microsoft Fabric supports three endorsement states:

1. None

There is no endorsement on the content.

2. Promoted

Promoted items are considered:

  • Useful
  • Reviewed
  • Suitable for reuse

Key characteristics:

  • Any item owner can promote their own content
  • Indicates quality, but not official certification
  • Common for team-approved or department-level assets

Typical use cases

  • A curated dataset used by multiple analysts
  • A well-designed report shared across a department

3. Certified

Certified items represent the highest level of trust.

Key characteristics:

  • Only authorized users (often admins or designated certifiers) can certify
  • Indicates the item meets organizational standards for:
    • Data quality
    • Governance
    • Security
  • Intended for enterprise-wide consumption

Typical use cases

  • Official financial reporting datasets
  • Executive dashboards
  • Enterprise semantic models

Who Can Endorse Items?

  • Promoted: Item owners
  • Certified: Users authorized by Fabric or Power BI tenant settings (often admins or data stewards)

This distinction is important for the exam: not everyone can certify content, even if they own it.

Where Endorsements Appear

Endorsements are visible across the Fabric and Power BI experiences:

  • In search results
  • In lineage view
  • In the data hub
  • When users select data sources for report creation

Certified items are typically:

  • Ranked higher
  • More visible
  • Preferred in self-service analytics workflows

Endorsements vs Security Controls

A common exam trap is confusing endorsements with access control.

FeatureEndorsementAccess Control
PurposeTrust and qualitySecurity and restriction
Limits access?NoYes
Affects visibilityYesYes
Enforced by systemNo (informational)Yes (mandatory)

The “Make discoverable” setting

Within the selection settings dialog for Endorsement, there is also a selection option for “Make discoverable“. This option, when selected, allows users to discover the content even if they do not have access to it, and they can then request access.

Summary table

Endorsement and Discovery stateWhat it isWho can do itTypical Use Cases
NoneThere is no endorsement on the content
PromotedThe content is endorsed/flagged as Promoted

Promoted items are considered:
– Useful
– Reviewed
– Suitable for reuse

Key characteristics:
– Any item owner can promote their own content
– Indicates quality, but not official certification
– Common for team-approved or department-level assets
– Users can assign “Promoted” without any specific admin settings.
– Users can “Promote” as long as they have write permissions on a semantic model.
– A curated dataset used by multiple analysts
– A well-designed report shared across a department
CertifiedThe content is endorsed/flagged as Certified.

Certified items represent the highest level of trust.

Key characteristics:
– Only authorized users (often admins or designated certifiers) can certify
– Indicates the item meets organizational standards for: Data quality, Governance, and Security
– Intended for enterprise-wide consumption		Certification” requires admin approval to be able to set it.– Official financial reporting datasets
– Executive dashboards
– Enterprise semantic models
Make discoverableThe content is endorsed/flagged as Findable. And the discoverability can be set for selected users, the entire company, or all except selected users.Make content discoverable even to those that do not currently have access, so that they become aware it’s available and can request access to it.

Key takeaway:
A user must still have workspace or item-level access to use an endorsed item.

Role of Endorsements in Governance

Endorsements support governance by:

  • Encouraging reuse of approved assets
  • Reducing “shadow BI”
  • Helping users choose the right data source
  • Aligning self-service analytics with enterprise standards

They are especially important in large Fabric environments with:

  • Many workspaces
  • Multiple datasets covering similar subject areas
  • Mixed technical and business users

Common Exam Scenarios

Expect questions such as:

  • When to use Promoted vs Certified
  • Who is allowed to certify an item
  • Whether certification affects access permissions (it does not)
  • How endorsements support discoverability and trust

Example scenario:

Business users are building reports from multiple datasets and need guidance on which one is authoritative.
Correct concept: Certified semantic models.

Best Practices to Remember

  • Promote items early to guide reuse
  • Reserve certification for high-value, governed assets
  • Combine endorsements with:
    • Clear workspace organization
    • Descriptions and documentation
    • Proper access controls
  • Review certifications periodically to ensure relevance

Key Exam Takeaways

  • Endorsements indicate trust, not permission
  • Two endorsement levels: Promoted and Certified
  • Certification requires special authorization
  • Endorsements improve discoverability and governance in Fabric

Final Exam Tips

  • If a question is about helping users identify trusted or official data, think endorsements.
  • If it’s about restricting access, think workspace, item-level, or data-level security.
  • Know the difference between Promoted and Certified
  • Expect scenario questions about:
    • Data trust
    • Self-service vs governed BI
    • Discoverability in Data hub
  • Remember:
    • Endorsements ≠ security
    • Endorsements ≠ performance tuning
  • Certification permissions are centrally controlled

Link to documentation on this topic: Endorse your content

Practice Questions

Question 1 (Single choice)

What is the PRIMARY purpose of endorsing items in Microsoft Fabric?

A. Improve dataset refresh performance
B. Control data access permissions
C. Identify trusted and authoritative content
D. Apply compliance policies

Correct Answer: C

Explanation:
Endorsements help users quickly identify reliable, trusted content such as official semantic models and reports.

Question 2 (Multi-select)

Which endorsement types are available in Microsoft Fabric? (Select all that apply.)

A. Certified
B. Promoted
C. Verified
D. Approved

Correct Answers: A, B

Explanation:
Fabric supports Promoted and Certified endorsements. “Verified” and “Approved” are not valid endorsement types.

Question 3 (Scenario-based)

A business analyst creates a report that is useful but not officially validated. What endorsement is MOST appropriate?

A. Certified
B. Promoted
C. Deprecated
D. Restricted

Correct Answer: B

Explanation:
Promoted indicates content that is useful and recommended, but not formally governed or validated.

Question 4 (Scenario-based)

Your organization wants only centrally governed semantic models to be marked as official sources of truth. Which endorsement should be used?

A. Promoted
B. Shared
C. Certified
D. Published

Correct Answer: C

Explanation:
Certified content represents authoritative, validated data assets approved by data owners or governance teams.

Question 5 (Single choice)

Who can typically certify an item in Microsoft Fabric?

A. Any workspace Member
B. Only the item creator
C. Users authorized by tenant or workspace settings
D. External users

Correct Answer: C

Explanation:
Certification is restricted and controlled by tenant-level or workspace-level governance policies.

Question 6 (Multi-select)

Which Fabric items can be endorsed? (Select all that apply.)

A. Semantic models
B. Reports
C. Dashboards
D. Dataflows Gen2

Correct Answers: A, B, D

Explanation:
Semantic models, reports, and dataflows can be endorsed. Dashboards are less commonly emphasized in Fabric exam contexts.

Question 7 (Scenario-based)

A user searches for datasets in the Data hub. How do endorsements help in this scenario?

A. They hide non-endorsed items
B. They improve query performance
C. They help users identify trusted content
D. They automatically grant access

Correct Answer: C

Explanation:
Endorsements improve discoverability and trust, not access or performance.

Question 8 (Single choice)

What is the relationship between endorsements and security?

A. Endorsements enforce access controls
B. Endorsements replace RLS
C. Endorsements are independent of security
D. Endorsements automatically grant read access

Correct Answer: C

Explanation:
Endorsements do not control access. Security must be handled separately via permissions and access controls.

Question 9 (Scenario-based)

Your organization wants users to prefer centrally curated datasets without blocking self-service models. What approach BEST supports this?

A. Apply row-level security
B. Disable dataset creation
C. Certify governed datasets
D. Use Direct Lake mode

Correct Answer: C

Explanation:
Certifying official datasets encourages reuse while still allowing self-service analytics.

Question 10 (Fill in the blank)

In Microsoft Fabric, ________ items represent fully validated and authoritative content, while ________ items indicate recommended but not formally governed content.

Correct Answer:
Certified, Promoted

Explanation:
Certified = authoritative source of truth
Promoted = useful and recommended, but not governed

BI Administration, Business Intelligence, Business Intelligence (BI) Development, Business Intelligence Platform, Data Development, Data Governance, Data Quality Assurance, Data Security, Data Strategy, DP-600, Microsoft Certification, Microsoft Fabric

Configure version control for a workspace in Microsoft Fabric

 
This post is a part of the DP-600: Implementing Analytics Solutions Using Microsoft Fabric Exam Prep Hub; and this topic falls under these sections: 
Maintain a data analytics solution 
    --> Maintain the analytics development lifecycle 
        --> Configure version control for a workspace

Version control in Microsoft Fabric enables teams to track changes, collaborate safely, and manage the lifecycle of analytics assets using source control practices. Fabric integrates workspace items with Git repositories, bringing DevOps discipline to analytics development.

For the DP-600 exam, you should understand how Git integration works in Fabric, what items are supported, how changes flow, and common governance scenarios.

What Is Workspace Version Control in Fabric?

Workspace version control allows you to:

  • Connect a Fabric workspace to a Git repository
  • Store item definitions as code artifacts
  • Track changes through commits, branches, and pull requests
  • Support collaborative and auditable development

This capability is often referred to as Git integration for Fabric workspaces.

Supported Source Control Platform

Microsoft Fabric supports:

  • Azure DevOps (ADO) Git repositories

Key points:

  • GitHub support is limited or evolving (exam questions typically reference Azure DevOps)
  • Repositories must already exist
  • Authentication is handled via Microsoft Entra ID

Exam note: Expect Azure DevOps to be the default answer unless stated otherwise.

What Items Can Be Version Controlled?

Common Fabric items that support version control include:

  • Semantic models
  • Reports
  • Lakehouses
  • Warehouses
  • Notebooks
  • Data pipelines
  • Dataflows Gen2

Items are serialized into files and folders in the Git repo, allowing:

  • Diffing
  • History tracking
  • Rollbacks

How to Configure Version Control for a Workspace

At a high level, the process is:

  1. Open the Fabric workspace settings
  2. Enable Git integration
  3. Select:
    • Azure DevOps organization
    • Project
    • Repository
    • Branch
  4. Choose a workspace folder structure
  5. Initialize synchronization

Once configured:

  • Workspace changes can be committed to Git
  • Repo changes can be synced back into the workspace

How Changes Flow Between Workspace and Git

From Workspace to Git

  • Users make changes in Fabric (e.g., update a report)
  • Changes are committed to the connected branch
  • Commit history tracks who changed what and when

From Git to Workspace

  • Changes merged into the branch can be pulled into Fabric
  • Enables controlled deployment across environments

Important exam concept:
Synchronization is not automatic—users must explicitly commit and sync.

Branching and Environment Strategy

A common lifecycle pattern:

  • Development workspace → linked to a dev branch
  • Test workspace → linked to a test branch
  • Production workspace → linked to a main branch

This supports:

  • Code reviews
  • Pull requests
  • Controlled promotion of changes

Permissions and Governance Considerations

To configure and use version control:

  • Users need sufficient workspace permissions (typically Admin or Member)
  • Users also need Git repository access
  • Git permissions are managed outside Fabric

Version control complements—but does not replace:

  • Workspace-level access controls
  • Item-level permissions
  • Endorsements and sensitivity labels

Benefits of Version Control in Fabric

Version control enables:

  • Collaboration among multiple developers
  • Change traceability and auditability
  • Rollback of problematic changes
  • CI/CD-style deployment patterns
  • Alignment with enterprise DevOps practices

These benefits are a frequent theme in DP-600 scenario questions.

Common Exam Scenarios

You may be asked to:

  • Identify when Git integration is appropriate
  • Choose the correct platform for source control
  • Understand how changes move between Git and Fabric
  • Design a dev/test/prod workspace strategy
  • Troubleshoot why changes are not reflected (sync not performed)

Example:

Multiple developers need to work on the same semantic model with change tracking.
Correct concept: Configure workspace version control with Git.

Key Exam Takeaways

  • Fabric supports Git-based version control at the workspace level
  • Azure DevOps is the primary supported platform
  • Changes require explicit commit and sync
  • Version control supports structured development and deployment
  • It is a core part of the analytics development lifecycle

Exam Tips

  • If a question mentions tracking changes, collaboration, rollback, or DevOps practices, think workspace version control with Git.
  • If it mentions moving changes between environments, think branches and multiple workspaces.
  • Know who can configure it → Workspace Admins
  • Understand Git integration flow
  • Expect scenario questions comparing:
    • Git vs deployment pipelines
    • Collaboration vs governance
  • Remember:
    • JSON-based artifacts
    • Not all items are supported
    • No automatic commits

Practice Questions

Question 1 (Single choice)

What is the PRIMARY purpose of configuring version control for a Fabric workspace?

A. Improve query execution performance
B. Enable collaboration, change tracking, and rollback
C. Enforce row-level security
D. Automatically deploy content to production

Correct Answer: B

Explanation:
Version control enables source control integration, allowing teams to track changes, collaborate safely, and roll back when needed.

Question 2 (Multi-select)

Which version control systems can be integrated with Microsoft Fabric workspaces? (Select all that apply.)

A. Azure DevOps Git repositories
B. GitHub repositories
C. OneDrive for Business
D. SharePoint document libraries

Correct Answers: A, B

Explanation:
Fabric supports Git integration using Azure DevOps and GitHub. OneDrive and SharePoint are not supported for workspace version control.

Question 3 (Scenario-based)

A team wants to manage Power BI reports, semantic models, and dataflows using pull requests and branching. What should they configure?

A. Deployment pipelines
B. Sensitivity labels
C. Workspace version control with Git
D. Incremental refresh

Correct Answer: C

Explanation:
Git-based workspace version control enables branching, pull requests, and code reviews.

Question 4 (Single choice)

Which workspace role is REQUIRED to configure version control for a workspace?

A. Viewer
B. Contributor
C. Member
D. Admin

Correct Answer: D

Explanation:
Only workspace Admins can connect a workspace to a Git repository.

Question 5 (Scenario-based)

After connecting a workspace to a Git repository, where are Fabric items stored?

A. As binary files
B. As JSON-based artifact definitions
C. As SQL scripts
D. As Excel files

Correct Answer: B

Explanation:
Fabric artifacts are stored as JSON files, making them suitable for source control and comparison.

Question 6 (Multi-select)

Which items can be included in workspace version control? (Select all that apply.)

A. Reports
B. Semantic models
C. Dataflows Gen2
D. Dashboards

Correct Answers: A, B, C

Explanation:
Reports, semantic models, and dataflows are supported. Dashboards are typically excluded from version control scenarios.

Question 7 (Scenario-based)

A developer modifies a semantic model directly in the Fabric workspace while Git integration is enabled. What happens NEXT?

A. The change is automatically committed
B. The change is rejected
C. The workspace shows uncommitted changes
D. The change is immediately deployed to production

Correct Answer: C

Explanation:
Changes made in the workspace appear as pending/uncommitted changes until explicitly committed to the repository.

Question 8 (Single choice)

What is the relationship between workspace version control and deployment pipelines?

A. They are the same feature
B. Version control replaces deployment pipelines
C. They complement each other
D. Deployment pipelines require version control

Correct Answer: C

Explanation:
Version control handles source management, while deployment pipelines manage promotion across environments.

Question 9 (Scenario-based)

Your organization wants to prevent accidental overwrites when multiple developers edit the same item. Which feature BEST helps?

A. Row-level security
B. Sensitivity labels
C. Git branching and pull requests
D. Incremental refresh

Correct Answer: C

Explanation:
Git workflows enable controlled collaboration through branches, reviews, and merges.

Question 10 (Fill in the blank)

When version control is enabled, Fabric workspace changes must be ________ to the repository and ________ to update the workspace from Git.

Correct Answer:
Committed, synced (or pulled)

Explanation:
Changes flow both ways:

  • Commit workspace → Git
  • Sync Git → workspace
Analytics, Business Intelligence, Business Intelligence (BI) Development, Business Intelligence Platform, Data Strategy, DP-600, Microsoft Certification, Microsoft Fabric

Create and manage a Power BI Desktop project (.pbip) in Microsoft Fabric

 
This post is a part of the DP-600: Implementing Analytics Solutions Using Microsoft Fabric Exam Prep Hub; and this topic falls under these sections: 
Maintain a data analytics solution 
    --> Maintain the analytics development lifecycle 
        --> Create and manage a Power BI Desktop project (.pbip)

The Power BI Desktop project format (.pbip) is a modern, folder-based representation of a Power BI solution that enables source control, collaboration, and professional development lifecycle management. It replaces the traditional single-file .pbix model when teams adopt Git-based workflows.

For the DP-600 exam, you should understand what a PBIP is, how it is structured, how it integrates with version control, and when to use it.

What Is a Power BI Desktop Project (.pbip)?

A .pbip file is a project descriptor that points to a folder containing the full definition of a Power BI solution, including:

  • Semantic model metadata
  • Report layout and visuals
  • Connections and expressions

Unlike .pbix, a .pbip:

  • Is human-readable
  • Can be diffed and versioned
  • Works naturally with Git repositories

Key Benefits of Using PBIP

Using PBIP enables:

  • Source control integration
  • Multi-developer collaboration
  • Clear separation of model and report artifacts
  • Improved CI/CD and ALM practices
  • Easier change tracking and rollback

These benefits align directly with the analytics development lifecycle tested in DP-600.

PBIP Folder Structure (High Level)

A PBIP project typically includes:

  • A .pbip file (entry point for Power BI Desktop)
  • A SemanticModel folder
  • A Report folder

Each folder contains JSON-based definitions of:

  • Tables, relationships, measures
  • Visuals and report pages
  • Model properties and settings

Exam insight:
The semantic model and report can be versioned independently.

Creating a PBIP Project

Option 1: Create a New PBIP

  1. Open Power BI Desktop
  2. Create or open a report
  3. Save the project using Power BI Project (.pbip) format

Option 2: Convert an Existing PBIX

  • Open the .pbix file
  • Save As → Power BI Project (.pbip)

This converts the monolithic file into a folder-based project.

Managing PBIP Projects

Working with Source Control

  • Store PBIP projects in Azure DevOps Git repositories
  • Commit changes to track history
  • Use branches and pull requests for collaboration

Multi-Developer Scenarios

  • One developer can work on the semantic model
  • Another can work on report visuals
  • Changes can be merged safely using Git

Publishing to Fabric

  • Open the .pbip file in Power BI Desktop
  • Publish to a Fabric workspace
  • Workspace Git integration can align with the same repo

PBIP and Microsoft Fabric

PBIP works naturally with Fabric development practices:

  • Supports workspace Git integration
  • Aligns with dev/test/prod workspace patterns
  • Enables repeatable deployments
  • Complements Fabric items like Lakehouses and Warehouses

For DP-600, PBIP is often referenced as the recommended format for professional analytics development.

PBIP vs PBIX (Exam Comparison)

FeaturePBIXPBIP
File structureSingle binary fileFolder-based
Source control friendlyNoYes
Multi-developer supportLimitedStrong
CI/CD readinessLowHigh
Recommended for teamsNoYes

Common Exam Scenarios

You may be asked:

  • When to choose PBIP over PBIX
  • How PBIP supports Git and DevOps practices
  • How multiple developers collaborate on the same report
  • Why changes are easier to track with PBIP
  • How PBIP fits into Fabric workspace version control

Example:

A team wants to track changes to a semantic model using Git.
Correct answer: Use a PBIP project.

Best Practices to Remember

  • Use PBIP for team-based or enterprise solutions
  • Store PBIP projects in Git repositories
  • Pair PBIP with:
    • Workspace version control
    • Branching strategies
    • Separate dev/test/prod workspaces
  • Avoid PBIP for quick, ad-hoc analysis

Key Exam Takeaways

  • PBIP is a folder-based Power BI project format
  • Designed for source control and collaboration
  • Enables independent versioning of model and report
  • Strongly aligned with Fabric lifecycle management
  • Frequently tested in DP-600 ALM scenarios

Exam Tips

  • If a question mentions Git, collaboration, CI/CD, or multi-developer Power BI development, the correct concept is almost always Power BI Desktop projects (.pbip).
  • Expect comparison questions: .pbix vs .pbip
  • Know why .pbip exists → DevOps & collaboration
  • Understand:
    • Git-friendly file structure
    • No credentials stored
    • Works with Fabric workspace version control
  • Common scenario themes:
    • Multi-developer teams
    • CI/CD pipelines
    • Enterprise governance

Practice Questions

Question 1 (Single choice)

What is the PRIMARY purpose of using a Power BI Desktop project (.pbip) instead of a traditional .pbix file?

A. Improve report rendering performance
B. Enable better source control and collaboration
C. Reduce dataset refresh time
D. Support Direct Lake connectivity

Correct Answer: B

Explanation:
.pbip projects store report and model artifacts as multiple text-based files, making them suitable for Git version control, diffing, and team collaboration.

Question 2 (Multi-select)

Which components are stored separately when using a .pbip project? (Select all that apply.)

A. Report definition
B. Semantic model metadata
C. Data source credentials
D. Visual layout configuration

Correct Answers: A, B, D

Explanation:
.pbip breaks artifacts into JSON/text-based files for reports, models, and visuals. Credentials are not stored for security reasons.

Question 3 (Scenario-based)

A team wants multiple developers to work on the same Power BI solution using Git branches and pull requests. Which format should they use?

A. .pbix
B. .pbip
C. .pbit
D. .rdl

Correct Answer: B

Explanation:
.pbip is designed specifically for collaborative, Git-based workflows.

Question 4 (Single choice)

How do you create a Power BI Desktop project?

A. Save a report as .pbip from Power BI Service
B. Enable a setting and save from Power BI Desktop
C. Convert a .pbix automatically in Fabric
D. Import from Azure DevOps

Correct Answer: B

Explanation:
You enable Power BI Desktop Project support in Preview features, then save the report as a .pbip from Power BI Desktop.

Question 5 (Scenario-based)

After saving a report as .pbip, you notice dozens of files and folders. What is the BEST explanation?

A. The report was corrupted
B. Each artifact is stored as a separate definition
C. Temporary cache files were created
D. Power BI duplicated the dataset

Correct Answer: B

Explanation:
.pbip stores each logical artifact separately, enabling granular change tracking in source control.

Question 6 (Multi-select)

Which benefits does .pbip provide compared to .pbix? (Select all that apply.)

A. Meaningful Git diffs
B. Merge conflict resolution
C. Built-in deployment pipelines
D. Support for CI/CD workflows

Correct Answers: A, B, D

Explanation:
.pbip enables DevOps workflows, but deployment pipelines are a separate Fabric feature.

Question 7 (Scenario-based)

A developer modifies a DAX measure in a .pbip project. What happens in source control?

A. The entire report file changes
B. Only the affected model definition file changes
C. The change is ignored
D. The report must be re-imported

Correct Answer: B

Explanation:
Only the specific model file reflecting the DAX change is updated, enabling clean diffs.

Question 8 (Single choice)

Which file format is BETTER suited for enterprise development with Fabric Git integration?

A. .pbix
B. .pbip
C. .xlsx
D. .json

Correct Answer: B

Explanation:
.pbip aligns with Fabric workspace Git integration and enterprise development standards.

Question 9 (Scenario-based)

Your team wants to use .pbip but also publish reports to Fabric workspaces. What limitation should you consider?

A. .pbip reports cannot be published
B. Only Admins can publish .pbip
C. Local development requires Power BI Desktop
D. .pbip does not support semantic models

Correct Answer: C

Explanation:
.pbip is a Power BI Desktop development format; publishing still requires Desktop or pipeline automation.

Question 10 (Fill in the blank)

A .pbip project improves collaboration by storing Power BI artifacts as ________ files that work well with ________ systems.

Correct Answer:
Text-based (or JSON-based), source control (or Git)

Explanation:
Text-based files enable version tracking, branching, and code reviews.

BI Administration, Business Intelligence, Business Intelligence (BI) Development, Business Intelligence Platform, Data Development, Data Governance, Data Integration, Data Integration (ETL), Data Modeling, Data Strategy, Data Warehousing, DP-600, Microsoft Certification, Microsoft Fabric, Performance Tuning, Power BI, Power Query

Create and configure deployment pipelines

 
This post is a part of the DP-600: Implementing Analytics Solutions Using Microsoft Fabric Exam Prep Hub; and this topic falls under these sections: 
Maintain a data analytics solution 
    --> Maintain the analytics development lifecycle
        --> Create and configure deployment pipelines

Development pipelines in Microsoft Fabric provide a structured, governed way to promote analytics content across environments—typically Development, Test, and Production. They are a core lifecycle management feature that helps teams deploy changes safely, consistently, and with minimal risk. For the DP-600 exam, you should understand what development pipelines are, how they are configured, what they support, and how they differ from Git-based version control.

What Are Development Pipelines?

A development pipeline is a Fabric feature that:

  • Connects multiple workspaces into an ordered promotion flow
  • Enables controlled deployment of items between environments
  • Supports validation and testing before production release

Pipelines are especially important for enterprise-scale analytics solutions.

Typical Pipeline Structure

A standard Fabric pipeline consists of three stages:

  1. Development
    • Active development
    • Frequent changes
    • Used by engineers and analysts
  2. Test
    • Validation and user acceptance testing
    • Data and logic verification
    • Limited access
  3. Production
    • Certified, trusted content
    • Broad consumer access
    • Minimal direct changes

Each stage is linked to a separate Fabric workspace.

Creating a Development Pipeline

At a high level, the process is:

  1. Create a deployment pipeline in Microsoft Fabric
  2. Assign a workspace to each stage:
    • Dev workspace
    • Test workspace
    • Prod workspace
  3. Configure pipeline settings
  4. Control who can deploy between stages

Once created, the pipeline provides a visual interface showing item differences across stages.

What Items Can Be Deployed Through Pipelines?

Development pipelines support deployment of many Fabric items, including:

  • Semantic models
  • Reports and dashboards
  • Dataflows Gen2
  • Lakehouses and Warehouses (supported scenarios)
  • Other supported analytics artifacts

Exam note:
Not every Fabric item supports pipeline deployment equally—expect questions to focus on Power BI and core analytics items.

How Deployment Works

Comparing Changes

  • Pipelines show differences between stages
  • You can review what will change before deploying

Deploying Content

  • Deploy from Dev → Test
  • Validate
  • Deploy from Test → Prod

Deployments:

  • Copy item definitions
  • Can update existing items or create new ones
  • Do not automatically move workspace permissions

Deployment Rules and Parameters

Pipelines support deployment rules, such as:

  • Changing data source connections per environment
  • Switching parameters between Dev, Test, and Prod
  • Avoiding hard-coded environment values

This is critical for:

  • Separating development and production data
  • Supporting safe testing

Pipelines vs Git Integration (Exam Comparison)

This distinction is frequently tested.

FeatureDevelopment PipelinesGit Integration
PurposeEnvironment promotionSource control
FocusDeploymentVersioning
Tracks historyNoYes
Supports branchingNoYes
Typical useDev → Test → ProdCode collaboration

Key insight:
They are complementary, not competing features.

Permissions and Governance

To use pipelines:

  • Users need appropriate pipeline permissions
  • Workspace access is still required
  • Production deployments are often restricted to a small group

Pipelines support governance by:

  • Reducing direct changes in production
  • Enforcing controlled release processes
  • Improving auditability

Common Exam Scenarios

You may be asked to:

  • Choose pipelines for controlled promotion of reports
  • Identify when pipelines are preferable to manual publishing
  • Combine pipelines with Git and PBIP
  • Configure different data sources per environment
  • Prevent accidental production changes

Example:

A report must be tested before being released to executives.
Correct concept: Use a development pipeline with Dev, Test, and Prod stages.

Best Practices to Remember

  • Use separate workspaces per environment
  • Restrict production deployment permissions
  • Combine pipelines with:
    • PBIP projects
    • Git integration
    • Endorsements and certification
  • Avoid direct editing in production

Key Exam Takeaways

  • Development pipelines manage content promotion across environments
  • They connect multiple Fabric workspaces
  • Pipelines support comparison, validation, and controlled deployment
  • They do not replace Git-based version control
  • A core feature of the Fabric analytics lifecycle

Exam Tips

  • If a question focuses on moving content safely from development to production, the correct answer is development pipelines.
  • If it focuses on tracking changes or collaboration, the answer is Git or PBIP.
  • Know how pipelines support:
    • Dev/Test/Prod lifecycle
    • Governance & change control
    • Environment-specific configuration
    • Enterprise-scale BI practices
  • Common exam traps:
    • Confusing workspace roles with deploy permissions
    • Assuming pipelines manage security or performance
    • Forgetting deployment rules

Practice Questions

Question 1 (Single choice)

What is the PRIMARY purpose of a deployment pipeline in Microsoft Fabric?

A. Schedule dataset refreshes
B. Promote content across lifecycle environments
C. Enable row-level security
D. Optimize DAX performance

Correct Answer: B

Explanation:
Deployment pipelines are designed to promote content across environments (for example, Development → Test → Production) in a controlled and governed manner.

  • ❌ A: Refresh scheduling is handled separately
  • ❌ C: Security is not the primary purpose
  • ❌ D: Performance tuning is unrelated

Question 2 (Multi-select)

Which stages are available by default in a Fabric deployment pipeline? (Select all that apply.)

A. Development
B. Test
C. Production
D. Sandbox

Correct Answers: A, B, C

Explanation:
Fabric deployment pipelines use a three-stage lifecycle:

  • Development
  • Test
  • Production

There is no default Sandbox stage.

Question 3 (Scenario-based)

A team wants analysts to freely modify reports, while only approved changes reach production. Which pipeline stage should analysts primarily work in?

A. Production
B. Test
C. Development
D. Any stage

Correct Answer: C

Explanation:
The Development stage is intended for:

  • Frequent changes
  • Experimentation
  • Initial validation

Higher stages are more controlled.

Question 4 (Single choice)

Which permission is required to deploy content from one stage to the next in a deployment pipeline?

A. Viewer
B. Contributor
C. Admin
D. Pipeline deploy permission

Correct Answer: D

Explanation:
Deploying content requires explicit pipeline deployment permissions, not just workspace roles.

  • ❌ Admin alone is not sufficient
  • ❌ Contributor may edit but not deploy

Question 5 (Scenario-based)

You deploy a semantic model from Test to Production. What happens to data source connections by default?

A. They are deleted
B. They remain unchanged
C. They can be overridden per stage
D. They must be manually reconfigured

Correct Answer: C

Explanation:
Deployment pipelines support parameter and data source rules, allowing environment-specific connections.

Question 6 (Multi-select)

Which items can be deployed using deployment pipelines? (Select all that apply.)

A. Reports
B. Semantic models
C. Dashboards
D. Notebooks

Correct Answers: A, B, C

Explanation:
Deployment pipelines support Power BI artifacts, including:

  • Reports
  • Semantic models
  • Dashboards

❌ Notebooks are Fabric artifacts but are not deployed via Power BI deployment pipelines.

Question 7 (Scenario-based)

A deployment shows warnings that some items are skipped. What is the MOST likely cause?

A. The workspace is full
B. Unsupported artifacts exist
C. The dataset is too large
D. Git integration is disabled

Correct Answer: B

Explanation:
Unsupported or incompatible artifacts (for example, unsupported report types) may be skipped during deployment.

Question 8 (Single choice)

Which feature allows different environments to use different data sources during deployment?

A. Row-level security
B. Dynamic format strings
C. Deployment rules
D. Incremental refresh

Correct Answer: C

Explanation:
Deployment rules allow:

  • Data source switching
  • Parameter overrides
  • Environment-specific configuration

Question 9 (Scenario-based)

You want production users to access only certified content. How do deployment pipelines help?

A. By enforcing sensitivity labels
B. By promoting tested content only
C. By encrypting production reports
D. By disabling edit access

Correct Answer: B

Explanation:
Deployment pipelines ensure:

  • Content is validated in Test
  • Only approved changes reach Production

They support trust and governance, not encryption or labeling.

Question 10 (Multi-select)

Which best practices apply when configuring deployment pipelines? (Select all that apply.)

A. Restrict deploy permissions
B. Use separate data sources per stage
C. Allow all users to deploy to Production
D. Validate content in Test before Production

Correct Answers: A, B, D

Explanation:
Best practices include:

  • Limited deploy access
  • Environment-specific configurations
  • Mandatory testing before production

❌ Allowing everyone to deploy defeats governance.

Analytics, BI Administration, Business Intelligence, Business Intelligence (BI) Development, Business Intelligence Platform, Data Analysis, Data Cleaning, Data Development, Data Governance, Data Integration, Data Integration (ETL), Data Modeling, Data Quality Assurance, Data Strategy, Data Warehousing, DP-600, Microsoft Certification, Microsoft Fabric, Microsoft OneLake

Perform impact analysis of downstream dependencies from lakehouses, data warehouses, dataflows, and semantic models in Microsoft Fabric

 
This post is a part of the DP-600: Implementing Analytics Solutions Using Microsoft Fabric Exam Prep Hub; and this topic falls under these sections: 
Maintain a data analytics solution 
    --> Maintain the analytics development lifecycle 
        --> Perform impact analysis of downstream dependencies from lakehouses, 
            data warehouses, dataflows, and semantic models

Impact analysis in Microsoft Fabric helps analytics engineers understand how changes to upstream data assets affect downstream items such as datasets, reports, dashboards, notebooks, and pipelines. It is a critical lifecycle practice that reduces the risk of breaking analytics solutions when making schema, logic, or data changes.

For the DP-600 exam, you should understand what impact analysis is, which Fabric tools support it, what dependencies are tracked, and how to use it in real-world lifecycle scenarios.

What Is Impact Analysis?

Impact analysis answers the question:

“If I change or delete this item, what else will be affected?”

It allows you to:

  • Identify downstream dependencies
  • Assess risk before making changes
  • Communicate potential impacts to stakeholders
  • Support safe development and deployment practices

Impact analysis is observational and informational—it does not enforce controls.

Where Impact Analysis Is Used in Fabric

Impact analysis applies across many Fabric items, including:

  • Lakehouses
  • Data Warehouses
  • Dataflows Gen2
  • Semantic models
  • Reports and dashboards
  • Notebooks and pipelines

These items form a connected analytics graph, which Fabric can visualize.

Lineage View: The Core Tool for Impact Analysis

The primary tool for impact analysis in Fabric is Lineage View.

What Lineage View Shows

  • Upstream data sources
  • Transformations and processing steps
  • Downstream consumers
  • Relationships between items

Lineage view provides a visual map of dependencies across workloads.

Impact Analysis by Asset Type

Lakehouses

Changing a Lakehouse can impact:

  • Notebooks reading tables
  • Semantic models using Direct Lake
  • Dataflows writing or reading data
  • Reports built on dependent models

Common risk: Dropping or renaming a column.

Data Warehouses

Warehouse changes may affect:

  • Views and SQL queries
  • Semantic models using DirectQuery
  • Reports and dashboards
  • External tools

Exam insight: Schema changes are a common source of downstream failures.

Dataflows Gen2

Dataflows often sit between raw data and analytics.

Changes can impact:

  • Lakehouses or Warehouses they load into
  • Semantic models consuming curated tables
  • Pipelines orchestrating refreshes

Semantic Models

Semantic models are among the most sensitive assets.

Changes may affect:

  • Reports and dashboards
  • Excel workbooks
  • Composite models
  • End-user self-service analytics

Exam note: Removing measures or renaming fields is high risk.

How to Perform Impact Analysis (High Level)

  1. Select the item (Lakehouse, Warehouse, Dataflow, or Semantic Model)
  2. Open Lineage view
  3. Review downstream dependencies
  4. Identify:
    • Reports
    • Datasets
    • Pipelines
    • Other dependent items
  5. Communicate or mitigate risk before making changes

Impact Analysis in the Development Lifecycle

Impact analysis is typically performed:

  • Before deploying changes
  • Before modifying schemas
  • Before deleting items
  • During troubleshooting

It supports:

  • Safe Git commits
  • Controlled pipeline deployments
  • Production stability

Common Exam Scenarios

You may see questions such as:

  • A column change breaks multiple reports → impact analysis was skipped
  • An engineer needs to know which reports use a dataset → lineage view
  • A Lakehouse schema update affects downstream models → review dependencies
  • A dataset should not be modified due to executive reports → high downstream impact

Example:

Before removing a table from a semantic model, what should you do?
Correct concept: Perform impact analysis using lineage view.

Impact Analysis vs Deployment Pipelines

These concepts are related but distinct.

FeatureImpact AnalysisDeployment Pipelines
PurposeRisk assessmentControlled promotion
EnforcedNoYes
TimingBefore changesDuring deployment
ToolLineage viewPipeline UI

Best Practices to Remember

  • Always check lineage before schema changes
  • Pay extra attention to semantic models and certified items
  • Communicate impacts to report owners
  • Pair impact analysis with:
    • Version control
    • Development pipelines
    • Endorsements and certification

Key Exam Takeaways

  • Impact analysis identifies downstream dependencies
  • Lineage view is the primary tool in Fabric
  • Applies to Lakehouses, Warehouses, Dataflows, and Semantic Models
  • Supports safe lifecycle and governance practices
  • A common scenario-based exam topic

Final Exam Tip

  • If a question asks what will break if I change this, the answer is impact analysis via lineage view.
  • If it asks how to safely move changes, the answer is pipelines or Git.
  • Expect questions that test:
    • When to perform impact analysis
    • Which items are affected by changes
    • Operational decision-making before deployments
  • Common traps:
    • Confusing impact analysis with lineage documentation
    • Assuming Fabric blocks breaking changes automatically
    • Forgetting semantic models are often the most impacted layer

Practice Questions

Question 1 (Single choice)

What is the PRIMARY purpose of impact analysis in Microsoft Fabric?

A. Improve query performance
B. Identify downstream objects affected by a change
C. Enforce data security policies
D. Reduce data refresh frequency

Correct Answer: B

Explanation:
Impact analysis helps you understand what items depend on a given artifact, so you can assess the risk of changes.

  • ❌ A: Performance tuning is separate
  • ❌ C: Security is not the focus
  • ❌ D: Refresh tuning is unrelated

Question 2 (Multi-select)

Which Fabric items can be analyzed for downstream dependencies? (Select all that apply.)

A. Lakehouses
B. Data warehouses
C. Dataflows
D. Semantic models

Correct Answers: A, B, C, D

Explanation:
Microsoft Fabric supports dependency tracking across all major analytical artifacts, enabling end-to-end lineage visibility.

Question 3 (Scenario-based)

You plan to rename a column in a lakehouse table. Which Fabric feature should you use FIRST?

A. Version control
B. Deployment pipeline
C. Impact analysis
D. Incremental refresh

Correct Answer: C

Explanation:
Renaming a column may break:

  • Semantic models
  • SQL queries
  • Reports

Impact analysis identifies what will be affected before the change.

Question 4 (Single choice)

Where do you access impact analysis for an item in Fabric?

A. Power BI Desktop
B. Microsoft Purview portal
C. Item settings in the Fabric workspace
D. Azure DevOps

Correct Answer: C

Explanation:
Impact analysis is accessible directly from the item context or settings within a Fabric workspace.

  • ❌ Purview focuses on governance/catalog
  • ❌ DevOps is not used for lineage

Question 5 (Scenario-based)

A dataflow loads data into a lakehouse that feeds multiple semantic models. What does impact analysis show?

A. Only the lakehouse
B. Only the semantic models
C. All downstream dependencies
D. Only refresh schedules

Correct Answer: C

Explanation:
Impact analysis provides a full dependency graph, showing all downstream items affected by changes.

Question 6 (Multi-select)

Which changes typically REQUIRE impact analysis before execution? (Select all that apply.)

A. Dropping columns
B. Renaming tables
C. Changing data types
D. Adding a new report page

Correct Answers: A, B, C

Explanation:
Structural changes can break dependencies. Adding a report page does not affect downstream items.

Question 7 (Scenario-based)

A semantic model is used by several reports and dashboards. What happens if you delete the model without impact analysis?

A. Nothing; reports are cached
B. Reports automatically reconnect
C. Reports and dashboards break
D. Fabric blocks the deletion

Correct Answer: C

Explanation:
Deleting a semantic model removes the data source for:

  • Reports
  • Dashboards

Impact analysis helps prevent such disruptions.

Question 8 (Single choice)

Which view best represents impact analysis results?

A. Tabular grid
B. SQL execution plan
C. Dependency graph
D. DAX query view

Correct Answer: C

Explanation:
Impact analysis is presented as a visual dependency graph, showing upstream and downstream relationships.

Question 9 (Scenario-based)

Which role MOST benefits from performing impact analysis regularly?

A. Report consumers
B. Workspace admins and data engineers
C. End-user analysts
D. External auditors

Correct Answer: B

Explanation:
Admins and engineers are responsible for:

  • Schema changes
  • Deployments
  • Stability

Impact analysis supports safe operational changes.

Question 10 (Multi-select)

Which best practices apply when using impact analysis? (Select all that apply.)

A. Perform before structural changes
B. Use in conjunction with deployment pipelines
C. Skip for minor schema updates
D. Communicate findings to stakeholders

Correct Answers: A, B, D

Explanation:
Impact analysis should:

  • Precede schema changes
  • Inform deployment decisions
  • Be communicated to stakeholders

❌ “Minor” changes can still break dependencies.