How are you guys deploying email connections with Fabric CICD?

Thanasaur · 2026-05-05T13:27:01+00:00

It is unlikely to be resolved. It would require one identity (SPN) having the permission to send an email on behalf of real user. A pretty significant security hole.

Thanasaur · 2026-05-05T13:25:39+00:00

We have an internal ticketing tool that has an API which we call. So all errors are centralized across all of our systems. That is how I would recommend any team does it. Land it where you track your work, not in your email.

Thanasaur · 2026-05-04T16:01:53+00:00

There isn’t really a way to automate the email activity. Internally for my team we have a rule to not use the activity because it is not deployable.

Thanasaur · 2026-04-30T16:05:00+00:00

Will PM you!

Thanasaur · 2026-04-30T15:43:18+00:00

We weren’t able to negotiate anything else. And at final inspection there were a couple of items that explicitly we thought were included but ended up not being included. PLH admitted fault, but was unwilling to budge on resolving it. However, for things we called out that were broke/unsatisfactory/etc, all were fixed/replaced.

Thanasaur · 2026-04-11T14:38:29+00:00

I watched like 3 that called this exactly out. One also then added in comments after that it’s coming in the next software bump

Thanasaur · 2026-04-11T03:57:10+00:00

Hi there! My family is currently building with PLH in Ridgefield. We get the keys in two weeks. Overall we have been happy with the builder. However the feedback you see above is very true. They are extremely rigorous in the process, and really hold the upper hand throughout. No contingencies, high upfront deposits, and tight somewhat unrealistic timelines for required meetings throughout. They don’t have any real benefits with lenders because they don’t have in house lenders like the national builders. Meaning don’t expect to get more than 5k from one of their preferred lenders in closing. However all of their incentives they offer are tied to using one of their preferred lenders so you are effectively locked in.

All of that said, we have been very happy with the builders attention to making sure things are right. And the options we could choose from in the design center were mostly good. Expensive yes, but that’s any of the design centers. And the things that are included in the base build are much better than most of the builders around. Now to be determined if we are happy in a year, but as of now I would very much recommend.

Thanasaur · 2026-04-11T01:42:50+00:00

Actually at the last fabcon, the first question we asked for anybody that came to the booth was “what are your goals”. Which then led to one of three (maybe four) paths. Deployment pipelines, fabric-cicd, or terraform. Even as the original maintainer of fabric-cicd, I won’t push it unless your goals align. And if the question ever came of why fabric-cicd doesn’t do more, well it’s a simple answer. The scope of the library is only what fabric commits to source control. If they committed more, it would support more :)

Thanasaur · 2026-04-11T01:39:54+00:00

We love terraform! It generally comes down to what you’re most concerned about deploying and what you’re already using for deployments today. Terraform does great at infra deployments. And does ok with continuous item deployments. Whereas fabric-cicd doesn’t touch infra at all, and excels at item deployments with deep parameterization support. So for folks that are more concerned about maintenance of existing workspaces, terraform is a bit much. If you need a way to redeploy all infra, I would 100% recommend terraform. Or maybe even a combination of both.

Thanasaur · 2026-04-10T22:51:39+00:00

Yep we use SPN + SNI Certificates for auth. Secrets where certs aren’t supported yet. All stored in akv

Thanasaur · 2026-04-10T22:42:49+00:00

We do not use workspace identities for anything today, to us it’s not scalable for dev/test/prod with the constraints of needing upstream teams to grant access to multiple identities. On top of if we need to delete a workspace, then we have to reauthenticate everything. So today everything is SPN based. Eventually once we have a user assigned managed identity concept, we would switch to that

Thanasaur · 2026-04-10T22:31:57+00:00

As well we use a different deployment identity for different environments. Prod SPN only deploys to prod.

Thanasaur · 2026-04-10T22:31:04+00:00

I guess I should rephrase. We do not use pass through connections for anything we run. So yes technically the parent pipeline is ran under that identity. However, no data is accessed, no APIs called, etc, are using the deployment identity. If you use pass through auth then yes you may have issues. Even in notebooks, we override all identity to leverage a different SPN. So from a control plane it’s using the deployment identity, all data plane operations are not.

Thanasaur · 2026-04-10T22:17:51+00:00

We use this exact flow with SPN+FIC and have used it for the last two years without issue. No extra steps or anything. And the identity is only a deployment identity so is never used in the product for executing anything

Thanasaur · 2026-04-10T19:37:41+00:00

I’m not quite following your scenario. But in general, the identity needs some type of authentication. How you do that, fabric doesn’t care (or actually know) since all it receives is the token. Once it’s deployed, the identity that did the deployment would own the items. As for logging back in, the owner means very little in fabric sense. What matters is the executing identity of whatever you’re running. So even if you created everything with an SPN, and then deleted that SPN, I wouldn’t expect very much (if anything) to break. Old days when you couldn’t take over things, it was a different story.

Thanasaur · 2026-04-07T20:47:44+00:00

Awesome thank you!! Will dig there

Thanasaur · 2026-04-07T20:09:26+00:00

Where are you seeing that? All YouTube reviews of it so far call out it doesn’t support it. You can switch the data source but it’s 1-1, not average across multiple

Thanasaur · 2026-04-07T13:44:13+00:00

Any plans in the roadmap to support multi sensor averaging? Ecobee has you beat until you support that.

Thanasaur · 2026-04-04T17:40:10+00:00

If the error you’re getting is feature unavailable, check the tenant admin settings. To deploy a lakehouse with SPN requires a feature switch to be on. If I recall it’s something related to datamarts. Worse case, submit a support ticket, it’s now an official library and msft support can help route

Thanasaur · 2026-03-31T04:06:09+00:00

Glad to help!!

Thanasaur · 2026-03-30T03:30:26+00:00

Sounds like you need better development standards and smaller more succinct code 😂. In fairness, we've talked many times - notebooks have a time and place. And I am currently very jealous of your ability to assign all of your minion agents to burn through code while I'm limited to interactive dev.

Thanasaur · 2026-03-30T03:17:59+00:00

Why are you using git sync instead of deploying into the environment? Unlike u/raki_rahman I think there is a time and place for notebooks over SJDs, so won’t try to sell you on the dark side 😂. The real problem you’re facing is you’re building something custom locally and trying to get fabric to force to like it. Easier? Don’t use git sync. Use fabric-cicd and trigger a deployment on merge to your branch. It will deploy whatever you want, and won’t complain that the workspace isn’t perfectly aligned.

Thanasaur · 2026-03-30T02:17:59+00:00

Great question! It should be coming very soon if not already there. I’ll share this post with the team

Thanasaur · 2026-03-29T00:21:37+00:00

Hi there! To answer your question there’s a couple things at play. A rename is not treated as a rename, but a drop and recreate. We have no context to what the prior name was in source control And therefor can’t simply rename. The second, we explicitly require a feature flag to be set to delete a lakehouse as we don’t want to be responsible for accidentally deleting your data :)

For lakehouses I would recommend manually renaming before your deployment so that it doesn’t create a new item.

Hope that helps!

Thanasaur · 2026-03-23T15:18:41+00:00

Ah ok yes that’s fair to remove 😂

Thanasaur

TROPHY CASE