Microsoft shipped associated identities for Fabric items last week. On April 30th, Copilot and AI capabilities expand to every paid Fabric SKU down to F2. Multi-agent orchestration in Copilot Studio just went GA with native Fabric integration. And the March update gave notebooks native Copilot abilities to diagnose execution failures, suggest fixes, and generate code against your Lakehouse schema with full metadata awareness.
That is a lot of new capability hitting a lot of new surfaces in a very short window.
I am telling you this not as a recap. I am telling you this because I work in this ecosystem every day, and I cannot keep up. If I cannot keep up, your teams cannot keep up. And if your teams cannot keep up, you are accumulating governance debt with every update cycle, whether you realize it or not.
Two Clocks
There are two clocks running in every organization adopting AI. The first is the capability clock. That is the industry’s clock, in our case often Microsoft’s clock. It ticks every time a new Copilot surface ships, every time an agent framework goes GA, every time access expands to a lower SKU tier. Microsoft’s capability clock is running extremely fast right now, they are doing all they can to keep up with Anthropic, OpenAI, Google, and others.
The second is the adoption clock. That is your clock. It ticks every time your team actually understands a new capability, configures it properly, assigns the right permissions, and establishes the operational discipline to govern it. Your adoption clock is almost certainly running slower than Microsoft’s capability clock. For most organizations I work with, it is not even close.
The gap between those two clocks is where problems live. Not dramatic, headline-grabbing problems. Quiet ones. An identity misconfiguration that gives a notebook access to a Lakehouse it should not touch. A Copilot-generated transformation that runs against production data without review. A data agent that inherits permissions from a user who left the company six months ago. These are the problems that do not show up until an audit, a breach, or an embarrassing conversation with your CSO.
Notebooks are a Perfect Example
Copilot in Fabric notebooks is genuinely useful. An AI coding assistant that understands your Lakehouse schema, can generate Spark and Python code, suggest ML models, fix errors, and document your work automatically. Data engineers love it. I get why. I’ve been copying and pasting my PyScript to Copilot anyhow, now it already knows my lakehouse.
But think about what that actually means from a governance perspective. This is an AI assistant with metadata awareness of your data estate, generating executable code inside a coding environment that is connected to live data sources. The notebook itself has an identity. That identity determines what data it can reach. And as of last week, Microsoft now lets you associate that identity with a service principal or managed identity instead of tying it to the person who created it.
That is a significant and welcome change. It solves a real problem where items broke when their creator left the organization. But it also means someone has to decide which identity gets associated with which items, who has permission to reassign those identities, and how you audit the chain of access across your Fabric estate. If you want to understand how workspace identities fit into this picture, that is another layer of governance to operationalize.
The capability shipped. The operating model to use it well is a separate project entirely.
What the SKU Expansion Really Means
Here is the update that should get the most executive attention. On April 30th, every paid Fabric SKU from F2 up gets access to Copilot and AI capabilities. That includes Copilot in notebooks, Fabric data agents, AI functions, and more.
Until now, the F64 requirement acted as a natural throttle. Only organizations with significant Fabric investment had access to these AI capabilities. That throttle is about to come off. Smaller teams, smaller budgets, and less mature governance postures will suddenly have the same AI surface area as enterprise customers who have spent months building their governance frameworks.
This is not a criticism of the decision. Broader access is a good thing. But broader access without broader governance readiness is how you end up with ungoverned AI sprawl across your data platform. The executives I talk to are excited about the cost savings. They should be equally focused on the governance implications. If you have not already reviewed your Copilot tenant settings, now is the time. Microsoft notes that enabling Copilot across your entire tenant without adequate planning can lead to higher capacity utilization and other potential risks.
Stop Trying to Keep Up Feature by Feature
Here is my actual advice, and it is the thing I wish more organizations would internalize.
Stop trying to govern AI capabilities one feature at a time. You will lose that race. Microsoft is shipping faster than any governance team can evaluate, configure, and operationalize individual features. That is not a knock on your team. It is just the math of one vendor shipping to millions of tenants while your team governs one.
Instead, get three foundational things right. Everything else becomes more manageable if these are in place.
Identity ownership. Every Fabric item should have a clearly assigned identity, and that identity should not be a person. The new associated identities feature makes this possible. Investigate this feature. Use it. Establish a policy now for how identities get assigned to items, who can reassign them, and how you audit the chain. The API documentation is available for automating this at scale. Do this before April 30th, not after.
Data accountability. Someone in your organization needs to own the question of what data Copilot can see and act on. Not IT alone. Not the data engineering team alone. A cross-functional data council that includes business stakeholders, security, and engineering. If you do not have one, stand one up. If you have one and it has not discussed Copilot access patterns, put it on the next agenda.
Guardrails before rollout. Before you enable Copilot on a new workload or expand access to a new team, have a documented answer to three questions. What data can it reach? Who approved that access? How do you revoke it? If you cannot answer all three, you are not ready to roll out. That is not being cautious. That is being responsible.
The Real Rollout Project
Microsoft is doing its job. The capabilities are real, they are improving, and the pace of delivery is genuinely impressive. The associated identities feature alone solves a problem that has frustrated Fabric administrators for a long time. The notebook Copilot enhancements make data engineering workflows meaningfully faster. The SKU expansion democratizes access in a way that will unlock value for smaller organizations.
None of that matters if your governance cannot absorb it.
The organizations that will get the most value from this wave of AI capability are not the ones who enable everything the fastest. They are the ones who build the governance muscle to enable things confidently. Identity ownership, data accountability, and clear guardrails are not obstacles to AI adoption. They are what make AI adoption sustainable.
Copilot in notebooks are the easy part. Getting your house in order is the real rollout project.
Speak Your Mind