AI Agent Governance: A Major Architectural Challenge
The large-scale deployment of AI agents and skills in Microsoft Fabric raises a fundamental question for cloud engineers and data architects: how does an agent know which data is relevant to answer a given query? Without an explicit guidance mechanism, an agent operates blind — it aggregates heterogeneous sources, mixes incompatible business contexts, and produces inaccurate or even compliance-problematic responses.
This challenge is not purely technical. It touches on data governance, separation of usage contexts, and the organization's ability to project its own classificatory intelligence into its AI systems. The good news: you probably already have the infrastructure needed to address it.
Architectural Context
AI agents in Fabric operate through AI Skills, configurable components that define how the agent interacts with data sources, what reasoning it applies, and what constraints it respects. This is where the integration of sensitivity labels becomes truly meaningful.
Sensitivity Labels: Much More Than a Protection Mechanism
Sensitivity labels are defined centrally in Microsoft Purview and can be applied to all Fabric artifacts: Power BI reports, Semantic Models, Lakehouses, Warehouses, and notebooks. Their traditional role is to classify data and enforce protection policies — encryption, export restrictions, watermarking, etc.
But their architecture also exposes an underexploited dimension: these labels are available via public APIs, which allows automated workflows and AI agents to access them programmatically. This point is central to understanding the pattern described in this article.
Architecture of Sensitivity Labels in Fabric
Here is how the classification system is organized in the Microsoft ecosystem:
- Microsoft Purview Information Protection: central point for defining labels (General, Confidential, Highly Confidential, or custom labels)
- Fabric REST API: exposes classification metadata on each artifact
- Power BI / Fabric SDK: allows programmatic reading and writing of labels
- AI Skills: orchestration layer where label-based rules are applied

API Tip
To retrieve sensitivity label metadata for a Fabric artifact via the REST API, use the endpoint /v1.0/myorg/datasets/{datasetId}/sensitivityLabel for Semantic Models, or the admin API /v1.0/myorg/admin/datasets with the $expand=sensitivityLabel parameter for a global view.
Concrete Use Case: Report Analysis AI Skill
Let's consider a representative scenario from an enterprise environment. An organization deploys an AI Skill in Fabric whose mission is to analyze reports, extract insights, and answer business questions. The data corpus includes:
- Public reports (business performance metrics, operational dashboards) →
Generallabel - Confidential reports (financial forecasts, client negotiations) →
Confidentiallabel - Highly sensitive reports (executive strategy, M&A operations) →
Highly Confidentiallabel
Without integrated governance logic, the skill analyzes all reports indiscriminately. An employee asking the question "What are our Q3 projections?" could receive an answer mixing public and confidential data — which constitutes a real compliance risk.
Defining Processing Rules by Label
The target architecture consists of integrating explicit rules into the skill definition, based on sensitivity labels. Here is a structured representation of this logic:
1{2 "skillName": "ReportAnalysisSkill",3 "labelPolicies": [4 {5 "label": "General",6 "actions": [7 "full_analysis",8 "include_charts",9 "include_summaries",10 "include_datapoints"11 ],12 "restrictions": []13 },14 {15 "label": "Confidential",16 "actions": [17 "summary_only",18 "extract_key_findings"19 ],20 "restrictions": [21 "authorized_users_only",22 "no_detail_exposure",23 "log_access_audit"24 ]25 },26 {27 "label": "Highly Confidential",28 "actions": [29 "high_level_briefing_only"30 ],31 "restrictions": [32 "executives_explicit_clearance",33 "no_detailed_data",34 "track_all_access",35 "track_all_queries"36 ]37 }38 ]39}Important
The labels General, Confidential, and Highly Confidential used in this article are reference examples. Each organization defines its own label taxonomy in Microsoft Purview. Your implementation must imperatively align with your organization's internal nomenclature.
Skill Behavior at Runtime
Here is how the skill behaves contextually depending on the nature of the query and the labels of the artifacts interrogated:
- General query ("What are our sales trends?") → The skill reads only reports labeled
Generaland returns a complete analysis with visualizations and numerical data - Query on budget forecasts → The skill verifies user permissions, accesses
Confidentialreports, and returns only a synthetic summary if the user is authorized - Query on executive strategy → The skill declines the response or escalates to profiles with explicit authorization on
Highly Confidentialcontent
The employee retains access to all reports they are entitled to. What changes is the selection of inputs that the agent uses to construct its response.
Technical Implementation: Integration via the Fabric API
Programmatic retrieval of sensitivity labels to feed the logic of an AI Skill can be done via PowerShell or direct REST calls. Here is an example PowerShell script using the MicrosoftPowerBIMgmt module:
1# Install the module if necessary2# Install-Module -Name MicrosoftPowerBIMgmt -Scope CurrentUser3 4# Authentication5Connect-PowerBIServiceAccount6 7# Retrieve all datasets with their sensitivity labels (admin view)8$datasets = Invoke-PowerBIRestMethod `9 -Url "admin/datasets?\$expand=sensitivityLabel" `10 -Method GET | ConvertFrom-Json11 12# Filter by label to identify Confidential artifacts13$confidentialDatasets = $datasets.value | Where-Object {14 $_.sensitivityLabel.labelId -ne $null -and15 $_.sensitivityLabel.labelName -eq "Confidential"16}17 18# Export the result for audit or ingestion by a skill19$confidentialDatasets | Select-Object id, name, sensitivityLabel | 20 ConvertTo-Json -Depth 3 | 21 Out-File -FilePath ".\confidential_datasets_inventory.json" -Encoding UTF822 23Write-Host "Inventory generated: $($confidentialDatasets.Count) Confidential datasets identified"For more granular integration in a Fabric skill with direct REST call:
1# Retrieve access token via Azure CLI2$token = (az account get-access-token --resource https://analysis.windows.net/powerbi/api | ConvertFrom-Json).accessToken3 4$headers = @{5 "Authorization" = "Bearer $token"6 "Content-Type" = "application/json"7}8 9# API call for a specific report10$reportId = "<your-report-id>"11$response = Invoke-RestMethod `12 -Uri "https://api.powerbi.com/v1.0/myorg/reports/$reportId/sensitivityLabel" `13 -Headers $headers `14 -Method GET15 16$labelName = $response.sensitivityLabel.labelName17Write-Host "Report label: $labelName"18 19# Routing logic based on label20switch ($labelName) {21 "General" { Write-Host "Complete analysis authorized" }22 "Confidential" { Write-Host "Summary only - permission verification required" }23 "Highly Confidential" { Write-Host "Restricted access - executive escalation required" }24 default { Write-Host "Unrecognized label - default processing applied" }25}Security Prerequisites
Calls to Power BI admin APIs require Fabric or Power BI admin rights. For production environments, imperatively use a Service Principal with the minimum required permissions, and never store tokens in plain text in your scripts. Favor Azure Key Vault for secret management.
Why Sensitivity Labels Improve AI Accuracy
A legitimate question arises: if the agent already has access to all authorized data, why worry about what it uses to construct its responses?
The answer is both technical and organizational. Large language models (LLMs) are sensitive to the context injected into their attention window. The broader and more heterogeneous the context, the greater the risk of semantic confusion — a phenomenon known as context pollution. By precisely selecting inputs according to their confidentiality label, you reduce noise and improve topical accuracy of responses.
From an organizational perspective, data classifications reflect accumulated business knowledge: the organization knows which data is generally useful, which is sensitive, and which belongs to specific contexts. Transmitting this classificatory intelligence to your AI agents gives them access to years of codified organizational experience.
| Approach | Without sensitivity labels | With sensitivity labels |
|---|---|---|
| Source Selection | All accessible sources aggregated | Sources filtered by label and context |
| Response Accuracy | Risk of context pollution | Targeted and contextually relevant responses |
| Compliance | Depends only on access rights | Double layer: access + contextual guidance |
| Auditability | Limited | Access logs by sensitivity level |
| Organizational Alignment | Absent | Reflects organization's business taxonomy |
Deployment Guide: Step-by-Step Implementation
Audit and Consolidate Existing Labeling
Before any implementation, conduct a complete inventory of the labeling status of your Fabric artifacts. Use Microsoft Purview activity reports or the Power BI admin API to identify unlabeled artifacts. Labeling consistency is the absolute prerequisite — without reliable signal, the guidance logic is inoperative.
1# Inventory of artifacts without sensitivity label2Connect-PowerBIServiceAccount3 4$allDatasets = Invoke-PowerBIRestMethod `5 -Url "admin/datasets?\$expand=sensitivityLabel" `6 -Method GET | ConvertFrom-Json7 8$unlabeledDatasets = $allDatasets.value | Where-Object {9 $null -eq $_.sensitivityLabel -or $null -eq $_.sensitivityLabel.labelId10}11 12Write-Host "Unlabeled artifacts: $($unlabeledDatasets.Count)"13$unlabeledDatasets | Select-Object id, name | ConvertTo-Json | Out-File ".\unlabeled_inventory.json"Define the Processing Matrix by Label
In collaboration with data governance teams and business owners, formally define how each label should influence the behavior of your AI Skills. Document this matrix and version it — it will be the reference for all your skill implementations.
The matrix must cover: authorized analysis level, output restrictions, audit requirements, and escalation conditions.
Integrate Routing Logic in Your AI Skill
Implement processing rules directly in your AI Skill definition. If you use the Semantic Kernel framework (recommended for advanced Fabric integrations), you can create a dedicated plugin for evaluating labels:
1[KernelFunction("evaluate_sensitivity_label")]2[Description("Evaluates the confidentiality label of an artifact and returns the authorized analysis level")]3public async Task<string> EvaluateSensitivityLabelAsync(4 [Description("ID of the Fabric artifact")] string artifactId,5 [Description("Artifact type: report, dataset, lakehouse")] string artifactType)6{7 var label = await _fabricApiClient.GetSensitivityLabelAsync(artifactId, artifactType);8 9 return label?.LabelName switch10 {11 "General" => "full_analysis",12 "Confidential" => "summary_only",13 "Highly Confidential" => "restricted_executive_only",14 _ => "default_restricted"15 };16}Validate on a Targeted Pilot Scenario
Deploy the logic on a restricted scope — for example, a report analysis skill for a specific business unit. Measure response quality before/after label integration: contextual relevance, absence of data leakage between levels, user satisfaction. Iterate on the processing matrix before extending to other skills.
Enable Continuous Audit and Monitoring
Configure access logs in Microsoft Purview to trace all interactions of your AI agents with Confidential and Highly Confidential data. Set up alerts on abnormal access patterns. Plan quarterly reviews of the processing matrix to align it with changes in your taxonomy.
Reference Resources
To deepen your implementation of this pattern, consult the following official Microsoft resources:
- Information Protection in Microsoft Fabric — Official documentation on data protection architecture in Fabric
- Sensitivity Labels in Fabric — Complete guide on configuring and applying sensitivity labels
- Power BI REST API — SensitivityLabels — API reference for programmatic access to labels
- Microsoft Purview Information Protection — Portal for centralized label definition and management
- Semantic Kernel — Plugin development — Recommended framework for advanced AI agent integration with Fabric
Going Further
This contextual guidance pattern using sensitivity labels complements Row-Level Security (RLS) and Object-Level Security (OLS) mechanisms in Fabric. A robust AI governance architecture combines these three levels: RLS/OLS for data access control, sensitivity labels for contextual agent guidance, and Microsoft Purview for centralized audit and compliance.



