🏗️ Tutorial 2: Synapse Workspace Basics¶
Master Azure Synapse workspace fundamentals including workspace creation, navigation, resource management, and identity configuration. This foundation enables efficient development and deployment of analytics solutions.
🎯 Learning Objectives¶
After completing this tutorial, you will be able to:
- ✅ Create and configure a Synapse Analytics workspace
- ✅ Navigate Synapse Studio interface and key components
- ✅ Manage resource groups and organize Azure resources
- ✅ Configure IAM and RBAC for secure access control
- ✅ Set up managed identity for service authentication
⏱️ Time Estimate: 30 minutes¶
- Workspace Creation: 10 minutes
- Studio Navigation: 10 minutes
- IAM Configuration: 10 minutes
📋 Prerequisites¶
Required Resources¶
- Completed Tutorial 1: Environment setup with validated configuration
- Azure subscription: Active subscription with Contributor or Owner role
- Resource group: Created in Tutorial 1 or new group for this tutorial
- Naming convention file:
naming-convention.jsonfrom Tutorial 1
Required Permissions¶
- Owner or Contributor role on Azure subscription or resource group
- Ability to assign roles (for IAM configuration)
- Permission to register service principals
🏗️ Step 1: Create Synapse Workspace¶
1.1 Load Naming Convention¶
Use the naming convention established in Tutorial 1:
# Load naming convention
$naming = Get-Content "naming-convention.json" | ConvertFrom-Json
# Display workspace configuration
Write-Host "🏗️ Creating Synapse Workspace" -ForegroundColor Cyan
Write-Host "Workspace Name: $($naming.SynapseWorkspace)" -ForegroundColor White
Write-Host "Resource Group: $($naming.ResourceGroupName)" -ForegroundColor White
Write-Host "Location: $($naming.LocationName)" -ForegroundColor White
1.2 Create Storage Account for Workspace¶
Synapse workspace requires a Data Lake Storage Gen2 account:
# Create storage account with hierarchical namespace enabled
az storage account create \
--name $naming.StorageAccount \
--resource-group $naming.ResourceGroupName \
--location $naming.Location \
--sku Standard_LRS \
--kind StorageV2 \
--enable-hierarchical-namespace true \
--access-tier Hot \
--tags Project=SynapseTutorial Environment=Learning
Write-Host "✅ Storage account created: $($naming.StorageAccount)" -ForegroundColor Green
# Create default filesystem for Synapse workspace
az storage fs create \
--name "synapse-data" \
--account-name $naming.StorageAccount \
--auth-mode login
Write-Host "✅ Default filesystem created: synapse-data" -ForegroundColor Green
Expected Output:
{
"created": true,
"encryption": {
"services": {
"blob": {
"enabled": true,
"keyType": "Account",
"lastEnabledTime": "2025-01-15T10:30:00.000000Z"
},
"file": {
"enabled": true,
"keyType": "Account",
"lastEnabledTime": "2025-01-15T10:30:00.000000Z"
}
}
},
"isHnsEnabled": true
}
1.3 Create Synapse Workspace¶
Create the workspace with managed virtual network for enhanced security:
# Get current user object ID for SQL admin
$currentUserObjectId = az ad signed-in-user show --query id --output tsv
# Create Synapse workspace
az synapse workspace create \
--name $naming.SynapseWorkspace \
--resource-group $naming.ResourceGroupName \
--location $naming.Location \
--storage-account $naming.StorageAccount \
--file-system synapse-data \
--sql-admin-login-user sqladminuser \
--sql-admin-login-password "YourSecurePassword123!" \
--tags Project=SynapseTutorial Environment=Learning \
--enable-managed-virtual-network true
Write-Host "✅ Synapse workspace created successfully" -ForegroundColor Green
🔒 Security Note: In production, use Azure Key Vault for password management. Never hardcode passwords in scripts.
1.4 Enable Firewall Rules¶
Configure firewall to allow access:
# Allow all Azure services and resources to access this workspace
az synapse workspace firewall-rule create \
--name "AllowAllAzureIPs" \
--workspace-name $naming.SynapseWorkspace \
--resource-group $naming.ResourceGroupName \
--start-ip-address 0.0.0.0 \
--end-ip-address 0.0.0.0
# Allow your current IP address
$myIp = (Invoke-WebRequest -Uri "https://api.ipify.org" -UseBasicParsing).Content
az synapse workspace firewall-rule create \
--name "AllowMyIP" \
--workspace-name $naming.SynapseWorkspace \
--resource-group $naming.ResourceGroupName \
--start-ip-address $myIp \
--end-ip-address $myIp
Write-Host "✅ Firewall rules configured" -ForegroundColor Green
1.5 Verify Workspace Creation¶
Confirm workspace is running:
# Get workspace details
$workspace = az synapse workspace show \
--name $naming.SynapseWorkspace \
--resource-group $naming.ResourceGroupName \
--output json | ConvertFrom-Json
Write-Host "📊 Workspace Status:" -ForegroundColor Cyan
Write-Host " Name: $($workspace.name)" -ForegroundColor White
Write-Host " State: $($workspace.provisioningState)" -ForegroundColor White
Write-Host " Workspace URL: $($workspace.connectivityEndpoints.web)" -ForegroundColor White
Write-Host " SQL Endpoint: $($workspace.connectivityEndpoints.sql)" -ForegroundColor White
Write-Host " Dev Endpoint: $($workspace.connectivityEndpoints.dev)" -ForegroundColor White
🖥️ Step 2: Navigate Synapse Studio¶
2.1 Access Synapse Studio¶
Open Synapse Studio in your browser:
# Get Synapse Studio URL
$studioUrl = $workspace.connectivityEndpoints.web
Write-Host "🌐 Opening Synapse Studio..." -ForegroundColor Cyan
Write-Host "URL: $studioUrl" -ForegroundColor White
# Open in default browser
Start-Process $studioUrl
2.2 Synapse Studio Interface Overview¶
Key Interface Components:
![Synapse Studio Interface - Main dashboard with left navigation showing Home, Data, Develop, Integrate, Monitor, and Manage hubs]
📍 Navigation Hubs¶
| Hub | Icon | Purpose | Common Tasks |
|---|---|---|---|
| Home | 🏠 | Dashboard and quick access | Recent items, knowledge center |
| Data | 📊 | Data management and exploration | Browse databases, linked services |
| Develop | 💻 | Code development | SQL scripts, notebooks, data flows |
| Integrate | 🔄 | Data integration pipelines | Copy data, orchestrate workflows |
| Monitor | 📈 | Activity monitoring | Pipeline runs, Spark applications |
| Manage | ⚙️ | Workspace configuration | Pools, linked services, credentials |
2.3 Explore Key Features¶
Home Hub - Dashboard¶
**Screenshot Description**: Dashboard showing:
- Recent activities panel with last accessed notebooks and SQL scripts
- Knowledge center with tutorials and documentation links
- Quick start cards for creating new resources
- Usage metrics showing active pools and storage consumption
Navigation Steps:
- Click Home icon in left navigation
- Review Recent items section
- Explore Knowledge center resources
- Note Quick start options
Data Hub - Data Explorer¶
**Screenshot Description**: Data hub interface displaying:
- Workspace tree view on left showing Databases and Lake Database
- Data lake storage containers in middle panel
- File preview pane on right showing CSV/Parquet file contents
Navigation Steps:
- Click Data icon in left navigation
- Expand Linked section
- Browse Azure Data Lake Storage Gen2
- Explore synapse-data container
Manage Hub - Configuration¶
**Screenshot Description**: Manage hub showing:
- Analytics pools section listing SQL and Apache Spark pools
- Linked services panel with connections to storage and external services
- Integration runtimes configuration
- Access control and credentials management
Navigation Steps:
- Click Manage icon in left navigation
- Review Analytics pools section
- Check Linked services configuration
- Explore Access control settings
👥 Step 3: Configure Identity and Access Management (IAM)¶
3.1 Understand Synapse RBAC Roles¶
Built-in Synapse Roles:
| Role | Scope | Permissions | Use Case |
|---|---|---|---|
| Synapse Administrator | Workspace | Full control | Workspace admins |
| Synapse Contributor | Workspace | Publish, manage resources | Developers |
| Synapse Artifact Publisher | Workspace | Publish artifacts | CI/CD pipelines |
| Synapse Artifact User | Workspace | Read and execute | Data analysts |
| Synapse Compute Operator | Workspace | Manage Spark pools | DevOps engineers |
| Synapse Credential User | Workspace | Use credentials | Applications |
| Synapse Linked Data Manager | Workspace | Manage linked services | Data engineers |
3.2 Enable Managed Identity¶
Configure workspace managed identity for secure authentication:
# The workspace managed identity is created automatically
# Get the managed identity principal ID
$workspaceMI = az synapse workspace show \
--name $naming.SynapseWorkspace \
--resource-group $naming.ResourceGroupName \
--query identity.principalId \
--output tsv
Write-Host "✅ Workspace Managed Identity ID: $workspaceMI" -ForegroundColor Green
# Grant Storage Blob Data Contributor role to managed identity on storage account
az role assignment create \
--role "Storage Blob Data Contributor" \
--assignee $workspaceMI \
--scope "/subscriptions/$(az account show --query id -o tsv)/resourceGroups/$($naming.ResourceGroupName)/providers/Microsoft.Storage/storageAccounts/$($naming.StorageAccount)"
Write-Host "✅ Managed identity granted storage access" -ForegroundColor Green
3.3 Assign User Permissions¶
Grant yourself administrative access to the workspace:
# Assign Synapse Administrator role to current user
az synapse role assignment create \
--workspace-name $naming.SynapseWorkspace \
--role "Synapse Administrator" \
--assignee $currentUserObjectId
Write-Host "✅ Synapse Administrator role assigned to current user" -ForegroundColor Green
# Also assign at Azure resource level for full management
az role assignment create \
--role "Contributor" \
--assignee $currentUserObjectId \
--scope "/subscriptions/$(az account show --query id -o tsv)/resourceGroups/$($naming.ResourceGroupName)/providers/Microsoft.Synapse/workspaces/$($naming.SynapseWorkspace)"
Write-Host "✅ Azure Contributor role assigned" -ForegroundColor Green
3.4 Configure Storage Access¶
Set up proper permissions for data lake access:
# Grant current user Storage Blob Data Contributor role
az role assignment create \
--role "Storage Blob Data Contributor" \
--assignee $currentUserObjectId \
--scope "/subscriptions/$(az account show --query id -o tsv)/resourceGroups/$($naming.ResourceGroupName)/providers/Microsoft.Storage/storageAccounts/$($naming.StorageAccount)"
Write-Host "✅ Storage access configured for current user" -ForegroundColor Green
3.5 Verify Permissions¶
Confirm role assignments are active:
# List Synapse workspace role assignments
Write-Host "📋 Synapse Workspace Roles:" -ForegroundColor Cyan
az synapse role assignment list \
--workspace-name $naming.SynapseWorkspace \
--output table
# List Azure resource role assignments
Write-Host "`n📋 Azure Resource Roles:" -ForegroundColor Cyan
az role assignment list \
--scope "/subscriptions/$(az account show --query id -o tsv)/resourceGroups/$($naming.ResourceGroupName)/providers/Microsoft.Synapse/workspaces/$($naming.SynapseWorkspace)" \
--output table
📦 Step 4: Explore Resource Organization¶
4.1 Resource Group Management¶
View all resources in your resource group:
# List all resources in the resource group
Write-Host "📦 Resources in $($naming.ResourceGroupName):" -ForegroundColor Cyan
az resource list \
--resource-group $naming.ResourceGroupName \
--output table
# Show resource group tags and location
az group show \
--name $naming.ResourceGroupName \
--query "{Name:name, Location:location, Tags:tags}" \
--output json
4.2 Workspace Resources¶
Explore workspace components:
# Get workspace linked services
Write-Host "`n🔗 Linked Services:" -ForegroundColor Cyan
az synapse linked-service list \
--workspace-name $naming.SynapseWorkspace \
--output table
# Note: SQL and Spark pools will be created in subsequent tutorials
Write-Host "`n⚙️ Compute Pools:" -ForegroundColor Cyan
Write-Host " SQL Pools: 0 (will create in Tutorial 10)"
Write-Host " Spark Pools: 0 (will create in Tutorial 6)"
4.3 Cost Management Tags¶
Apply consistent tagging for cost tracking:
# Define common tags
$resourceTags = @{
'Project' = 'SynapseTutorial'
'Environment' = 'Learning'
'Owner' = $env:USERNAME
'CostCenter' = 'Training'
'AutoShutdown' = 'Enabled'
'Tutorial' = '02-WorkspaceBasics'
}
# Apply tags to workspace
az synapse workspace update \
--name $naming.SynapseWorkspace \
--resource-group $naming.ResourceGroupName \
--tags $resourceTags
# Apply tags to storage account
az storage account update \
--name $naming.StorageAccount \
--resource-group $naming.ResourceGroupName \
--tags $resourceTags
Write-Host "✅ Resource tags applied for cost tracking" -ForegroundColor Green
🔧 Step 5: Basic Workspace Configuration¶
5.1 Configure Workspace Settings¶
Set up default workspace behaviors:
# Note: Many workspace settings are configured through Synapse Studio
Write-Host "🔧 Workspace Configuration:" -ForegroundColor Cyan
Write-Host " 1. Open Synapse Studio: $studioUrl"
Write-Host " 2. Navigate to Manage hub"
Write-Host " 3. Select 'Workspace settings'"
Write-Host " 4. Configure default language: SQL/PySpark"
Write-Host " 5. Set default Spark version: 3.3"
Write-Host " 6. Enable automatic pause for Spark sessions"
5.2 Set Up Git Integration (Optional)¶
Configure source control for workspace artifacts:
**Screenshot Description**: Git configuration panel showing:
- Repository type selection (Azure DevOps / GitHub)
- Repository name and branch configuration
- Collaboration branch and publish branch settings
- Root folder path for workspace artifacts
**Configuration Steps**:
1. In Synapse Studio, navigate to Manage → Git configuration
2. Click "Configure" to set up Git integration
3. Select repository type (GitHub or Azure DevOps)
4. Authenticate and select repository
5. Configure collaboration branch (main/develop)
6. Set root folder for Synapse artifacts
7. Save configuration
💡 Best Practice: Configure Git integration early to enable version control, collaboration, and CI/CD pipelines. This will be covered in detail in Tutorial 14.
5.3 Configure Default Storage¶
Verify default storage account configuration:
# Check workspace default storage
$workspaceStorage = az synapse workspace show \
--name $naming.SynapseWorkspace \
--resource-group $naming.ResourceGroupName \
--query "{StorageAccount:defaultDataLakeStorage.accountUrl, FileSystem:defaultDataLakeStorage.filesystem}" \
--output json | ConvertFrom-Json
Write-Host "💾 Default Storage Configuration:" -ForegroundColor Cyan
Write-Host " Account: $($workspaceStorage.StorageAccount)" -ForegroundColor White
Write-Host " Container: $($workspaceStorage.FileSystem)" -ForegroundColor White
✅ Step 6: Verification and Testing¶
6.1 Access Validation¶
Test workspace access from Synapse Studio:
**Validation Steps in Synapse Studio**:
1. **Data Hub Access**:
- Navigate to Data hub
- Expand Linked → Azure Data Lake Storage Gen2
- Verify you can browse storage containers
- Expected: See 'synapse-data' container with folders
2. **Develop Hub Access**:
- Navigate to Develop hub
- Try creating a new SQL script
- Expected: Script editor opens successfully
3. **Manage Hub Access**:
- Navigate to Manage hub
- Click on Analytics pools
- Expected: Can view pools section (empty for now)
4. **Monitor Hub Access**:
- Navigate to Monitor hub
- Check Activities section
- Expected: Can view monitoring dashboard
6.2 Managed Identity Testing¶
Verify managed identity has proper storage access:
# Test script to validate managed identity permissions
$testScript = @"
import org.apache.spark.sql.SparkSession
// This will be executed in Tutorial 6 with Spark pool
// For now, verify permissions are set correctly
val storageAccount = "$($naming.StorageAccount)"
val container = "synapse-data"
println(s"Storage Account: \${storageAccount}")
println(s"Container: \${container}")
println("Managed Identity configuration validated")
"@
$testScript | Out-File "test-mi-access.scala" -Encoding UTF8
Write-Host "✅ Test script created for future validation" -ForegroundColor Green
6.3 Connection Testing¶
Test SQL endpoint connectivity:
# Test SQL endpoint connectivity
$sqlEndpoint = $workspace.connectivityEndpoints.sqlOnDemand
Write-Host "🔌 Testing SQL Endpoint Connectivity..." -ForegroundColor Cyan
Write-Host "Endpoint: $sqlEndpoint" -ForegroundColor White
# Test connection using sqlcmd (if installed)
if (Get-Command sqlcmd -ErrorAction SilentlyContinue) {
sqlcmd -S $sqlEndpoint -U sqladminuser -P "YourSecurePassword123!" -Q "SELECT @@VERSION"
Write-Host "✅ SQL endpoint connection successful" -ForegroundColor Green
} else {
Write-Host "⚠️ sqlcmd not installed - SQL connection test skipped" -ForegroundColor Yellow
Write-Host " Manual test in Synapse Studio will confirm connectivity" -ForegroundColor Yellow
}
📊 Step 7: Monitoring and Management¶
7.1 View Workspace Metrics¶
Check workspace health and usage:
# Get workspace metrics for last 24 hours
$endTime = Get-Date
$startTime = $endTime.AddHours(-24)
Write-Host "📊 Workspace Metrics (Last 24 Hours):" -ForegroundColor Cyan
# Note: Detailed metrics will show once we start using compute resources
az monitor metrics list \
--resource "/subscriptions/$(az account show --query id -o tsv)/resourceGroups/$($naming.ResourceGroupName)/providers/Microsoft.Synapse/workspaces/$($naming.SynapseWorkspace)" \
--metric-names "BuiltinSqlPoolDataProcessedBytes" \
--start-time $startTime.ToUniversalTime().ToString("yyyy-MM-ddTHH:mm:ssZ") \
--end-time $endTime.ToUniversalTime().ToString("yyyy-MM-ddTHH:mm:ssZ") \
--output table
7.2 Monitor Workspace Activity¶
**Monitoring in Synapse Studio**:
1. Navigate to Monitor hub
2. Select "Activities" from left menu
3. View filters available:
- Pipeline runs
- Trigger runs
- Integration runtime
- Apache Spark applications
- SQL requests
4. Note: Activity logs will populate as you progress through tutorials
7.3 Set Up Alerts (Optional)¶
Configure basic alerting for workspace:
# Create action group for alerts
az monitor action-group create \
--name "synapse-alerts" \
--resource-group $naming.ResourceGroupName \
--short-name "syn-alert" \
--email-receiver name="admin" email="your-email@example.com"
# Create alert rule for failed pipeline runs
# Note: This will be more useful after Tutorial 4 when we create pipelines
Write-Host "✅ Alert infrastructure created" -ForegroundColor Green
Write-Host " Configure specific alert rules in Azure Portal as needed" -ForegroundColor Yellow
🎯 Step 8: Workspace Configuration Summary¶
8.1 Save Configuration¶
Document workspace configuration for reference:
# Create workspace summary
$workspaceSummary = @"
# Synapse Workspace Configuration Summary
Generated: $(Get-Date -Format 'yyyy-MM-dd HH:mm:ss')
## Workspace Details
- **Name**: $($naming.SynapseWorkspace)
- **Resource Group**: $($naming.ResourceGroupName)
- **Location**: $($naming.LocationName)
- **Subscription**: $(az account show --query name -o tsv)
## Endpoints
- **Synapse Studio**: $($workspace.connectivityEndpoints.web)
- **SQL On-Demand**: $($workspace.connectivityEndpoints.sqlOnDemand)
- **SQL Dedicated**: $($workspace.connectivityEndpoints.sql)
- **Dev Endpoint**: $($workspace.connectivityEndpoints.dev)
## Storage Configuration
- **Storage Account**: $($naming.StorageAccount)
- **Default Container**: synapse-data
- **Managed Identity**: Enabled
## Security Configuration
- **Managed Virtual Network**: Enabled
- **Firewall Rules**: Azure services + Current IP
- **Managed Identity**: Configured with Storage Blob Data Contributor
## Access Control
- **Current User Role**: Synapse Administrator + Contributor
- **Managed Identity Role**: Storage Blob Data Contributor
## Next Steps
1. Tutorial 3: Set up Data Lake storage structure
2. Tutorial 4: Configure batch data ingestion
3. Tutorial 6: Create and configure Spark pools
"@
$workspaceSummary | Out-File "workspace-configuration.md" -Encoding UTF8
Write-Host "✅ Workspace configuration saved to workspace-configuration.md" -ForegroundColor Green
8.2 Quick Reference Commands¶
# Save quick reference commands
$quickRef = @"
# Synapse Workspace Quick Reference
## Open Synapse Studio
Start-Process "$($workspace.connectivityEndpoints.web)"
## View Workspace Status
az synapse workspace show --name "$($naming.SynapseWorkspace)" --resource-group "$($naming.ResourceGroupName)"
## List Role Assignments
az synapse role assignment list --workspace-name "$($naming.SynapseWorkspace)"
## Update Firewall Rules
az synapse workspace firewall-rule create --name "RuleName" --workspace-name "$($naming.SynapseWorkspace)" --resource-group "$($naming.ResourceGroupName)" --start-ip-address X.X.X.X --end-ip-address X.X.X.X
## View Activity Log
az monitor activity-log list --resource-group "$($naming.ResourceGroupName)" --namespace Microsoft.Synapse
"@
$quickRef | Out-File "synapse-quick-reference.ps1" -Encoding UTF8
Write-Host "✅ Quick reference commands saved to synapse-quick-reference.ps1" -ForegroundColor Green
✅ Checkpoint Validation¶
Before proceeding to the next tutorial, verify your setup:
Validation Checklist¶
- Workspace created and in 'Succeeded' provisioning state
- Storage account configured with hierarchical namespace enabled
- Synapse Studio accessible via web browser
- Managed identity enabled and storage access granted
- User roles assigned: Synapse Administrator and Azure Contributor
- Firewall rules configured to allow access
- Can navigate all Synapse Studio hubs successfully
- Configuration files saved for future reference
Quick Validation Script¶
# Run comprehensive validation
Write-Host "🔍 Validating Synapse Workspace Configuration..." -ForegroundColor Cyan
$validationResults = @{
'WorkspaceExists' = $false
'StorageConfigured' = $false
'ManagedIdentityEnabled' = $false
'FirewallConfigured' = $false
'UserRoleAssigned' = $false
}
# Check workspace
try {
$ws = az synapse workspace show --name $naming.SynapseWorkspace --resource-group $naming.ResourceGroupName 2>$null
if ($ws) {
$validationResults.WorkspaceExists = $true
Write-Host "✅ Workspace exists and accessible" -ForegroundColor Green
}
} catch {
Write-Host "❌ Workspace not found or inaccessible" -ForegroundColor Red
}
# Check storage
try {
$storage = az storage account show --name $naming.StorageAccount --resource-group $naming.ResourceGroupName --query isHnsEnabled -o tsv 2>$null
if ($storage -eq "true") {
$validationResults.StorageConfigured = $true
Write-Host "✅ Storage account properly configured" -ForegroundColor Green
}
} catch {
Write-Host "❌ Storage account configuration issue" -ForegroundColor Red
}
# Check managed identity
try {
$miId = az synapse workspace show --name $naming.SynapseWorkspace --resource-group $naming.ResourceGroupName --query identity.principalId -o tsv 2>$null
if ($miId) {
$validationResults.ManagedIdentityEnabled = $true
Write-Host "✅ Managed identity enabled" -ForegroundColor Green
}
} catch {
Write-Host "❌ Managed identity not enabled" -ForegroundColor Red
}
# Check firewall rules
try {
$fwRules = az synapse workspace firewall-rule list --workspace-name $naming.SynapseWorkspace --resource-group $naming.ResourceGroupName 2>$null
if ($fwRules) {
$validationResults.FirewallConfigured = $true
Write-Host "✅ Firewall rules configured" -ForegroundColor Green
}
} catch {
Write-Host "❌ Firewall rules not configured" -ForegroundColor Red
}
# Check user role
try {
$roles = az synapse role assignment list --workspace-name $naming.SynapseWorkspace --assignee $currentUserObjectId 2>$null
if ($roles) {
$validationResults.UserRoleAssigned = $true
Write-Host "✅ User roles assigned" -ForegroundColor Green
}
} catch {
Write-Host "❌ User roles not assigned" -ForegroundColor Red
}
# Summary
$passedChecks = ($validationResults.Values | Where-Object { $_ -eq $true }).Count
$totalChecks = $validationResults.Count
Write-Host "`n🎯 Validation Summary: $passedChecks/$totalChecks checks passed" -ForegroundColor Cyan
if ($passedChecks -eq $totalChecks) {
Write-Host "✅ All validations passed! Ready for Tutorial 3." -ForegroundColor Green
} else {
Write-Host "⚠️ Some validations failed. Please review and fix issues before proceeding." -ForegroundColor Yellow
}
🎉 Congratulations¶
You've successfully set up and configured your Azure Synapse Analytics workspace. You now have:
- ✅ Fully configured workspace with managed virtual network
- ✅ Secure authentication using managed identity
- ✅ Proper access control with RBAC roles
- ✅ Integrated storage with Data Lake Gen2
- ✅ Monitoring infrastructure for tracking workspace activity
🚀 What's Next?¶
Continue to Tutorial 3: Data Lake Setup
In the next tutorial, you'll:
- Create organized folder structures in Data Lake
- Set up linked services for data sources
- Configure access policies and permissions
- Prepare for data ingestion
💡 Troubleshooting¶
Common Issues and Solutions¶
Issue: Workspace creation fails with "Name already taken"
# Generate new unique workspace name
$uniqueSuffix = [System.Guid]::NewGuid().ToString().Substring(0, 8)
$naming.SynapseWorkspace = "syn-syntut-dev-$uniqueSuffix"
# Retry workspace creation with new name
Issue: Cannot access Synapse Studio
# Verify firewall rules include your current IP
$myIp = (Invoke-WebRequest -Uri "https://api.ipify.org" -UseBasicParsing).Content
az synapse workspace firewall-rule create \
--name "AllowMyIP" \
--workspace-name $naming.SynapseWorkspace \
--resource-group $naming.ResourceGroupName \
--start-ip-address $myIp \
--end-ip-address $myIp
Issue: Managed identity cannot access storage
# Re-apply Storage Blob Data Contributor role
$workspaceMI = az synapse workspace show --name $naming.SynapseWorkspace --resource-group $naming.ResourceGroupName --query identity.principalId -o tsv
az role assignment create \
--role "Storage Blob Data Contributor" \
--assignee $workspaceMI \
--scope "/subscriptions/$(az account show --query id -o tsv)/resourceGroups/$($naming.ResourceGroupName)/providers/Microsoft.Storage/storageAccounts/$($naming.StorageAccount)"
# Wait 5-10 minutes for role assignment to propagate
Issue: Role assignments not showing in Synapse Studio
# Role assignments can take up to 15 minutes to propagate
# Clear browser cache and sign out/in of Synapse Studio
# Verify role assignments via CLI:
az synapse role assignment list --workspace-name $naming.SynapseWorkspace --assignee $currentUserObjectId
Tutorial Progress: 2 of 14 completed Next: 03. Data Lake Setup → Time Investment: 30 minutes ✅
Understanding workspace fundamentals is critical for successful Synapse implementation. Take time to explore each component thoroughly.