Azure Data Explorer (ADX) is a powerful analytics service that allows you to query large datasets using Kusto Query Language (KQL). In a lot of setups, the data is copied to ADX from a data warehouse like Azure Synapse, which causes a lot of overhead. Azure Fabric is aiming at integrating data warehousing, ETL and orchestration (Azure Data Factory) and data analytics (ADX, Notebooks,..) into a single platform.
Fabric also allows working with external data by using so-called shortcuts to external databases, blob stores etc.
When building modern analytics solutions in Microsoft Fabric, many teams assume that secure data connections require setting up Managed Private Endpoints (MPEs). But in the case of connecting Fabric EventHouse to Azure Data Explorer (ADX) using KQL shortcuts, MPEs are not necessary—and here’s why.
One of the most important things to understand is how KQL shortcuts operate. A shortcut is not a connection to the ADX service itself, but to the data files—which live in Azure Storage.
This design allows Fabric EventHouse to access ADX data even if:
This is by design. The shortcut mechanism is built on a high-trust, internal link between EventHouse and the storage where ADX data resides. The shortcut is not dependent on the cluster’s state—it works regardless of whether the ADX service is running.
The entire communication path between Fabric EventHouse and ADX storage takes place within the Azure backbone network. That means:
Even if public access is disabled, or the cluster is stopped, Fabric EventHouse can still read the data using its internal path.
This is a key architectural decision: the shortcut links to storage, not to a running ADX service. Because of this, it is immune to the availability or exposure status of the cluster itself.
This internal data access does not sacrifice security. All communication over the Azure backbone uses:
This ensures that even though you are not using MPEs, your data access remains secure and compliant.
While Managed Private Endpoints are useful in many scenarios—such as accessing SQL Database, Cosmos DB, or other services within a private VNET — they are not necessary for shortcuts between Fabric EventHouse and ADX storage.
Fabric EventHouse is designed to connect to Azure Data Explorer storage securely and efficiently using KQL shortcuts—without the need for managed private endpoints. This approach leverages Azure’s backbone network and removes complexity from your setup.
If your use case involves querying data from ADX via shortcuts, rest assured that:
Think of it like having a backdoor to your data library: even if the main entrance (the ADX service) is closed, you still have safe, internal access to the shelves (your data files).
Thanks for reading and we will see you in the next blog post.
