Power BI

This page will list security settings and configurations that is advisable to implement in your environment.
Each environment is different where I believe the below settings are easy to setup and provides a way to get to a more mature security level.

  1. Disable share content with external users
  2. Disable publish to web
  3. Disable export data
  4. Disable print or export Power BI reports as PowerPoint or PDF
  5. Block custom visuals
  6. Block template apps
  7. Disable external guest users to edit and manage content in the organization

Disable share content with external users

Users in the organization can share dashboards and reports with users outside the organization by default. We advise to disable this and only enable it when there is a need for this functionality. You can also specify that users in a specific security group can share dashboards.

How will this impact my users?

Users are unable to share dashboards or reports with users outside the organization

 

Using the user interface

This setting needs to be changed at the Power Bi admin center. The direct link is https://app.powerbi.com/admin-portal/tenantSettings

Using PowerShell

There is currently no Cmdlet available to change global Power BI settings

Disable publish to web

People in your org can publish public reports on the web. Publicly published reports don't require authentication to view them. We advise to disable this and only enable it when there is a need for this functionality. You can also specify that users in a specific security group can publish dashboards to the web.

How will this impact my users?

Users are unable to publish public reports on the web

Using the user interface

This setting needs to be changed at the Power Bi admin center. The direct link is https://app.powerbi.com/admin-portal/tenantSettings

Using PowerShell

There is currently no Cmdlet available to change global Power BI settings

Disable export data

Users in the organization can export data from a tile or visualization. We advise to disable this and only enable it when there is a need for this functionality. You can also specify that users in a specific security group can export data.

How will this impact my users?

Users are unable to export data to for example CSV

 

Using the user interface

This setting needs to be changed at the Power Bi admin center. The direct link is https://app.powerbi.com/admin-portal/tenantSettings

Using PowerShell

There is currently no Cmdlet available to change global Power BI settings

Disable print or export Power BI reports as PowerPoint or PDF

Users in the organization can print or export Power BI reports as PowerPoint files or PDF documents. We advise to disable this and only enable it when there is a need for this functionality. You can also specify that users in a specific security group can print or export Power Bi reports.

How will this impact my users?

Users are unable to print or export Power BI reports as PowerPoint or PDF documents.

Using the user interface

This setting needs to be changed at the Power Bi admin center. The direct link is https://app.powerbi.com/admin-portal/tenantSettings

Using PowerShell

There is currently no Cmdlet available to change global Power BI settings

Block custom visuals

Users in the organization can add, view, share, and interact with custom visuals in the Power BI service. We advise to only enable it when there is a need for this functionality. You can also specify that users in a specific security group can use or add custom visuals. Microsoft also states that a custom visual could contain code with security or privacy risks. Make sure you trust the author and custom visual source before importing it to your report. It is possible to also allow custom visuals but only certified custom visuals

How will this impact my users?

Users are unable to add, view, share and interact with custom visuals.

 

Using the user interface

This setting needs to be changed at the Power Bi admin center. The direct link is https://app.powerbi.com/admin-portal/tenantSettings

Using PowerShell

There is currently no Cmdlet available to change global Power BI settings

Block template apps

Users in the organization can create template app workspaces to develop app solutions for distribution to clients outside of the organization. We advise to only enable it when there is a need for this functionality. You can also specify that users in a specific security group can publish or install template apps

How will this impact my users?

Users are unable to publish or install template apps.

Using the user interface

This setting needs to be changed at the Power Bi admin center. The direct link is https://app.powerbi.com/admin-portal/tenantSettings

Using PowerShell

There is currently no Cmdlet available to change global Power BI settings

Disable external guest users to edit and manage content in the organization

The specified guest users in the organization can edit and manage content in workspaces in the organization. They receive the ability to browse content and request access to content. We advise to only enable it when there is a need for this functionality. You can also specify that it is allowed for specific security groups. This is disabled by default!

How will this impact my users?

Guest users are unable to edit and manage content in workspaces in the organization

Using the user interface

This setting needs to be changed at the Power Bi admin center. The direct link is https://app.powerbi.com/admin-portal/tenantSettings

Using PowerShell

There is currently no Cmdlet available to change global Power BI settings

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.