Power BI Governance Getting Better

Larger organizations are naturally interested in established procedures for data governance, retention, search and taxonomy. With the rising important of data analytics, such policies are equally important for BI artifacts. For example, a large organization wants to restrict users to access Power BI only from approved devices and/ or on premises. Although it doesn’t match yet the SharePoint data governance features, Power BI is making strides in this direction. The tenant admin can access the Admin Portal page (log in to powerbi.com, then click Settings, Admin Portal) to:

  1. View Power BI usage metrics and utilization. This fulfills a similar role to the Power Pivot Management Dashboard in SharePoint.
  2. Manage users.
  3. Set global tenant permissions, such as the ability to publish content pack to the entire organization, allowing sharing content with external users, publish to web (anonymous access), export data, interact with R scripts, Cortana, Analyze in Excel, templates, create audit logs, and data classification.

Recently, Power BI added two very important governance features:

  • Active Directory conditional policies (requires Azure Active Directory Premium) – Enforces multi-factor authentication that adds an additional-level of the login process, besides using his email and password, the user has to enter a code that Power BI sends to a mobile device. The “Block access when not at work” rule prevents the user from accessing Power BI while not at work.
  • Auditing– When enabled, this feature generates audit logs when users access Power BI content, export data, or make changes to important settings. Although the tenant admin needs to access the Office 365 Security and Compliance Portal to view the logs, auditing doesn’t require Office 365 subscription.