Learn AAD when you manage a Power BI environment

I get many questions around Power BI and security related features. Users and customers often don’t realize that most of their requirements can actually be solved by AAD. Power BI uses AAD to handle authentication and authorization. Because of this we can also leverage all the features of AAD to add additional security and rules to Power BI. If you want to understand how AAD and Power BI work together guy in a cube has a great video on this.

So what kind of features does AAD have that you can use to secure your Power BI even more?

Conditional access

You can use AAD conditional access which gives you conditions for your users to authenticate with Power BI:

  • When logging into Power BI the user needs to use 2 factor authentication
  • Make sure they can only connect to Power BI when you are on the corporate network
  • Allow Power BI connections only from machines that are domain joined
  • Only allow connections from machines that are complaint with the network policy
  • Only allow logging in to Power BI from certain AD group (the rest cannot log in)

It also allows mixing and matching from the above so you could say normal users can only log in from VPN or the office but admins can always login, etc.

More AAD options

What else can you do with AAD?

These AAD features will help you secure your Power BI environment even further and more and more features get added all the time.

5 Replies to “Learn AAD when you manage a Power BI environment

  1. This is all about securing access…how about securing publishing? i.e disable publishing to any other account other than the corporate account you are logged into.

  2. …actually it’s only partly solved the issue: that stops me sharing a published report from one tenant to another, it doesn’t stop me switching to another tenant completely then uploading to that tenant?

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.