Power BI security enhancements with Azure AD conditional access

Just a quick blog post today to highlight one of the Power BI integration points that we get “for free” being part of the overall Microsoft clouds infrastructure. One of the coolest things to come out of the Azure AD area is what they call Azure AD Conditional access. I know this is already talked about before but I think it is worth highlighting a bit more.

By configuring this you can control under which conditions users can connect to Power BI. Here is an overview picture on some of the conditions:

Conditional access overview

A few examples of the conditions you can configure:

  • Any user who wants to use Power BI has to adhere to 2 factor authentication
  • You can only connect to Power BI when you are on the corporate network
  • You can only connect from machines that are domain joined
  • You can only connect from a machine that is complaint with the network policy
  • You can only use Power BI when you are part of a special AD group

And then you can also mix and match the ones above so you might get the following: When connecting from outside of the corp network you need to use 2FA to connect to PowerBI from any mobile device but not from a domain joined laptop.

And so on and so on. Here is a blog post on how to configure this for your Power BI: https://powerbi.microsoft.com/en-us/blog/secure-and-audit-power-bi-in-your-organization/