Error when trying to connect to a Power BI tenant from Purview (same tenant)

Question

Error when trying to connect to a Power BI tenant from Purview (same tenant)

Asbjørn Fleinert Mathiasen 0

I am trying to scan a Power BI tenant from Purview. However I keep getting the

Assets (+ lineage) - Failed status

error.

I have used this approach https://learn.microsoft.com/en-us/purview/register-scan-power-bi-tenant?tabs=Scenario1#scan-same-tenant-power-bi using the managed identity approach under bullet 4.
However I am unsure whether how to actually get this to work? I have bullet by bullet went through the Deployment checklist to make sure I haven't missed anything.
I am unsure whether I should just throw in the towel in regards to UAMI and get a service principal instead. If anyone has cracked the nut in regards to connection to a Power BI tenant in Purview using managed identity, then please spill the beans on what secret steps you took to make it work.

Cheers,
Fleinert

Ganesh Gurram 6,860 Reputation points Microsoft External Staff Moderator

2025-05-05T17:30:44.3166667+00:00
@Asbjørn Fleinert Mathiasen

When scanning a Power BI tenant from Microsoft Purview using a User Assigned Managed Identity (UAMI) in the same tenant scenario, it is essential to ensure that all configuration steps outlined in the official Microsoft documentation are completed correctly.

Please make sure the following key steps from the documentation are implemented: Register and scan a Power BI tenant (same tenant scenario)

Power BI Tenant Settings - Navigate to Power BI Admin Portal > Tenant Settings.

Enable the following:

"Allow service principals to use Power BI APIs"

"Allow service principals to access read-only admin APIs"

If you restricted access to a security group, ensure that the UAMI is included in that group.

Assign the UAMI as a Power BI Admin (or grant access to Admin APIs) - The UAMI must be:

Assigned as a Power BI Admin, or

Added to a security group that is allowed to call the Admin APIs.

In Microsoft Purview, assign the UAMI the following roles:

Data Source Admin

Scan Contributor

These should be assigned at the collection level where the Power BI data source is registered.

Ensure API Permissions Are Registered - Confirm that the Microsoft.PowerBI resource provider is registered in the Azure subscription.

Review Diagnostic Logs - If the scan still fails, go to the Scan > View recent scan > View logs to get detailed error information.

If the above configurations are already in place and the issue persists, consider testing the scan using a Service Principal as a temporary measure to isolate whether the issue is specific to the UAMI setup.

I hope this information helps.

Kindly consider upvoting the comment if the information provided is helpful. This can assist other community members in resolving similar issues.
Ganesh Gurram 6,860 Reputation points Microsoft External Staff Moderator

2025-05-06T14:54:46.42+00:00

@Asbjørn Fleinert Mathiasen

We haven’t heard from you on the last response and was just checking back to see if you have a resolution yet. In case if you have any resolution please do share that same with the community as it can be helpful to others. Otherwise, will respond with more details and we will try to help.
Ganesh Gurram 6,860 Reputation points Microsoft External Staff Moderator

2025-05-07T15:46:32.8433333+00:00

@Asbjørn Fleinert Mathiasen - Following up to see if the above suggestion was helpful. And, if you have any further query do let us know.
Asbjørn Fleinert Mathiasen 0 Reputation points

2025-05-08T07:29:09.9533333+00:00

Hi Ganesh

I Have tried all the points above. The only parts I hadn't done beeforehand was Ensure API Permissions Are Registered. I have attached the error I am getting. I am getting this error when I am testing the connection as I can't perform a scan.

Thank you for reaching out!
Asbjørn Fleinert Mathiasen 0 Reputation points

2025-05-08T07:41:12.9833333+00:00

@Ganesh Gurram See my recent post
Ganesh Gurram 6,860 Reputation points Microsoft External Staff Moderator

2025-05-09T16:25:56.77+00:00

@Asbjørn Fleinert Mathiasen

We haven’t heard from you on the last response and was just checking back to see if you have a resolution yet. In case if you have any resolution please do share that same with the community as it can be helpful to others. Otherwise, will respond with more details and we will try to help.

1 answer

Your answer

Ganesh Gurram 6,860 Reputation points Microsoft External Staff Moderator

2025-05-05T17:30:44.3166667+00:00

@Asbjørn Fleinert Mathiasen

When scanning a Power BI tenant from Microsoft Purview using a User Assigned Managed Identity (UAMI) in the same tenant scenario, it is essential to ensure that all configuration steps outlined in the official Microsoft documentation are completed correctly.

Please make sure the following key steps from the documentation are implemented: Register and scan a Power BI tenant (same tenant scenario)

Power BI Tenant Settings - Navigate to Power BI Admin Portal > Tenant Settings.

Enable the following:

"Allow service principals to use Power BI APIs"

"Allow service principals to access read-only admin APIs"

If you restricted access to a security group, ensure that the UAMI is included in that group.

Assign the UAMI as a Power BI Admin (or grant access to Admin APIs) - The UAMI must be:

Assigned as a Power BI Admin, or

Added to a security group that is allowed to call the Admin APIs.

In Microsoft Purview, assign the UAMI the following roles:

Data Source Admin

Scan Contributor

These should be assigned at the collection level where the Power BI data source is registered.

Ensure API Permissions Are Registered - Confirm that the Microsoft.PowerBI resource provider is registered in the Azure subscription.

Review Diagnostic Logs - If the scan still fails, go to the Scan > View recent scan > View logs to get detailed error information.

If the above configurations are already in place and the issue persists, consider testing the scan using a Service Principal as a temporary measure to isolate whether the issue is specific to the UAMI setup.

I hope this information helps.

Kindly consider upvoting the comment if the information provided is helpful. This can assist other community members in resolving similar issues.
Ganesh Gurram 6,860 Reputation points Microsoft External Staff Moderator

2025-05-06T14:54:46.42+00:00

@Asbjørn Fleinert Mathiasen

We haven’t heard from you on the last response and was just checking back to see if you have a resolution yet. In case if you have any resolution please do share that same with the community as it can be helpful to others. Otherwise, will respond with more details and we will try to help.
Ganesh Gurram 6,860 Reputation points Microsoft External Staff Moderator

2025-05-07T15:46:32.8433333+00:00

@Asbjørn Fleinert Mathiasen - Following up to see if the above suggestion was helpful. And, if you have any further query do let us know.
Asbjørn Fleinert Mathiasen 0 Reputation points

2025-05-08T07:29:09.9533333+00:00

Hi Ganesh

I Have tried all the points above. The only parts I hadn't done beeforehand was Ensure API Permissions Are Registered. I have attached the error I am getting. I am getting this error when I am testing the connection as I can't perform a scan.

Thank you for reaching out!
Asbjørn Fleinert Mathiasen 0 Reputation points

2025-05-08T07:41:12.9833333+00:00

@Ganesh Gurram See my recent post
Ganesh Gurram 6,860 Reputation points Microsoft External Staff Moderator

2025-05-09T16:25:56.77+00:00

@Asbjørn Fleinert Mathiasen

We haven’t heard from you on the last response and was just checking back to see if you have a resolution yet. In case if you have any resolution please do share that same with the community as it can be helpful to others. Otherwise, will respond with more details and we will try to help.

Answer 1

@Asbjørn Fleinert Mathiasen - Thanks for your reply and for sharing the updated error screenshot.

According to this MS documentation: https://learn.microsoft.com/en-us/purview/register-scan-power-bi-tenant?tabs=Scenario1#create-scan-for-same-tenant-power-bi-using-azure-ir-and-managed-identity

Based on the error you're seeing — ErrorCode:(3871) UserErrorDataScanPowerBIBasicMetadataFailure — and the fact that “Access” is successful but “Assets (+ lineage)” and “Detailed metadata” are failing, the issue is very likely caused by missing permissions for the managed identity to access the Power BI Admin APIs, which are required to fetch metadata and lineage.

User's image

This error occurs even during "Test connection" if the managed identity (UAMI) does not have access to the Power BI Admin APIs, not just during scan.

Please re-confirm the following (even if already done) - Go to Power BI Admin Portal: https://app.powerbi.com/admin-portal/tenantSettings

In Tenant Settings, ensure:

“Allow service principals to use Power BI APIs” is enabled
“Allow service principals to access read-only admin APIs” is enabled

If these are restricted to specific security groups - Make sure your User Assigned Managed Identity (UAMI) is a member of that group in Microsoft Entra ID.

To isolate whether the issue is with UAMI access - Try configuring the scan with a Service Principal that has the same permissions.

If it works, it confirms that UAMI is missing the Admin API access and adding it to the allowed group will resolve the issue.

I hope this information helps!

Share via

Error when trying to connect to a Power BI tenant from Purview (same tenant)

1 answer

Your answer