Data protection enhancements - highlighting centralized Power BI DLP policies


This content is archived and is not being updated. For the latest documentation, go to What's new in Power BI?. For the latest release plans, go to Dynamics 365 and Microsoft Power Platform release plans.

Enabled for Public preview General availability
Users by admins, makers, or analysts Apr 30, 2022 -

Business value

This feature enables organizations to control and protect their sensitive enterprise data by leveraging Microsoft's leading security solutions for information protection, threat protection, and cloud app security.

Feature details

Providing data protection capabilities in Power BI is critical to enabling our customers to control and protect their sensitive enterprise data. We've been leading the landscape with data protection capabilities in Power BI. We can do this by integrating Microsoft’s leading security solutions for information protection, threat protection, and cloud app security.

We’re continuing to invest in data protection. We plan to introduce additional capabilities, allowing organizations across the various industries to use the most sensitive data while adhering to company policies and ensuring data security. We also plan to extend capabilities to support more restrictive and demanding security and compliance requirements.

These capabilities include:

Centralized Power BI data loss prevention (DLP) policies: We're expanding the capabilities of DLP policies for Power BI, based on additional conditions and allowing further actions. For example:

  • We'll support auto-classification of data and make it possible to define conditions for info that is classified as sensitive.

  • We've already implemented the following data protection features:

    • Allowing customers to classify and label sensitive data in Power BI.
    • Persisting labels and protection throughout the Power BI service and in the mobile apps, and when content is exported to Excel, PowerPoint, PDF, and live connections to Excel files.
    • Supporting inheritance of labels between artifacts, starting with inheritance upon creation of new Power BI assets.
    • Enforcing label-specific permissions when data is exported out of Power BI.
    • Monitoring user access and activity, including real-time risk analysis and protection.
    • Adding downstream inheritance of labels within Power BI projects. When a label is applied to a certain asset (such as a dataset), connected downstream assets (reports, dashboards) will inherit that label.
    • Persisting sensitivity labels and enforcing protection in Power BI Embedded (SaaS embedding).
    • Providing APIs for administrators to retrieve asset sensitivity labels.
    • Requiring labels when content is created or edited in the Power BI service. This feature is managed by administrators who can turn it on and off.
    • Providing sensitivity labels in Power BI on government clouds (GCC, GCCH, and DOD).
    • General availability of applying sensitivity labels and protection to Power BI desktop files (.pbix).
    • Get data from protected Excel files. This capability applies the Excel file's sensitivity label on downstream Power BI datasets and reports.
    • Microsoft 365 Power BI data loss prevention (DLP) policies enable security administrators to apply their organization's data loss prevention policies to sensitive data in the Power BI service. Starting with DLP policies to alert or prevent the upload of sensitive data to the Power BI service when a given condition is met—for example, when the Microsoft Information Protection (MIP) label is set on content.

See also

Govern your data in Power BI leveraging auto detection of sensitive information (video)

Data protection in Power BI (docs)