The current Microsoft PowerBI governance enabling and recommendations. Including the changes following the November PowerBI release and PASS conference announcements.
SR-101-01012024-EN.docx Federal Constitution of the Swiss Confederation
Governance for power bi Toronto SPS Saturday
1. LEVEL 200
Governance for PowerBI and O 365
Session abstract
NOV
24 SharePoint Saturday Toronto #SPSToronto
Yana Berkovich
BI Dev & Analyst, Berkovich Consulting
#powerbi #governance #analysis
Your
picture
3. About Me
BI Analyst& DEV, Data Platform MVP
Consultant, ProductManager
Member of BI, BA, SharePoint,O365,PM communities
Data Platform Consultant& O365 Consultant–
https://www.linkedin.com/in/yanaberkovich
http://yanaberkovich.com
@Yana_Berkovich
4. Agenda
• What is Governance?
• Information Access Policy Groups/Workspaces
• Sharing vs Publishing
• Licensing Policy – Who is important enough??
• Visual Governance
• Reporting the reports
• Enforcing?
• Best Practices and Lessons (already) Learned…
5. What is Governance? (In the IT context)
A formal framework that provides a structure for
organizations to ensure that IT investments support
business objectives.
• ITIL – Information Technology Infrastructure Library is a
Governance Framework
• GRC – Governance Risk & Compliance is another
Framework established in 2000 in US for large
corporations
• ISO 27001 – is the IT related framework
6. What are we using PowerBI for?
Connect to
Data sources
Create
Reports/
dashboards/
Applications
Collaborate
and Share
Access Data
Insights
7. What is currently part of PowerBI
Power BI desktop
Power BI Desktop is the report authoring tool - https://powerbi.microsoft.com/en-us/desktop
Access data from various data sources and transform them for your reporting needs
Power BI Service – Pro / PowerBI Premium (Capacity, Licensing and Monitoring)
Browser based portal - https://app.powerbi.com
Share and collaborate with your collogues and wider audience
Applications
PowerBI Report Server
On premise solution for organizational reporting
PowerBI Mobile
Mobile Application, can be connected to your PowerBI on pemise or the cloud
PowerBI Data Gateway
Install in your organization, to enablesecure data connection (same as for PowerApps)
Embeded Analytics
PowerBI in Azure, set powerBI when needed, in the Azure portal
Use PowerBI REST API & JS to embed in your applications
8. It is Self Service BI so why
Governance?
• Don’t let it be the new white elephant
• Fast corporate reporting
• Measure the usability and the impact of your
reporting
• Information security
• Corporate Culture
• Regulations
• Reporting to Stakeholders
9. The Essential Slide to understand
where the data goes and where it
comes from
Apps
Reports
O365
Premium
with
dedicated
storage
Server
10. Where is Governance involved?
Who can Edit?
How and who access Data
Source?
Templates and custom visuals
to use
On
Prem
DB
Direct Query?
Cash/import data?
Who can consume?
Similar across devices?
Special authentication?
Design
Data Integrity
Scheduled
connections
13. Getting the data
• PBI Desktop data connectors
• PowerBI Service:
• API & Odata feed
• Live datasets on dashboards
• Data flows
• Data Set discovery- reuse existing
data sets
• Data Flow – alternative
complimentary to the ETL
14. Internal Data Sources Refresh & users – how to connect?
• Install data gateway – Why do we need data Gateway?
• Personal data Gateway – not for organizations, will not work for
other users
• Organizational/on premise– set with organizational user –
password expiry and security
• Configure the gateway in the report refresh, to avoid entering
credentials
• Create Application user
• Enable organizational access, set the user to access the data
source (SQL)
• Data Refresh
• Online - Defined on the Data Set not the individual report or dashboard
• Report Server on premise – Access and permissions are defined on the
folder level
• Gateway has to be online and reachable – is your machine on?
• Direct Query Access – Online Synchronization
• Same user that is creating the PowerBI report has to publish it (Application
or Admin)
• A report can have multiple data sources,
• A report cannot be Direct Query and multiple data source
• Direct Query report has to have only 1 data base/source to access!
15. O365 tools to help Data Governance
• Data Retention –
• Labels
• Policies
• Archiving – if the data source in o365
• Delve/Search – Check the results
• Monitoring – coming up….
Label PowerBI dashboardO365 Admin portal
16.
17. Let’s start with the most celebrated topic…
(Credits: @geek_king)
18. Security
• When sharing publicly - I can tweet it and everybody in the world can see! It is just a link
• Sending the reports as a .pbix file– no encryption, no permissions, anyone can download
desktop version and access
• Well print screens…
• Watch the groups! Who is in your workspace/group? Does she still work here?
• Is the report shared with all the group members?
• What are the specific roles assigned to group members?
• How is it different from O365? It is!
• O365 admin portal - Create alerts for access/changes in groups
• PowerBI – create workspace
• Create group review schedule
• Premium capacity – dedicated access report
• O365 admin portal – Create export usage logs
19. Data Security – Who can Access
my data??
(PowerBI.com)
• Access Management can be done through groups to the groups Workspace
• Access management through groups can be done directly in O365 –People or
through PowerShell
• External Business Users with O365
• Premium capacity - External users including token based authentication Azure AD
authentication and 3rd party authentication methods
Premium gives
view access to
entire org
Pro – only other
Pro users can
view
20. How to add people to your
Workspace?
• Assign tasks to people in your group
• Permissions types:
• Member
• Contributor
• Admin
• Different from previous group
dependent expirience
• The “Old” workspaces are still managed
by the group
21. The Workspace has not created a
group!
“Usage Analytics” workspace is not in the groups list
22. Administrator users types As
presented in PASS 2018
Administrator Type Scope
O 365 global admin Office 365
O 365 Billing Admin Office 365
PowerBI service Admin PowerBI (Defined in Azure AD/O365)
PowerBI Capacity Admin A single capacity Premium or Azure
PowerBI App Workspace Admin Single APP workspace
24. Roles – view only the relevant
information – additional security
layer
Roles are assigned in the PowerBI top menu, designed to customize which information can be viewed
based on DAX query filters
25. Roles the hard way –
PowerShell helps bringing governance
to life
Connect to Azure AD – the place where the access is managed
List of roles in tenant
Command:
Add the user to the role:
See what Dave is up to in his roles
26.
27. Who is Important Enough??
• For more information check PowerBI.com
• Or great webinar by Ted Pattison – MVP, who starts with all the licensing options Link
He is also speaking here
Free Pro License Premium License Report Server (SQL
2017 or PowerBI
Reporting)
Azure on demand
28. Report Distribution & Licensing as
presented in PASS 2018
Capacity Content Pro
User
Free
User
Shared Workspace
Shared Shared Report/ Dashboard
Shared App
Shared Embedded Report/ Dashboard
Premium Workspace
Premium Shared Report/ Dashboard P SKU
Premium App P SKU
Premium Embedded Report/ Dashboard EM or PSKU
*Publish to the web
29. Publishing vs Sharing
• Using PowerBI App – Allows
permissions, push to group,
selective publishing of
content, “production”
environment
• Publish content pack
• Publish to Web – an
addiction of many
• Embed in Azure
• Publish in the Report Server
30. Report Server security and
publishing
• Edit permissions from AD groups not O365 groups
• Publish report by folder
• Define refresh policies
31. Software Development Lifecycle
in PowerBI
Dataset
Reports
Dashboards PowerBI App
Workspace -
Dev
Workspace
Test
Dataset
Reports
Dashboards
Prod – Entire
organization
Group
Workspace Prod
Dataset
Reports
Dashboar
ds
Site
SharePoint/
Web
PowerApp
Selective
Publishing
Can Directly connect through API
32. Embedded
• Embed the Analytics in the PowerBI app
• Use the Azure to add the analytics to your app and analyze its usage
• https://azure.microsoft.com/en-us/services/power-bi-embedded/
• Decision making regarding the app usability, control and publishing
34. Visual Governance
• Branding – Why you should come to the Vancouver PowerBI user group
• Scott Stauffer presented in Nov
• Templates - Reports colors, Color scheme, fonts, frame sizes…
• Corporate Layouts -
• Pie Charts – do not use pie charts!
• Visual Templates – Entire workspace
• Max visuals per page
• Mobile page definitions
• Organizational Custom Visuals
Gallery (Feb release) (Amanda Cofsky)
35. Data Visualization Recommended Best practices (Rules)
• Do not use pie Charts (Storytelling with data)
• Use the 9 gestalt principles
• Add Tooltip
• Add Data Labels
• Avoid not necessary lines / colors
• One glance
37. The sneaky snake or the new pie
chart!
• Blog: Sciolistic Ramblings
• Usually Columns with line
will be enough
• Sensory overload of colors
and connections
From the blog Sciolistic Ramblings
LINK
39. (Release link
Sep)
Theme
• Colors
• Fonts
• Text Size
• Data Labels control (not for the custom
visuals)
• Report Theme Generator for the UI
Designers LINK
• Theme creation for the color match
challenged LINK
(Thank you Charles Sterling!!!)
40. What are the custom visuals and where to
find them?
How do we use them?
• Can be added as a file
• Can be added from the store
• Can be created
My Company store – Amanda Cofsky
(February release )
41. What can go wrong and how
governance helps?
• Filters -Not always filtering correctly –
specify which visuals are approved to use in your organization consider customizing
according to themes
• Usually Themes are not effective –
Decide if it is important and follow through/ customize with R
• Code might not be updated
Visuals review after every release or some of them by your PowerBI admin
• Maps support different coordinates
Data integrity for coordinates (I have manually changed in 134 buildings…)
• Mobile display
SDL in every PowerBI implementation
• R Scrip installation
• Dashboard crashing…too many visuals ahhh
Guidance specific to your organization on Dashboard and Reports UI
43. Which Enforcing
tools have we got?
• Templates and Visual Guides – can be
overridden
• Publishing methods are restricted (Premium
vs Pro)
• Monitor the views and reports –
• log view
• Embedded solution monitoring
• Create alerts and policies for suspicious
activity
• Applications across devices – Where the
application can be viewed – more control
• Blocked users
• Permissions
• Disable features
Requires PowerBI Admin portal with O365
Admin user
44. Enabling the
Governance
• Export and Sharing
• Can people publish to the
web?
• Can data be exported?
• PowerPoint is still in Preview,
should we use that, and risk
complains?
• Print settings
45. Audit Log in O365 Admin portal
• Audit log can be searched and accessed
• Separate PowerBI and O365 admin? Set a user to view audit log permission only,
export the relevant logs
46. Alert Policy for PowerBI in O365
Admin portal
• Setting alert rules by events such as:
• Publish to the web
• Create workspace
• Create reports
• Delete reports/datasets
• External users can be subscribed to
the alerts and notifications
• The severity can be changed
• Data can be exported
47. Usage Analytics Report – Odata
Feed
• Download the Template
form the usage analytics
site
• Find your tenant id
• Open PowerBI desktop
• Signin with your ID
• Upload everything and fix if
necessary for not updated
or blocked queries
• Publish! Separate
workspace is better
48. The result – Usage Analytics
Report (Excluding PowerBI)
49. Custom Applications are available
for PowerBI monitoring
• Adam Saxton presents the monitoring by Neal
Analytics
• Requires:
• Azure subscription
• PBI desktop
• PowerBI pro
• O365 admin
50. Audit Logs through Embedded and
Azure Create your own solution
• provides reporting on the entire PowerBI usage in the
organization
• No of users
• Users Accesses
• Access by date
• Data Refresh – scheduled and performed
• Gateway Lifecycle – active and used
• Pro Trial status (preview feature)
• Usability reports for each App
• Usability reports for dashboards
• User Access reports
52. Who published what when
and is it still active?
• The full list of all your
embed reports
• Who published them
and where can they be
found
• Usage and other metrics
in premium or the
PowerBI Imbedded on
Azure
53. Mobile App – Microsoft InTune
Software publisher & Android inTune
• Configuring publishing and
other app policies for PowerBI
mobile applications on iphone
• Adding Conditional Access
Features
• PowerBI Application in your
organization
• Corporate device enrollment
• Adding the App URL into the
Intune software
55. Access Reports about the Reports
• O365 Admin portal PowerBI Preview -
https://portal.office.com/adminportal/home#/reportsUsage
• AdminPortal in your PowerBI console online
https://app.powerbi.com/admin-portal
• Embeded via Azure
https://azure.microsoft.com/en-us/services/power-bi-embedded/
PowerBI Premium – control over performance and scale –
Organization wide control for access and queries
Enables Performance review – which reports and apps are the most used?
56. How fast is our dashboard?
• New Too- Performance Inspector
• Helps optimizing the performance
57.
58. Lessons Learned
• Design your governance policy ahead of starting – Framework
• Data Security
• Data Integrity
• Access
• Visual
• Monitoring
• Licensing decisions
• Design your KPI’s around PowerBI – Where are you going and why?
• Build the process automate it
59. Not the best Practices
Organizational Practice Result
To save on licensing cost, the reports are
simply shared via SharePoint and emails
using the Share to Web
Cashing and importing all the data
instead of using direct query
Not creating the mobile view
Creating a group for each report
Overloading custom queries and heavy
visualization
The cashed data is completely exposed
The data synchronization is done to multiple
sources resulting data caps reached
The data quote of 10G per group is running out, the data
sets cannot be updated anymore
Data Integrity in case of no Sync or communication lost
for live DB
Frustrated mobile users – adoption is affected
Too much mobile data used
Presentation is not fir for screen
Shared data cannot be viewed, report versions are
becoming common, leads to lack of single source of truth in
visualization
Slow performing reports, error messages when some data
access might be wrong
60. 1. What Business Question does the visualization help us solve?
2. What data driven decision will it help making?
3. Who is going to see the data visualization?
4. Where is the data coming from?
Summary not just for the
Governance part…
• Policies
• Rules and regulations
• Frequent reports
• Check where does Dave belong and create processes
around adding and terminating employees and partners
61. Data Sources:
• PowerBI.com – community, blog, site
• Guy in the Cube https://www.youtube.com/watch?v=PQRbdJgEm3k
• ignite 2017 Governance in PowerBI
https://www.youtube.com/watch?v=G6yZigZ2Jt8
• Brett Powell MVP Frontline Analytics
https://insightsquest.com/2017/09/30/power-bi-enterprise-deploy-and-govern-
presentation-from-ignite-2017/
• Mastering Microsoft PowerBI https://www.amazon.com/Mastering-Microsoft-
Power-Brett-
Powell/dp/1788297237/ref=sr_1_1?s=books&ie=UTF8&qid=1510881535&sr=1-
1&keywords=mastering+power+bi
• PowerBI Data Governance White paper- https://docs.microsoft.com/en-
us/power-bi/service-admin-governance