Register and scan a Power BI tenant (preview)
This article shows how to use Azure Purview portal to register and scan a Power BI tenant.
If the Purview instance and the Power BI tenant are in the same Azure tenant, you can only use managed identity (MSI) authentication to set up a scan of a Power BI tenant.
Create a security group for permissions
To set up authentication, create a security group and add the Purview managed identity to it.
In the Azure portal, search for Azure Active Directory.
Create a new security group in your Azure Active Directory, by following Create a basic group and add members using Azure Active Directory.
You can skip this step if you already have a security group you want to use.
Select Security as the Group Type.
Add your Purview managed identity to this security group. Select Members, then select + Add members.
Search for your Purview managed identity and select it.
You should see a success notification showing you that it was added.
Associate the security group with the tenant
Log into the Power BI admin portal.
Select the Tenant settings page.
You need to be a Power BI Admin to see the tenant settings page.
Select Admin API settings > Allow service principals to use read-only Power BI admin APIs (Preview).
Select Specific security groups.
When you allow the security group you created (that has your Purview managed identity as a member) to use read-only Power BI admin APIs, you also allow it to access the metadata (e.g. dashboard and report names, owners, descriptions, etc.) for all of your Power BI artifacts in this tenant. Once the metadata has been pulled into the Azure Purview, Purview's permissions, not Power BI permissions, determine who can see that metadata.
You can remove the security group from your developer settings, but the metadata previously extracted won't be removed from the Purview account. You can delete it separately, if you wish.
Register your Power BI and set up a scan
Now that you've given the Purview Managed Identity permissions to connect to the Admin API of your Power BI tenant, you can set up your scan from the Azure Purview Studio.
First, add a special feature flag to your Purview URL
Select the Management Center icon.
Then select + New on Data sources.
Select Power BI as your data source.
Give your Power BI instance a friendly name.
The name must be between 3-63 characters long and must contain only letters, numbers, underscores, and hyphens. Spaces aren't allowed.
By default, the system will find the Power BI tenant that exists in the same Azure subscription.
For Power BI, data source registration and scan is allowed for only one instance.
Give your scan a name. Notice that the only authentication method supported is Managed Identity.
The scan name must be between 3-63 characters long and must contain only letters, numbers, underscores, and hyphens. Spaces aren't allowed.
Set up a scan trigger. Your options are Once, Every 7 days, and Every 30 days.
On Review new scan, select Save and Run to launch your scan.