Power BI for US government customers

This article is for US government customers who are deploying Power BI as part of a Microsoft 365 Government plan. Government plans are designed for the unique needs of organizations that must meet US compliance and security standards.

The Power BI service that's designed for US government customers differs from the commercial version of the Power BI service. These feature differences and capabilities are described in the following sections.

Note

Before you can get a Power BI US government subscription and assign licenses to users, you have to enroll in a Microsoft 365 Government plan. If your organization already has a Microsoft 365 Government plan, skip ahead to Buy a Power BI Pro subscription for government customers.

Government cloud instances

If you're a new customer, you have to validate your organization's eligibility before you can sign up for a Microsoft 365 Government plan. Get started by completing the Microsoft 365 for Government eligibility validation form.

Microsoft 365 provides different environments for government agencies to meet varying compliance requirements. To ensure that you're selecting the right plan for your organization, consult the Microsoft 365 US Government service description for each environment:

Note

If you've already deployed Power BI to a commercial environment and want to migrate to the US government cloud, you'll need to add a new Power BI Pro or Premium Per User (PPU) subscription to your Microsoft 365 Government plan. Next, replicate the commercial data to the Power BI service for US government, remove commercial license assignments from user accounts, and then assign a Power BI Pro government license to the user accounts.

Buy a Power BI Pro subscription for government customers

After you've deployed Microsoft 365, you can add a Power BI Pro subscription. To buy the Power BI Pro government service, follow the guidance in Enroll your US government organization. Buy enough licenses for all the users who need to use Power BI, and then assign the licenses to individual user accounts.

Important

Power BI US Government isn't available as a Free license. To access the government community cloud, each user must be assigned a Pro or Premium Per User (PPU) license. If a user account has been assigned a Free license, the user is authorized to access only the commercial cloud and will encounter authentication and access issues.

If you've purchased Power BI Premium, you don't have to assign Pro licenses to enable user access. Users in the organization can access reports that are shared with them, as long as the reports are published to a Premium capacity.

To review the differences between license types, see Power BI service features by license type.

Sign in to Power BI for US government

The URLs for connecting to Power BI differ for government users and commercial users. To sign in to the correct Power BI version, use one of the following URLs:

Your account might be set up in more than one cloud. If your account is set up that way, when you sign in to Power BI Desktop, you can choose which cloud to connect to.

Tip

In this video, Using Power BI Desktop in government clouds, Technical Specialist Steve Winward shows how you can apply a registry setting to go directly to the right cloud endpoint for your environment. The registry key settings to bypass the global discovery endpoint are shared on GitHub.

Allow connections to Power BI

To use the Power BI service, you must allow connections to required endpoints on the internet. These destinations have to be reachable to enable communication between your own network, Power BI, and other dependent services.

The following table lists the required endpoints to add to your allowlist to enable connection to the Power BI service for general site usage. These endpoints are unique to the US government cloud. The Power BI service requires only Transmission Control Protocol (TCP) port 443 to be opened for the listed endpoints.

The endpoints for getting data, dashboard and report integration, Power BI visuals, and other optional services aren’t unique to the US government cloud.

To add these URLs to your allowlist also, see Add Power BI URLs to your allowlist.

Authentication, identity, and administration for Power BI depend on connectivity to Microsoft 365 services. You also have to connect to Microsoft 365 to view audit logs. To identify the endpoints for these services, see "Microsoft 365 integration" in the following table:

Power BI URLs for general site usage

Purpose Destination
Back-end APIs GCC: api.powerbigov.us
GCC High: api.high.powerbigov.us
DoD: api.mil.powerbigov.us
Back-end APIs GCC: *.analysis.usgovcloudapi.net
GCC High: *.high.analysis.usgovcloudapi.net
DoD: *.mil.analysis.usgovcloudapi.net
Back-end APIs All: *.pbidedicated.usgovcloudapi.net
Content Delivery Network (CDN) GCC: gov.content.powerapps.us
GCC High: high.content.powerapps.us
DoD: mil.content.powerapps.us
Microsoft 365 integration GCC: Worldwide endpoints
GCC High: US Government GCC High endpoints
DoD: US Government DOD endpoints
Portal GCC: *.powerbigov.us
GCC High: *.high.powerbigov.us
DoD: *.mil.powerbigov.us
Service telemetry All: dc.services.visualstudio.us
Informational messages (optional) All: dynmsg.modpim.com
NPS surveys (optional) All: nps.onyx.azure.net

Connect government and global Azure cloud services

Azure is distributed across multiple clouds. By default, you can enable firewall rules to open a connection to a cloud-specific instance, but cross-cloud networking is different. To communicate between services in the public cloud and services in the Government Community Cloud, you have to configure specific firewall rules. For example, if you want to access public cloud instances of a SQL database from your government cloud deployment of Power BI, you need a firewall rule in the SQL database. Configure specific firewall rules for SQL databases to allow connections to the Azure Government Cloud for the following datacenters:

  • USGov Iowa
  • USGov Virginia
  • USGov Texas
  • USGov Arizona
  • US DoD East
  • US DoD Central

To get the US government cloud IP ranges, download the Azure IP Ranges and Service Tags – US Government Cloud file. Ranges are listed for both Power BI and Power Query.

For more information about Microsoft Azure Government cloud services, see Azure Government documentation.

To set up firewalls for SQL databases, see Create and manage IP firewall rules.

Power BI feature availability

To accommodate the requirements of government cloud customers, government plans differ from commercial plans in some respects. Our goal is to make all features available in government clouds within 30 days of general availability. In a few cases, underlying dependencies prevent us from making a feature available.

The following table lists features that aren't yet available in a particular government environment or that are available with limited functionality. The table uses the following keys:

Key Description
Image of an "Available" button, a checkmark indicating that the listed item is available. The feature is available in the environment, and any exceptions are defined in footnotes.
Image of a "Not available" button, an "x" sign indicating that the listed item is not available. The feature isn't available in the environment, and we don't have an estimated time frame for delivery.

If a release is planned for an environment, we include the quarter of estimated availability.

Feature GCC GCC High DoD
Azure B2B collaboration between government and commercial cloud1 Image of "Available" button. Image of "Available" button. Image of "Available" button.
Template apps2 Image of "Available" button. Image of "Available" button. Image of "Available" button.
Embed in SharePoint Online by using the Power BI web part Image of "Available" button. Image of "Available" button. Image of "Not available" button.
Data Protection (MIP labels) Image of "Available" button. Image of "Available" button. Image of "Available" button.
Dataflows - Direct Query Image of "Available" button. Image of "Available" button. Not planned
Dataflows - SQL Compute engine optimization Image of "Available" button. Image of "Available" button. Not planned
Power BI tab in Teams3 Image of "Available" button. Image of "Not available" button. Image of "Not available" button.
Large models Image of "Available" button. Image of "Available" button. Not planned
Call Quality Data Connector CY2021-Q4 CY2021-Q4 CY2021-Q4
Bring your own storage (Azure Data Lake Gen 2) Image of "Not available" button. Image of "Available" button. Image of "Available" button.
Tenant metadata scanning flow4 Image of "Not available" button. Image of "Not available" button. Image of "Not available" button.

1 Although B2B collaboration is available for GCC, external users must be issued a license in that environment. Commercial cloud licenses aren't valid in GCC. For more information about known limitations with B2B collaboration for US government, see Compare Azure Government and global Azure.

2 Because marketplace apps aren't available to US government cloud instances, template apps are limited to private and organizational apps.

3 The Power BI experience in Teams for GCC is limited. It works only for classic workspaces and doesn't include the enhanced functionality that's described in Embed Power BI content in Microsoft Teams.

4 The tenant metadata scanning flow is composed of the following Power BI REST APIs: getmodifiedworkspaces, getscanresult, getscanstatus, and postworkspaceinfo. These APIs are not supported in sovereign clouds.

Next steps