Data protection enhancements

Enabled for Public preview General availability
Users by admins, makers, or analysts Apr 30, 2021 -

Business value

Providing data protection capabilities in Power BI is critical to enabling our customers to control and protect their sensitive enterprise data. In Power BI, we've integrated Microsoft’s leading security solutions for information protection, threat protection, and Microsoft cloud app security.

Feature details

We've already implemented the following data protection features:

  • Allowing customers to classify and label sensitive data in Power BI
  • Applying sensitivity labels and protection to Power BI Desktop files (.pbix)
  • Persisting labels and protection throughout the Power BI service and in the mobile apps, and when content is exported to Excel, PowerPoint, PDF, and live connections to Excel files
  • Supporting inheritance of labels between artifacts, starting with inheritance upon creation of new Power BI assets
  • Enforcing label-specific permissions when data is exported out of Power BI
  • Monitoring of user access and activity including real-time risk analysis and protection

We’re continuing to invest in data protection and plan to introduce additional capabilities, such as:

  • Downstream inheritance of labels within Power BI projects. When applying a label on a certain asset (such as a dataset), connected downstream assets (reports, dashboards) will inherit that label.
  • Ability to persist sensitivity labels and enforce protection in Power BI Embedded (SaaS embedding).
  • Providing APIs for administrators to retrieve asset sensitivity labels.
  • Requiring the use of labels when content is created or edited in the Power BI service. This feature is managed by administrators who can turn it on and off.
  • Sensitivity labels in Power BI on government clouds (GCC, GCCH, and DOD).

See also

Data protection in Power BI (docs)