Data protection enhancements - Centralized Power BI DLP policies

  • Article

Important

This content is archived and is not being updated. For the latest documentation, go to What's new in Power BI?. For the latest release plans, go to Dynamics 365 and Microsoft Power Platform release plans.

Enabled for Public preview General availability
Users by admins, makers, or analysts Dec 31, 2021 -

Business value

Centralized Power BI data loss prevention (DLP) policies enable organizations to better control and protect their sensitive enterprise data by leveraging Microsoft's leading security solutions.

Feature details

Providing data protection capabilities in Power BI is critical to enabling our customers to control and protect their sensitive enterprise data. In Power BI, we've been leading the landscape with data protection capabilities by integrating with Microsoft’s leading security solutions for information protection, threat protection, and cloud app security.

We've already implemented the following data protection features:

  • Allowing customers to classify and label sensitive data in Power BI with sensitivity labels from Microsoft Purview Information Protection.
  • Allowing the application of sensitivity labels and protection to Power BI Desktop files (.pbix).
  • Persisting MIP sensitivity labels and protection throughout the Power BI service and mobile apps, when viewing Power BI reports in Teams and SharePoint, and when content is exported to Excel, PowerPoint, and PDF.
  • Persisting MIP sensitivity labels and protection in live connections to Excel files.
  • Supporting inheritance of labels between artifacts, starting with inheritance upon creation of new Power BI assets.
  • Enforcing label-specific permissions when data is exported out of Power BI.
  • Monitoring user access and activity, including real-time risk analysis and protection.
  • Adding downstream inheritance of labels within Power BI projects. When applying a label on a certain asset (such as a dataset), connected downstream assets (reports, dashboards) will also inherit that label.
  • Persisting sensitivity labels and enforcing protection in Power BI Embedded (SaaS embedding).
  • Providing an API for administrators to retrieve asset MIP sensitivity labels and an API to set/remove MIP sensitivity labels on an asset.
  • Requiring the use of labels when content is created or edited in the Power BI service. This feature is managed by administrators in Microsoft 365 compliance, who can turn it on and off.
  • Applying a default MIP sensitivity label policy that sets the default label on a Power BI file when the user creates a new file or edits the file without a sensitivity label in Power BI Desktop. This feature is managed by administrators in Microsoft 365 compliance, who can turn it on and off.
  • Providing sensitivity labels in Power BI on government clouds (GCC, GCCH, and DOD).
  • Providing protection while getting data from Excel files by using MIP sensitivity labels.
  • Enabling the application of an Excel file's sensitivity labels on downstream Power BI datasets and reports.

We're continuing to invest in data protection and will introduce the following additional capabilities, allowing organizations across various industries to use the most sensitive data while adhering to company policies and ensuring data security. We'll extend capabilities to support more restrictive and demanding security and compliance requirements.

These capabilities include:

  • Centralized Power BI data loss prevention (DLP) policies that enable security administrators to apply their organization's DLP policies in the Power BI service using the Microsoft Purview compliance portal.
  • Automatically triggering DLP actions according to the Microsoft Purview Information Protection sensitivity label of the content. Some examples include triggering alerts for security administrators and providing users with policy tips or warnings.
  • Auto-detecting sensitive information by scanning the content or analyzing the content's data sources is coming soon.
  • The addition of new DLP actions to automatically apply MIP sensitive labels is coming soon.

See also

Learn about new centralized data loss prevention policies (video)

Data loss prevention policies for Power BI preview (docs)