在组织内使用审核Using auditing within your organization

了解如何使用 Power BI 的审核功能来监测和调查采取的操作。Learn how you can use auditing with Power BI to monitor and investigate actions taken. 可以使用安全性和符合性中心或使用 PowerShell。You can use the Security and Compliance Center or use PowerShell.

了解 Power BI 租户中谁正在对何项目执行何种操作对帮助组织满足其需求非常关键(如满足法规遵从性和记录管理需求)。Knowing who is taking what action on which item in your Power BI tenant can be critical in helping your organization fulfill its requirements, such as meeting regulatory compliance and records management.

可按日期范围、用户、仪表板、报表、数据集和活动类型筛选审核数据。You can filter the audit data by date range, user, dashboard, report, dataset and activity type. 还可将活动下载到 CSV(逗号分隔值)文件供脱机分析。You can also download the activities in a csv (comma separated value) file to analyze offline.

备注

Power BI 中的审核功能处于预览阶段,适用于所有数据区域。The auditing feature in Power BI is in preview and is available in all data regions.

要求Requirements

必须满足以下要求才能访问审核日志:You must meet these requirements to access audit logs:

  • 若要访问 Office 365 安全性和符合性中心的审核部分,必须具有 Exchange Online 许可证(Office 365 企业版 E3 和 E5 订阅已随附)。To access the auditing section of the Office 365 Security & Compliance Center, you must have an Exchange Online license (included with Office 365 Enterprise E3 and E5 subscriptions).
  • 或者,必须是全局管理员,或者是有权访问审核日志的 Exchange 管理员角色。You must either be a global admin or have an Exchange admin role that provides access to the audit log.

    Exchange 管理员角色通过 Exchange 管理员中心进行控制。Exchange admin roles are controlled through the Exchange admin center. 有关详细信息,请参阅 Exchange Online 中的权限For more information, see Permissions in Exchange Online.

  • 如果你有权访问审核日志但不是全局管理员或 Power BI 服务管理员,则无法访问 Power BI 管理员门户。If you have access to the audit log but are not a global admin or Power BI Service admin, you will not have access to the Power BI Admin portal. 在这种情况下,必须获取 Office 365 安全性和符合性中心的直接链接。In this case, you must get a direct link to the Office 365 Security & Compliance Center.

在 Power BI 管理门户中启用审核功能Enabling auditing functionality in the Power BI admin portal

需要为组织启用审核才能使用这些报表。You will need to enable auditing for your organization in order to work with the reports. 可在管理门户的租户设置中执行此操作。You can do this within the tenant settings of the admin portal.

  1. 选择右上角的“齿轮图标”。Select the gear icon in the upper right.

  2. 选择管理门户Select Admin Portal.

  3. 选择“租户设置”。Select Tenant settings.

  4. 开启“为内部活动审核和合规目的创建审核日志”。Switch on Create audit logs for internal activity auditing and compliance purposes.

  5. 选择应用Select Apply.

Power BI 开始记录你的用户在 Power BI 中执行的各种活动。Power BI will start logging various activities that your users perform in Power BI. 日志将在 48 小时内显示于 O365 安全与合规中心。The logs take up to 48 hours to show up in the O365 Security & Compliance Center. 有关所记录活动的详细信息,请参阅 Power BI 审核的活动列表For more information about what activities are logged, see List of activities audited by Power BI.

备注

若要在租户中启用 Power BI 审核功能,则租户中需要至少有一个 Exchange 邮箱许可证。To enable auditing for Power BI in your tenant, you need at least one exchange mailbox license in your tenant.

访问审核日志Accessing your audit logs

若要审核 Power BI 日志,必须访问 O365 安全与合规中心。To audit your Power BI logs, you must visit the O365 Security & Compliance Center.

  1. 选择右上角的“齿轮图标”。Select the gear icon in the upper right.

  2. 选择管理门户Select Admin Portal.

  3. 选择“审核日志”。Select Audit logs.

  4. 选择“转到 O365 管理中心”。Select Go to O365 Admin Center.

或者,可以浏览到 Office 365 | 安全与合规Alternatively, you can browse to Office 365 | Security & Compliance.

备注

若要对非管理员帐户提供审核日志的访问权限,则必须在 Exchange Online 管理中心内分配权限。To provide non-administrator accounts with access to the audit log, you will need to assign permissions within the Exchange Online Admin Center. 例如,可以将用户分配至“组织管理”等现有角色组,或者可以创建一个新的包含“审核日志”角色的角色组。For example, you could assign a user to an existing role group, such as Organization Management, or you could create a new role group with the Audit Logs role. 有关详细信息,请参阅 Exchange Online 中的权限For more information, see Permissions in Exchange Online.

仅搜索 Power BI 活动Search only Power BI activities

执行以下操作可将结果限制为仅含 Power BI 活动。You can restrict results to only Power BI activities by doing the following.

  1. 在“审核日志搜索”页上,选择“搜索”下的“活动”下拉列表。On the Audit log search page, select the drop down for Activities under Search.

  2. 选择“PowerBI 活动”。Select PowerBI activities.

  3. 选择选框外任意位置以将其关闭。Select anywhere outside of the selection box to close it.

搜索现仅筛选 Power BI 活动。Your searches will now be filtered to only Power BI activities.

按日期搜索审核日志Search the audit logs by date

可使用“开始日期”和“结束日期”字段按日期范围搜索日志。You can search the logs by date range using the “Start date” and “End date” field. 默认选择过去七天。The last seven days are selected by default. 将以协调世界时 (UTC) 格式显示日期和时间。The date and time are presented in Coordinated Universal Time (UTC) format. 可以指定的最大日期范围为 90 天。The maximum date range that you can specify is 90 days. 如果所选日期范围大于 90 天,将显示错误。An error is displayed if the selected date range is greater than 90 days.

备注

如果使用最大日期范围 90 天,请选择当前时间作为“开始日期”。If you're using the maximum date range of 90 days, select the current time for the Start date. 否则将收到错误,提醒开始日期早于结束日期。Otherwise, you'll receive an error saying that the start date is earlier than the end date. 如果你在最近 90 天内开启了审核,则最大日期范围不能从开启审核的日期之前开始。If you've turned on auditing within the last 90 days, the maximum date range can't start before the date that auditing was turned on.

按用户搜索审核日志Search the audit logs by users

可搜索特定用户所执行活动的审核日志条目。You can search for audit log entries for activities performed by specific users. 若要执行此操作,请在“用户”字段中输入一个或多个用户名。To do this, enter one or more user names in the “Users” field. 即其用于登录 Power BI 的用户名。This would be the username that they sign into Power BI with. 其外观类似电子邮件地址。It looks like an email address. 将此框留空以返回组织中所有用户(和服务帐户)的条目。Leave this box blank to return entries for all users (and service accounts) in your organization.

查看搜索结果Viewing search results

点击搜索按钮后,将加载搜索结果并随即将其显示在“结果”之下。Once you hit the search button, the search results are loaded and after a few moments they are displayed under Results. 搜索完成后,将显示找到的结果数。When the search is finished, the number of results found is displayed.

备注

将显示最多 1000 个事件;如果满足搜索条件的事件超过 1000 个,则会 显示最新的 1000 个事件。A maximum of 1000 events will be displayed; if more than 1000 events meet the search criteria, the newest 1000 events are displayed.

结果包含有关搜索返回的每个事件的以下信息。The results contain the following information about each event returned by the search.

Column 定义Definition
日期Date 事件发生的日期和时间(UTC 格式)。The date and time (in UTC format) when the event occurred.
IP 地址IP address 记录活动记时所用设备的 IP 地址。The IP address of the device that was used when the activity was logged. IP 地址以 IPv4 或 IPv6 地址格式显示。The IP address is displayed in either an IPv4 or IPv6 address format.
用户User 执行触发该事件的操作的用户(或服务帐户)。The user (or service account) who performed the action that triggered the event.
活动Activity 用户执行的活动。The activity performed by the user. 此值对应于“活动”下拉列表所选的活动。This value corresponds to the activities that you selected in the Activitiesdrop down list. 对于来自于 Exchange 管理审核日志的事件,此列中的值为 Exchange cmdlet。For an event from the Exchange admin audit log, the value in this column is an Exchange cmdlet.
Item 相应活动导致创建或修改的对象。The object that was created or modified as a result of the corresponding activity. 例如,已查看或修改的文件,或已更新的用户帐户。For example, the file that was viewed or modified or the user account that was updated. 并非所有活动在此列中都具有值。Not all activities have a value in this column.
详细信息Detail 有关活动的其他详细信息。Additional detail about an activity. 同样,并非所有活动都具有此值。Again, not all activities will have a value.

备注

在“结果”下选择一个列标题以对结果进行排序。Select a column header under Results to sort the results. 可按从 A 到 Z 或从 Z 到 A 的顺序对结果进行排序。单击“日期”标题可按从旧到新或从新到旧的顺序对结果进行排序。You can sort the results from A to Z or Z to A. Click the Date header to sort the results from oldest to newest or newest to oldest.

查看事件的详细信息View the details for an event

在搜索结果列表中选择事件记录,可查看有关该事件的更多详细信息。You can view more details about an event by selecting the event record in the list of search results. 随即显示详细信息页,该页包含事件记录中的详细属性。A details page is displayed that contains the detailed properties from the event record. 所显示的属性取决于事件发生于的 Office 365 服务。The properties that are displayed depend on the Office 365 service in which the event occurs. 若要显示其他详细信息,请选择“更多信息”。To display additional details, select More information.

下表详细介绍了可能会显示的内容。The following table provides details on that you may see displayed.

参数或事件Parameter or Event 说明Description 其他详细信息Additional Details
已下载 Power BI 报表Downloaded Power BI report 每次下载报表时都将记录此活动This activity is logged every time a report is downloaded 报表名称、数据集名称Report Name, Dataset Name
创建报表Create report 每次创建新的报表时都将记录此活动。This activity is logged every time a new report is created. 报表名称、数据集名称Report Name, Dataset Name
编辑报表Edit Report 每次编辑报表时都将记录此活动。This activity is logged every time a report is edited. 报表名称、数据集名称Report Name, Dataset Name
创建数据集Create dataset 每次创建数据集时都将记录此活动。This activity is logged every time a dataset is created. 数据集名称、DataConnectivityModeDataset Name, DataConnectivityMode
删除数据集Delete Dataset 每次删除数据集时都将记录此活动。This activity is logged every time a dataset is deleted. 数据集名称、DataConnectivityModeDataset Name, DataConnectivityMode
创建 Power BI 应用Create Power BI app 每次创建 Power BI 应用时都将记录此活动This acitivity is logged every time a Power BI app is created 应用名称、权限、工作区名称App name, Permissions, Workspace Name
安装 Power BI 应用Install Power BI app 每次安装 Power BI 应用时都将记录此活动This activity is logged every time a Power AI app installed 应用名称App name
更新 Power BI 应用Update Power BI app 每次更新 Power BI 应用时都将记录此活动This activity is logged every time a Power app in updated 应用名称、权限、工作区名称App name, Permissions, Workspace Name
已启动 Power BI 延期试用版Started Power BI extended trial 每次用户接受运行有效期至 2018 年 5 月 31 日的 Pro 延期试用版时都将记录此活动This activity is logged every time an user accepts the extended pro trial that runs until May 31 2018
已分析 Power BI 数据集Analyzed Power BI dataset 每次在 Excel 中分析 Power BI 数据集时都将记录此活动。This activity is logged every time a Power BI dataset is analyzed in Excel.
已创建 Power BI 网关Created Power BI gateway 每次创建新的网关时都将记录此活动。This activity is logged every time a new gateway is created. 网关名称、网关类型Gateway Name, Gateway Type
已删除 Power BI 网关Deleted Power BI gateway 每次删除网关时都将记录此活动。This activity is logged every time a gateway is deleted. 网关名称、网关类型Gateway Name, Gateway Type
已将数据源添加到 Power BI 网关Added Data source to Power BI gateway 每次将数据源添加到网关时都将记录此活动This activity is logged every time a data source in added to the gateway 网关名称、网关类型、数据源名称、数据源类型Gateway Name, Gateway Type, Datasource Name, Datasource Type
已从 Power BI 网关删除数据源Removed data source from Power BI gateway 每次从网关删除数据源时都将记录此活动This activity is logged every time a data source is removed from a gateway 网关名称、网关类型、数据源名称、数据源类型Gateway Name, Gateway Type, Datasource Name, Datasource Type
已更改 Power BI 网关管理员Changed Power BI gateway admins 每次更改(添加/删除)网关的管理员时都会记录此活动This activity is logged every time the admins of a gateway are changed (added/removed) 网关名称、添加的用户、删除的用户Gateway Name, Users Added, Users Removed
已更改 Power IB 网关数据源用户Changed Power IB gateway data source users 每次更改(添加/删除)网关的用户时都会记录此活动This activity is logged every time the users of a gateway are changed (added/removed) 网关名称、添加的用户、删除的用户Gateway Name, Users Added, Users Removed
SetScheduledRefreshSetScheduledRefresh 每次为数据集安排新的计划刷新时都将记录此活动This activity is logged every time a new refresh is scheduled for a dataset 数据集名称、刷新频率(以分钟为单位)Dataset Name, Refresh Frequency (in minutes)

可以使用 PowerShell 基于你的登录访问审核日志。You can use PowerShell to access the audit logs based on your login. 该操作通过访问 Exchange Online 完成。This is done by accessing Exchange Online. 以下是拉取 Power BI 审核日志条目的命令示例。Here is an example of a command to pull Power BI audit log entries.

备注

为了使用 New-PSSession 命令,你的帐户需要分配有一个 Exchange Online 许可证,并且你需要访问租户的审核日志。In order to use the New-PSSession command, your account needs to have an Exchange Online license assigned to it and you need access to the audit log for your tenant.

Set-ExecutionPolicy RemoteSigned

$UserCredential = Get-Credential

$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection

Import-PSSession $Session
Search-UnifiedAuditLog -StartDate 9/11/2016 -EndDate 9/15/2016 -RecordType PowerBI -ResultSize 1000 | Format-Table | More

有关连接到 Exchange Online 的详细信息,请参阅连接到 Exchange Online PowerShellFor more information on connecting to Exchange Online, see Connect to Exchange Online PowerShell.

有关 Search-UnifiedAuditLog 命令的参数和使用方法的详细信息,请参阅 Search-UnifiedAuditLogFor more information about parameters and usage of the Search-UnifiedAuditLog command, see Search-UnifiedAuditLog.

若要查看使用 PowerShell 搜索审核日志,然后基于条目分配 Power BI Pro 许可证的示例,请参阅 Using Power BI audit log and PowerShell to assign Power BI Pro licenses(使用 Power BI 审核日志和 PowerShell 以分配 Power BI Pro 许可证)。To see an example of using PowerShell to search the audit log and then assign Power BI Pro licenses based on entries, see Using Power BI audit log and PowerShell to assign Power BI Pro licenses.

导出 Power BI 审核日志Export the Power BI audit log

可将 Power BI 审核日志导出到 CSV 文件。You can export the Power BI audit log to a csv file.

  1. 选择“导出结果”。Select Export results.

  2. 选择“保存已加载结果”或“下载所有结果”。Select either Save loaded results or Download all results.

记录类型和用户类型Record and user types

审核日志条目会将 RecordType 和 UserType 作为条目详细信息的一部分。Audit log entries will have a RecordType and UserType as part of the details for the entry. 所有 Power BI 条目都将具有值为 20 的 RecordType。All Power BI entries will have a RecordType of 20.

有关完整列表,请参阅 Office 365 审核日志中的详细属性For a full listing, see Detailed properties in the Office 365 audit log

Power BI 审核的活动列表List of activities audited by Power BI

活动Activity 说明Description 更多详情Additional details
CreateDashboardCreateDashboard 每次创建新仪表板时都将记录此活动。This activity is logged every time a new dashboard is created. - 仪表板名称。- Dashboard name.
EditDashboardEditDashboard 每次重命名仪表板时都将记录此活动。This activity is logged every time a dashboard is renamed. - 仪表板名称。- Dashboard name.
DeleteDashboardDeleteDashboard 每次删除仪表板时都将记录此活动。This activity is logged every time a dashboard is deleted. - 仪表板名称。- Dashboard name.
PrintDashboardPrintDashboard 每次打印仪表板时都将记录该事件。This event is logged every time that a dashboard is printed. - 仪表板名称。- Dashboard name.
- 数据集名称- Dataset name
ShareDashboardShareDashboard 每次共享仪表板时都将记录此活动。This activity is logged every time a dashboard is shared. - 仪表板名称。- Dashboard name.
-收件人电子邮件。-Recipient Email.
- 数据集名称。- Dataset name.
- 重新共享权限。- Reshare permissions.
ViewDashboardViewDashboard 每次查看仪表板时都将记录此活动。This activity is logged every time a dashboard is viewed. - 仪表板名称。- Dashboard name.
ExportTileExportTile 每次从仪表板磁贴中导出数据时都会记录该事件。This event is logged every time data is exported from a dashboard tile. - 磁贴名称。- Tile name.
- 数据集名称。- Dataset name.
DeleteReportDeleteReport 每次删除报表时都将记录此活动。This activity is logged every time a report is deleted. - 报表名称。- Report name.
ExportReportExportReport 每次从报表磁贴中导出数据时都会记录该事件。This event is logged every time data is exported from a report tile. - 报表名称。- Report name.
- 数据集名称。- Dataset name.
PrintReportPrintReport 每次打印报表时都将记录该事件。This event is logged every time that a report is printed. - 报表名称。- Report name.
- 数据集名称。- Dataset name.
PublishToWebReportPublishToWebReport 每次将报表发布到 Web 时都将记录该事件。This event is logged every time that a report is Published To Web. - 报表名称。- Report Name.
- 数据集名称。- Dataset name.
ViewReportViewReport 每次查看报表时都将记录此活动。This activity is logged every time a report is viewed. - 报表名称。- Report name.
ExploreDatasetExploreDataset 每次选中数据集进行浏览时都将记录该事件。This event is logged every time you explore a dataset by selected it. - 数据集名称- Dataset name
DeleteDatasetDeleteDataset 每次删除数据集时都将记录该事件。This event is logged every time a dataset is deleted. - 数据集名称。- Dataset name.
CreateOrgAppCreateOrgApp 每次创建组织内容包时都将记录此活动。This activity is logged every time an organizational content pack is created. - 组织内容包名称。- Organizational Content Pack name.
- 仪表板名称。- Dashbaord names.
- 报表名称。- Report names.
- 数据集名称。- Dataset names.
CreateGroupCreateGroup 每次创建组时都将触发此活动。This activity is fired every time a group is created. - 组名称。- Group name.
AddGroupMembersAddGroupMembers 每次将成员添加到 Power BI 组工作区时都将记录此活动。This activity is logged every time a member is added to a Power BI group workspace. - 组名称。- Group name.
- 电子邮件地址。- Email addresses.
UpdatedAdminFeatureSwitchUpdatedAdminFeatureSwitch 每次更改管理功能开关时都将记录该事件。This event is logged every time an admin feature switch is changed. - 开关名称。- Switch name.
- 新的开关状态。- New switch state.
OptInForProTrialOptInForProTrial 当用户选择在服务中试用 Power BI Pro,将记录此事件。This event is logged when a user choses to try Power BI Pro within the service. - 电子邮件地址- email address

后续步骤Next steps

Power BI 管理门户Power BI Admin Portal
Power BI Premium 有哪些特权?Power BI Premium - what is it?
购买 Power BI ProPurchasing Power BI Pro
Exchange Online 中的权限Permissions in Exchange Online
连接到 Exchange Online PowerShellConnect to Exchange Online PowerShell
Search-UnifiedAuditLogSearch-UnifiedAuditLog
Office 365 审核日志中的详细属性Detailed properties in the Office 365 audit log

更多问题?More questions? 尝试咨询 Power BI 社区Try asking the Power BI Community