在組織內使用稽核Using auditing within your organization

了解您可以如何使用 Power BI 的稽核來監視和調查所執行的動作。Learn how you can use auditing with Power BI to monitor and investigate actions taken. 您可以使用安全與合規性中心或使用 PowerShell。You can use the Security and Compliance Center or use PowerShell.

了解誰正在對 Power BI 租用戶的哪個項目採取什麼動作,可能對於幫助貴組織符合其需求,例如符合法規合規性與記錄管理等而言極為重要。Knowing who is taking what action on which item in your Power BI tenant can be critical in helping your organization fulfill its requirements, such as meeting regulatory compliance and records management.

您可以依日期範圍、使用者、儀表板、報表、資料集和活動類型來篩選稽核資料。You can filter the audit data by date range, user, dashboard, report, dataset and activity type. 您也可以用 csv (逗號分隔值) 檔案下載活動以便離線分析。You can also download the activities in a csv (comma separated value) file to analyze offline.

注意

Power BI 的稽核功能目前為預覽狀態,且所有資料區域皆可使用。The auditing feature in Power BI is in preview and is available in all data regions.

需求Requirements

您必須符合這些需求才能存取稽核記錄:You must meet these requirements to access audit logs:

  • 若要存取 Office 365 安全性與合規性中心的稽核區段,您必須具有 Exchange Online 授權 (隨附於 Office 365 Enterprise E3 和 E5 訂用帳戶)。To access the auditing section of the Office 365 Security & Compliance Center, you must have an Exchange Online license (included with Office 365 Enterprise E3 and E5 subscriptions).
  • 您必須是全域管理員或擁有 Exchange 管理員角色,才能提供稽核記錄的存取權。You must either be a global admin or have an Exchange admin role that provides access to the audit log.

    Exchange 管理員角色是透過 Exchange 管理中心控制。Exchange admin roles are controlled through the Exchange admin center. 如需詳細資訊,請參閱 Exchange Online 中的權限For more information, see Permissions in Exchange Online.

  • 如果您有稽核記錄的存取權,但並不是全域管理員或 Power BI 服務管理員,您將無法存取 Power BI 管理入口網站。If you have access to the audit log but are not a global admin or Power BI Service admin, you will not have access to the Power BI Admin portal. 在此情況下,您必須取得 Office 365 安全性與合規性中心的直接連結。In this case, you must get a direct link to the Office 365 Security & Compliance Center.

在 Power BI 管理入口網站啟用稽核功能Enabling auditing functionality in the Power BI admin portal

您必須啟用稽核,貴組織才能使用報表。You will need to enable auditing for your organization in order to work with the reports. 您可以在管理入口網站的租用戶設定中完成。You can do this within the tenant settings of the admin portal.

  1. 選擇右上角的齒輪圖示Select the gear icon in the upper right.

  2. 選取 [管理入口網站]。Select Admin Portal.

  3. 選取 [租用戶設定]。Select Tenant settings.

  4. 開啟 [Create audit logs for internal activity auditing and compliance purposes] (建立稽核記錄以用於內部活動稽核和合規性用途)。Switch on Create audit logs for internal activity auditing and compliance purposes.

  5. 選取 [ 套用]。Select Apply.

Power BI 會開始記錄您的使用者在 Power BI 中執行的各種活動。Power BI will start logging various activities that your users perform in Power BI. 記錄需要 48 小時才會顯示在 O365 安全與規範中心。The logs take up to 48 hours to show up in the O365 Security & Compliance Center. 如需記錄哪些活動的詳細資訊,請參閱 Power BI 稽核的活動清單For more information about what activities are logged, see List of activities audited by Power BI.

注意

若要啟用租用戶中的 Power BI 稽核,您的租用戶中至少必須有一個 Exchange 信箱的授權。To enable auditing for Power BI in your tenant, you need at least one exchange mailbox license in your tenant.

存取您的稽核記錄Accessing your audit logs

若要稽核您的 Power BI 記錄,您必須前往 Office 365 安全規範中心。To audit your Power BI logs, you must visit the O365 Security & Compliance Center.

  1. 選擇右上角的齒輪圖示Select the gear icon in the upper right.

  2. 選取 [管理入口網站]。Select Admin Portal.

  3. 選取 [稽核記錄]。Select Audit logs.

  4. 選取 [前往 O365 系統管理中心]。Select Go to O365 Admin Center.

或者,您可以瀏覽 Office 365 | 安全與規範Alternatively, you can browse to Office 365 | Security & Compliance.

注意

若要提供非系統管理員帳戶存取稽核記錄的權限,您必須在 Exchange Online 系統管理中心中指派權限。To provide non-administrator accounts with access to the audit log, you will need to assign permissions within the Exchange Online Admin Center. 比方說,您可將使用者指派至現有的角色群組,例如組織管理,或者使用稽核記錄角色建立新的角色群組。For example, you could assign a user to an existing role group, such as Organization Management, or you could create a new role group with the Audit Logs role. 如需詳細資訊,請參閱 Exchange Online 中的權限For more information, see Permissions in Exchange Online.

僅搜尋 Power BI 活動Search only Power BI activities

您可以透過下列方式將結果限制在僅 Power BI 活動。You can restrict results to only Power BI activities by doing the following.

  1. 在 [稽核記錄搜尋] 頁面上,從 [搜尋] 下選取 [活動] 的下拉式清單。On the Audit log search page, select the drop down for Activities under Search.

  2. 選取 [PowerBI 活動]。Select PowerBI activities.

  3. 在選取方塊外面任何地方選取,將它關閉。Select anywhere outside of the selection box to close it.

您的搜尋現在已篩選為僅限 Power BI 活動。Your searches will now be filtered to only Power BI activities.

依日期搜尋稽核記錄Search the audit logs by date

您可以使用 [開始日期] 和 [結束日期] 欄位,依日期範圍搜尋記錄。You can search the logs by date range using the “Start date” and “End date” field. 預設會選取過去七天。The last seven days are selected by default. 日期和時間是以國際標準時間 (UTC) 格式顯示。The date and time are presented in Coordinated Universal Time (UTC) format. 您可以指定的最大日期範圍是 90 天。The maximum date range that you can specify is 90 days. 如果選定的日期範圍超過 90 天,則會顯示錯誤。An error is displayed if the selected date range is greater than 90 days.

注意

如果您使用最大的 90 天日期範圍,請選取目前時間作為開始日期。If you're using the maximum date range of 90 days, select the current time for the Start date. 否則,您會收到錯誤,指出開始日期早於結束日期。Otherwise, you'll receive an error saying that the start date is earlier than the end date. 如果您已在過去 90 天內開啟稽核,最大日期範圍的開頭不能在開啟稽核的日期之前。If you've turned on auditing within the last 90 days, the maximum date range can't start before the date that auditing was turned on.

依使用者搜尋稽核記錄Search the audit logs by users

您可以搜尋特定使用者所執行活動的稽核記錄項目。You can search for audit log entries for activities performed by specific users. 若要這樣做,請在 [使用者] 欄位中輸入一或多個使用者名稱。To do this, enter one or more user names in the “Users” field. 這是他們登入 Power BI 所使用的使用者名稱。This would be the username that they sign into Power BI with. 看起來像電子郵件地址。It looks like an email address. 將此方塊保留空白,可傳回貴組織所有使用者 (和服務帳戶) 的項目。Leave this box blank to return entries for all users (and service accounts) in your organization.

檢視搜尋結果Viewing search results

一旦您點擊 [搜尋] 按鈕,搜尋結果會載入,並在一段時間後顯示在 [結果] 下。Once you hit the search button, the search results are loaded and after a few moments they are displayed under Results. 搜尋完成後時,會顯示找到的結果數目。When the search is finished, the number of results found is displayed.

注意

將顯示最多 1000 個事件;如果超過 1000 個事件符合搜尋準則,則會顯示最新的 1000 個事件。A maximum of 1000 events will be displayed; if more than 1000 events meet the search criteria, the newest 1000 events are displayed.

結果包含搜尋所傳回之每個事件的下列相關資訊。The results contain the following information about each event returned by the search.

資料行Column 定義Definition
日期Date 發生事件時的日期和時間 (UTC 格式)。The date and time (in UTC format) when the event occurred.
IP 位址IP address 記錄活動時所用裝置的 IP 位址。The IP address of the device that was used when the activity was logged. IP 位址會以 IPv4 或 IPv6 位址格式顯示。The IP address is displayed in either an IPv4 or IPv6 address format.
使用者User 執行觸發事件之動作的使用者 (或服務帳戶)。The user (or service account) who performed the action that triggered the event.
活動Activity 使用者所執行的活動。The activity performed by the user. 這個值會對應至您在 [活動] 下拉式清單中選取的活動。This value corresponds to the activities that you selected in the Activitiesdrop down list. 對於來自 Exchange 系統管理員稽核記錄的事件,此資料行中的值會是 Exchange Cmdlet。For an event from the Exchange admin audit log, the value in this column is an Exchange cmdlet.
項目Item 因為對應活動而建立或修改的物件。The object that was created or modified as a result of the corresponding activity. 例如,被檢視或修改的檔案,或是被更新的使用者帳戶。For example, the file that was viewed or modified or the user account that was updated. 並非所有活動在此資料行中都有值。Not all activities have a value in this column.
詳細資料Detail 關於活動的其他詳細資料。Additional detail about an activity. 同樣地,並非所有活動都有值。Again, not all activities will have a value.

注意

選取 [結果] 下的資料行標頭可排序結果。Select a column header under Results to sort the results. 您可以將結果從 A 到 Z 或從 Z 到 A 排序。按一下 [日期] 標頭可以將結果從最舊到最新或從最新到最舊排序。You can sort the results from A to Z or Z to A. Click the Date header to sort the results from oldest to newest or newest to oldest.

檢視事件的詳細資料View the details for an event

您可以選取搜尋結果清單中的事件記錄,檢視事件的詳細資料。You can view more details about an event by selecting the event record in the list of search results. [詳細資料] 頁面隨即出現,其中包含事件記錄的詳細屬性。A details page is displayed that contains the detailed properties from the event record. 所顯示的屬性取決於發生事件的 Office 365 服務。The properties that are displayed depend on the Office 365 service in which the event occurs. 若要顯示其他詳細資料,請選取 [更多資訊]。To display additional details, select More information.

下表提供您會看到顯示出來之項目的詳細資料。The following table provides details on that you may see displayed.

參數或事件Parameter or Event 描述Description 其他詳細資料Additional Details
下載 Power BI 報表Downloaded Power BI report 每次下載報告時,會記錄此活動This activity is logged every time a report is downloaded 報表名稱、資料集名稱Report Name, Dataset Name
建立報表Create report 每次建立新報告時,會記錄此活動。This activity is logged every time a new report is created. 報表名稱、資料集名稱Report Name, Dataset Name
編輯報表Edit Report 每次編輯報告時,會記錄此活動。This activity is logged every time a report is edited. 報表名稱、資料集名稱Report Name, Dataset Name
建立資料集Create dataset 每次建立資料集時,會記錄此活動。This activity is logged every time a dataset is created. 資料集名稱、DataConnectivityModeDataset Name, DataConnectivityMode
刪除資料集Delete Dataset 每次刪除資料集時,會記錄此活動。This activity is logged every time a dataset is deleted. 資料集名稱、DataConnectivityModeDataset Name, DataConnectivityMode
建立 Power BI 應用程式Create Power BI app 每次建立 Power BI 應用程式時,會記錄此活動This acitivity is logged every time a Power BI app is created 應用程式名稱、權限、工作區名稱App name, Permissions, Workspace Name
安裝 Power BI 應用程式Install Power BI app 每次安裝 Power BI 應用程式時,會記錄此活動This activity is logged every time a Power AI app installed 應用程式名稱App name
更新 Power BI 應用程式Update Power BI app 每次更新 Power BI 應用程式時,會記錄此活動This activity is logged every time a Power app in updated 應用程式名稱、權限、工作區名稱App name, Permissions, Workspace Name
已啟動 Power BI 延長試用版Started Power BI extended trial 每次使用者接受會執行直到 2018 年 5 月 31 日的延長 Pro 試用版時,會記錄此活動This activity is logged every time an user accepts the extended pro trial that runs until May 31 2018
已分析 Power BI 資料集Analyzed Power BI dataset 每次在 Excel 中分析 Power BI 資料集時,會記錄此活動。This activity is logged every time a Power BI dataset is analyzed in Excel.
已建立 Power BI 閘道Created Power BI gateway 每次建立新閘道時,會記錄此活動。This activity is logged every time a new gateway is created. 閘道名稱、閘道類型Gateway Name, Gateway Type
已刪除 Power BI 閘道Deleted Power BI gateway 每次刪除閘道時,會記錄此活動。This activity is logged every time a gateway is deleted. 閘道名稱、閘道類型Gateway Name, Gateway Type
已將資料來源新增至 Power BI 閘道Added Data source to Power BI gateway 每次將資料來源新增至閘道時,會記錄此活動This activity is logged every time a data source in added to the gateway 閘道名稱、閘道類型、資料來源名稱、資料來源類型Gateway Name, Gateway Type, Datasource Name, Datasource Type
已從 Power BI 閘道移除資料來源Removed data source from Power BI gateway 每次從閘道移除資料來源時,會記錄此活動This activity is logged every time a data source is removed from a gateway 閘道名稱、閘道類型、資料來源名稱、資料來源類型Gateway Name, Gateway Type, Datasource Name, Datasource Type
已變更 Power BI 閘道管理員Changed Power BI gateway admins 每次變更 (新增/移除) 閘道管理員時,會記錄此活動This activity is logged every time the admins of a gateway are changed (added/removed) 閘道名稱、已新增使用者、已移除使用者Gateway Name, Users Added, Users Removed
已變更 Power BI 閘道資料來源使用者Changed Power IB gateway data source users 每次變更 (新增/移除) 閘道使用者時,會記錄此活動This activity is logged every time the users of a gateway are changed (added/removed) 閘道名稱、已新增使用者、已移除使用者Gateway Name, Users Added, Users Removed
SetScheduledRefreshSetScheduledRefresh 每次為資料集排程新的重新整理時,會記錄此活動This activity is logged every time a new refresh is scheduled for a dataset 資料集名稱、重新整理頻率 (以分鐘為單位)Dataset Name, Refresh Frequency (in minutes)

您可以使用 PowerShell,依據您的登入存取稽核記錄。You can use PowerShell to access the audit logs based on your login. 這是藉由存取 Exchange Online 來執行的。This is done by accessing Exchange Online. 以下是提取 Power BI 稽核記錄項目的命令範例。Here is an example of a command to pull Power BI audit log entries.

注意

若要使用 New-PSSession 命令,您的帳戶需要獲指派 Exchange Online 授權,而且您需要存取租用戶的稽核記錄檔。In order to use the New-PSSession command, your account needs to have an Exchange Online license assigned to it and you need access to the audit log for your tenant.

Set-ExecutionPolicy RemoteSigned

$UserCredential = Get-Credential

$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection

Import-PSSession $Session
Search-UnifiedAuditLog -StartDate 9/11/2016 -EndDate 9/15/2016 -RecordType PowerBI -ResultSize 1000 | Format-Table | More

如需如何連線至 Exchange Online 的詳細資訊,請參閱連線至 Exchange Online PowerShellFor more information on connecting to Exchange Online, see Connect to Exchange Online PowerShell.

如需參數和 Search-UnifiedAuditLog 命令使用方式的詳細資訊,請參閱 Search-UnifiedAuditLogFor more information about parameters and usage of the Search-UnifiedAuditLog command, see Search-UnifiedAuditLog.

若要查看使用 PowerShell 搜尋稽核記錄檔後再根據項目指派 Power BI Pro 授權的範例,請參閱 Using Power BI audit log and PowerShell to assign Power BI Pro licenses (使用 Power BI 稽核記錄檔和 PowerShell 指派 Power BI Pro 授權)。To see an example of using PowerShell to search the audit log and then assign Power BI Pro licenses based on entries, see Using Power BI audit log and PowerShell to assign Power BI Pro licenses.

匯出 Power BI 稽核記錄Export the Power BI audit log

您可以將 Power BI 稽核記錄匯出至 csv 檔案。You can export the Power BI audit log to a csv file.

  1. 選取 [匯出結果]。Select Export results.

  2. 選取 [Save loaded results] (儲存載入結果) 或 [Download all results] (下載所有結果)。Select either Save loaded results or Download all results.

記錄和使用者類型Record and user types

作為項目詳細資料的一部分,稽核記錄項目會具有 RecordType 和 UserType。Audit log entries will have a RecordType and UserType as part of the details for the entry. 所有 Power BI 項目的 RecordType 都是 20。All Power BI entries will have a RecordType of 20.

如需完整清單,請參閱 Detailed properties in the Office 365 audit log (Office 365 稽核記錄的詳細內容)For a full listing, see Detailed properties in the Office 365 audit log

Power BI 稽核的活動清單List of activities audited by Power BI

活動Activity 描述Description 其他詳細資料Additional details
CreateDashboardCreateDashboard 每次建立新的儀表板時,會記錄此活動。This activity is logged every time a new dashboard is created. - 儀表板名稱。- Dashboard name.
EditDashboardEditDashboard 每次重新命名儀表板時,會記錄此活動。This activity is logged every time a dashboard is renamed. - 儀表板名稱。- Dashboard name.
DeleteDashboardDeleteDashboard 每次刪除儀表板時,會記錄此活動。This activity is logged every time a dashboard is deleted. - 儀表板名稱。- Dashboard name.
PrintDashboardPrintDashboard 每次列印儀表板時,都會記錄此事件。This event is logged every time that a dashboard is printed. - 儀表板名稱。- Dashboard name.
- 資料集名稱- Dataset name
ShareDashboardShareDashboard 每次共用儀表板時,會記錄此活動。This activity is logged every time a dashboard is shared. - 儀表板名稱。- Dashboard name.
- 收件者電子郵件。-Recipient Email.
- 資料集名稱。- Dataset name.
- 再次共用權限。- Reshare permissions.
ViewDashboardViewDashboard 每次檢視儀表板時,都會記錄此活動。This activity is logged every time a dashboard is viewed. - 儀表板名稱。- Dashboard name.
ExportTileExportTile 每次從儀表板磚匯出資料時,都會記錄此事件。This event is logged every time data is exported from a dashboard tile. - 磚名稱。- Tile name.
- 資料集名稱。- Dataset name.
DeleteReportDeleteReport 每次刪除報表時,會記錄此活動。This activity is logged every time a report is deleted. - 報表名稱。- Report name.
ExportReportExportReport 每次從報表磚匯出資料時,都會記錄此事件。This event is logged every time data is exported from a report tile. - 報表名稱。- Report name.
- 資料集名稱。- Dataset name.
PrintReportPrintReport 每次列印報表時,都會記錄此事件。This event is logged every time that a report is printed. - 報表名稱。- Report name.
- 資料集名稱。- Dataset name.
PublishToWebReportPublishToWebReport 每次將報表發行至 Web 時,都會記錄此事件。This event is logged every time that a report is Published To Web. - 報表名稱。- Report Name.
- 資料集名稱。- Dataset name.
ViewReportViewReport 每次檢視報表時,都會記錄此活動。This activity is logged every time a report is viewed. - 報表名稱。- Report name.
ExploreDatasetExploreDataset 每次您選取資料集以進行瀏覽時,都會記錄此活動。This event is logged every time you explore a dataset by selected it. - 資料集名稱- Dataset name
DeleteDatasetDeleteDataset 每次刪除資料集時,都會記錄此事件。This event is logged every time a dataset is deleted. - 資料集名稱。- Dataset name.
CreateOrgAppCreateOrgApp 每次建立組織內容套件時,會記錄此活動。This activity is logged every time an organizational content pack is created. - 組織內容套件名稱。- Organizational Content Pack name.
- 儀表板名稱。- Dashbaord names.
- 報表名稱。- Report names.
- 資料集名稱。- Dataset names.
CreateGroupCreateGroup 每次建立群組時,就會引發這項活動。This activity is fired every time a group is created. - 群組名稱。- Group name.
AddGroupMembersAddGroupMembers 每次成員加入 Power BI 群組工作區時,會記錄此活動。This activity is logged every time a member is added to a Power BI group workspace. - 群組名稱。- Group name.
- 電子郵件地址。- Email addresses.
UpdatedAdminFeatureSwitchUpdatedAdminFeatureSwitch 每次變更管理功能參數時,都會記錄此事件。This event is logged every time an admin feature switch is changed. - 參數名稱。- Switch name.
- 新的參數狀態。- New switch state.
OptInForProTrialOptInForProTrial 當使用者選擇在服務中試用 Power BI Pro 時,就會記錄此事件。This event is logged when a user choses to try Power BI Pro within the service. - 電子郵件地址- email address

後續步驟Next steps

Power BI 管理入口網站Power BI Admin Portal
Power BI Premium - 這是什麼?Power BI Premium - what is it?
購買 Power BI ProPurchasing Power BI Pro
Exchange Online 中的權限Permissions in Exchange Online
連線至 Exchange Online PowerShellConnect to Exchange Online PowerShell
Search-UnifiedAuditLogSearch-UnifiedAuditLog
Office 365 稽核記錄的詳細內容Detailed properties in the Office 365 audit log

有其他問題嗎?More questions? 嘗試在 Power BI 社群提問Try asking the Power BI Community