Presentation is loading. Please wait.

Presentation is loading. Please wait.

Power BI Security Fundamentals

Published byOlof Hellström Modified over 5 years ago

Similar presentations

Presentation on theme: "Power BI Security Fundamentals"— Presentation transcript:

1 Power BI Security Fundamentals
Suresh Datla Power BI Security Fundamentals

2 Support Our Sponsors

3 Local User Groups Orange County Data Professionals Los Angeles SQL
2nd Thursday of each month 6:30—8:30 PM Irvine BigPASS.pass.org Los Angeles SQL 3rd Thursday of each odd month 7:00—8:30 PM USC Campus Sql.la Orange County Power BI 3rd Thursday of the month 7:00—8:30 PM Irvine Malibu SQL 3rd Wednesday of each month 6:30—9:00 PM sqlMalibu.pass.org San Diego User Groups 1st & 3rd Thursday 6:00—8:30 PM Los Angeles—Korean Every other Tuesday 8:00—9:00 PM El Segundo sqlAngeles.pass.org

4 About me Industry for 20 years working on Microsoft stack
Data space for 10 years (Certified in SQL Server since 2001) Azure cloud since inception(8 years) Power BI Since inception (4 years since GA)

5 About me Past Orange County Power BI User Group(Organizer and speaker)
Power BI Dashboard in a day (Organizer and speaker at 30+ sessions) SQL Saturday Redmond (Speaker) – Power BI Security SQL Saturday San Diego(Speaker) – Power BI End to End SQL Saturday Los Angeles(Speaker) – Power BI End to End SQL Saturday Orange County(Speaker) – Power BI Governance SQL Saturday Costa Rica(Speaker) – Power BI Adoption Upcoming Azure bootcamp SQL Saturday Orange County – Power BI Security

6 OC Power BI User group Past speakers Meagan Langoria Chuck Sterling
Kevin Kline Ike Ellis Phil Robinson Upcoming speakers Nikhil Urval (Microsoft Power BI Team) in April – Upcoming updates to Power BI Marco Russo in May – Data modeling Dan Edwards - TBD

7 Agenda User Authentication and Identity Power BI Tenant Administration
Data Security App Workspaces Row Level Security Dynamic Row Level Security

8 The flow – Airline Travel

9 The flow – Power BI Security
User Authentication Authorization Restrictions by Tenant Administration Workspace/Apps Row Level Security/Dynamic Row Level Security

10 Power BI Built on Azure Active Directory
Azure AD manages identity in Microsoft cloud. Your identity needs to reside/synchronized on Azure AD Organization creates user accounts & groups in Azure AD Users accounts and groups created in scope of tenant Azure AD provides user authentication service

11 Power BI Authorization
Azure AD manages licensing and permissions Provides users authorized access to Office 365 Provides users authorized access to SharePoint Online Provides users authorized access to Dynamics 365 Provides users authorized access to Power BI

12 Managing User Accounts and Groups
Microsoft SaaS Applications Office 365 Dynamics 365 SharePoint Online Power BI Azure User Account Management Office 365 Admin Azure Portal In Tune Azure Active Directory Organizational Tenant (e.g. cpt0926.onMicrosoft.com) User Accounts Groups Applications

13 Azure AD User Accounts and Licensing
User account created within scope of tenant Office 365 admin create accounts and assigns licenses

14 Multifactor Authentication
Enabled through admin portal requires Office 365 or Azure AD Premium

15 Conditional Access for Web and Mobile
Azure AD supports configuring conditional access (Partial List) Control which IP address ranges can connect (Corp LAN) Control which devices can connect Configure access so only group members can connect Configure which users or IP address ranges require 2FA

16 Azure AD Group Types Azure AD Group Types Security Groups Mail-enabled Security Groups Office 365 Groups

17 Office 365 Groups

18 Agenda User Authentication and Identity Power BI Tenant Administration
Data Security App Workspaces Row Level Security Dynamic Row Level Security

19 Power BI Admin Portal Power BI Admins control tenant-level settings
Control whether users can self-register for Power BI Control who can publish to web Control who can export & share content Control who can create content packs (Being deprecated)

20 Power BI Audit Log

21 Auditable Activities in Power BI

22 Data Classification for Dashboards

23 Agenda User Authentication and Identity Power BI Tenant Administration
Data Security App Workspaces Row Level Security Dynamic Row Level Security

24 Data Is Always in One of Three States
Data can be In Transit Moving between data source, Power BI and client Data is always encrypted using HTTPS or Azure Service Bus Data can be In Process Data loaded into cloud-based memory Data can be At Rest Data stored in cloud-based storage Data encrypted using internally managed encryption keys

25 Storage of Data At Rest What types of data must be stored at rest? Data (i.e. Dataset) Credentials Metadata for report and dashboard layouts Data source Data Metadata Credentials Imported Data Azure Blob Storage Azure SQL Direct Query Nothing Live Connection Push Dataset N/A

26 Data Encryption Power BI uses encryption keys for blob storage
Keys stored in separate location from Power BI service Fully managed by internal Microsoft service Azure SQL manages encryption internally Power BI relies on Azure SQL TDE Technology Used to encrypt credentials to cloud-based sources For credentials to access on-premises sources Encryption key created in on-premises data gateway Encryption key used to encrypt creds stored in cloud

27 Data Storage Location Data storage location can be important
Especially with European rules and regulations Organization has tenant in specific data center

28 Data Residency and Azure Region Pairs
Data stored in specific Azure Region Azure region defined data residency Within a region, data centers are paired

29 Connecting Through Express Route
Allows you to create private network connection Connect to Power BI without going through public Internet Can also connect through ISP’s colocation facility Azure Express route with Power BI uses public peering

30 Compliance and Market Availability

31 Agenda User Authentication and Identity Power BI Tenant Administration
Data Security App Workspaces Row Level Security Dynamic Row Level Security

32 What Exactly is an App Workspace?
App Workspace is Power BI resource container Provides storage for datasets, reports and dashboards App Workspace created as Office 365 Group Acts as both a security group and distribution list Requires provisioning SharePoint team site On the Power BI Roadmap Creating workspace without SharePoint provisioning

33 Creating an App Workspace

34 Old Distribution Model
Dev Workspace read/write Production Workspace Read-only Dashboards Dashboards Reports Datasets Organizational Content Pack Reports Datasets

35 New Distribution Model
App Workspace read/write Installed App Read-only Dashboards Reports Datasets Dashboards Published App Reports Datasets

36 Agenda User Authentication and Identity Power BI Tenant Administration
Data Security App Workspaces Row Level Security Dynamic Row Level Security

37 What Is Row-level Security (RLS)
Security Scheme based on Named Roles Roles are defined using Power BI Desktop Each role is scoped to the dataset within a PBIX project Role defined using one or more DAX expressions DAX expressions restrict which rows are accessible

38 Common RLS Scenario

39 Configuring RLS in the Power BI Desktop

40 Configuring RLS in the Power BI Service

41 RLS Enforcement

42 This is a demo of the Row Level Security

43 Agenda User Authentication and Identity Power BI Tenant Administration
Data Security App Workspaces Row Level Security Dynamic Row Level Security

44 Dynamic RLS Design pattern for data-driven security
RLS set up to use login name of current user Permission assignments are included as part of dataset Implemented using bi-directional cross-filtering

45 Configuring Cross-direction Filtering

46 Dynamically Tracking the Current User

47 All Users Must Be Added To a Role

48 Dynamic RLS Enforcement

49

50 Summary User Authentication and Identity
Power BI Tenant Administration Data Security App Workspaces Row Level Security Dynamic Row Level Security

Download ppt "Power BI Security Fundamentals"

Similar presentations

Power BI Sites and Mobile BI. What You Will Learn Sharing and Collaboration Introducing Power BI Exploring Power BI Features and Services Partner Opportunities.

Power BI Sites and Mobile BI. What You Will Learn Sharing and Collaboration Introducing Power BI Exploring Power BI Features and Services Partner Opportunities.
SIM205. (On-Premises) Storage Servers Networking O/S Middleware Virtualization Data Applications Runtime You manage Infrastructure (as a Service)

SIM205. (On-Premises) Storage Servers Networking O/S Middleware Virtualization Data Applications Runtime You manage Infrastructure (as a Service)
Understanding Active Directory

Understanding Active Directory
Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.

Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.
ON YOUR TERMS Business needs * Enhanced by upcoming Azure IAAS features GoodBetterBest * * GoodBetterBestGoodBetterBestGoodBetterBestGoodBetterBestGoodBetterBest.

ON YOUR TERMS Business needs * Enhanced by upcoming Azure IAAS features GoodBetterBest * * GoodBetterBestGoodBetterBestGoodBetterBestGoodBetterBestGoodBetterBest.
Get identities to the cloud Mix on-premises and cloud identity for improved PC, mobile, and web productivity Cloud identities help you run your business.

Get identities to the cloud Mix on-premises and cloud identity for improved PC, mobile, and web productivity Cloud identities help you run your business.
Private KEEP OFF! Private KEEP OFF! Open! What is a cloud? Cloud computing is a model for enabling convenient, on-demand network access to a shared.

Private KEEP OFF! Private KEEP OFF! Open! What is a cloud? Cloud computing is a model for enabling convenient, on-demand network access to a shared.
Productivity Architect Meet Chris Bortlik Author, Blogger, Speaker.

Productivity Architect Meet Chris Bortlik Author, Blogger, Speaker.
Protect your data Enable your users Desktop Virtualization Information protection Mobile device & application management Identity and Access Management.

Protect your data Enable your users Desktop Virtualization Information protection Mobile device & application management Identity and Access Management.
Data Security with Power BI, SSAS, SQL Server 2016 and Active Directory June 10, 2017.

Data Security with Power BI, SSAS, SQL Server 2016 and Active Directory June 10, 2017.
ArcGIS for Server Security: Advanced

ArcGIS for Server Security: Advanced
1/26/2018 Hosting Windows Desktops and Applications Using Remote Desktop Services and Azure Windows Server 2016 + Azure Resource Manager © 2014 Microsoft.

1/26/2018 Hosting Windows Desktops and Applications Using Remote Desktop Services and Azure Windows Server Azure Resource Manager © 2014 Microsoft.
Power BI for the Enterprise

Power BI for the Enterprise
Microsoft Certification Paths

Microsoft Certification Paths
Power BI for the Enterprise

Power BI for the Enterprise
4/18/2018 1:15 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.

4/18/2018 1:15 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.
Data Platform and Analytics Foundational Training

Data Platform and Analytics Foundational Training
Becky Bertram January 21, 2017 SharePoint Saturday St. Louis

Becky Bertram January 21, 2017 SharePoint Saturday St. Louis
Power BI for the Enterprise

Power BI for the Enterprise
Relationship modeling patterns in SSAS and Power bi

Relationship modeling patterns in SSAS and Power bi

Similar presentations

Ads by Google