Power BI security best practices
Ensuring a secure platform on which to store sensitive information and work collaboratively on is a business’ top priority. For businesses using Power BI, we’ve pulled together a non-exhaustive list of security steps to keep your data safe.
Implement Multi-Factor Authentication (MFA)
The first step is the easiest. By enabling Multi-Factor Authentication, users must use more than one method to access information and log into networks. This reduces the risk of unauthorised access even if a user’s login details have been compromised, as an attacker most likely will not have access to the other methods of verification.
Make use of Power BI audit logs
Audit logs exist in Power BI to record any activity that takes place, such as when users create dashboards, view reports, or share content. This trail is helpful when troubleshooting, for security reviews, or for compliance purposes. Ensure your senior staff review the audit logs to monitor any suspicious activity and take action before serious damage is done.
Limit sharing options
Within Power BI, you can customise the policies for exporting data and sharing reports, therefore reducing the risk of leaking sensitive data, whether by accident or otherwise. Settings can be altered to control who can export data, what data can be exported, both inside and outside your business. We recommend turning off the ‘publish to web’ option, as that could be a likely accident waiting to happen.
Consider Role-Level Security (RLS)
Role-Level Security allows administrators to control data access based on the role of the user. By restricting access to more sensitive information based on the user role, you can ensure a higher level of security on your network. RLS can also control the data that is presented to users based on their geography, department, or any other attribute.
Secure Data Gateways
A secure data gateway connects Power BI and on-prem data sources. By keeping these data gateways updated, monitoring them, and setting permissions on user access, you can maintain security efficiently. A recovery key for data gateways must be stored in a secure location, as data is not recoverable if it is lost.