Enterprise Governance & Compliance
Governance ensures that Power BI usage across the organization is secure, compliant, and well-managed. It's critical for large-scale deployments.
What is Power BI Governance?
A framework of policies, processes, and controls that manage: • Who can create and access content • What data is used and how it's protected • Where content is published and shared • How quality and consistency are maintained
Governance Areas
| Area | Focus |
|---|---|
| Data Security | RLS, OLS, encryption, data classification |
| Access Control | Workspace roles, sharing policies, AAD groups |
| Content Management | Naming conventions, certification, endorsement |
| Data Quality | Trusted datasets, documentation, lineage |
| Compliance | Audit logs, sensitivity labels, data loss prevention |
| Performance | Capacity management, optimization guidelines |
Admin Portal
Power BI Admin Portal provides centralized management:
Accessing: Power BI Service → ⚙️ Settings → Admin portal
Key Settings:
| Setting | Description |
|---|---|
| Tenant settings | Enable/disable features for the entire organization |
| Usage metrics | View who's using what and how often |
| Audit logs | Track all Power BI activities (views, shares, exports) |
| Capacity settings | Manage Premium capacity allocation |
| Embed codes | Manage public embed codes ("Publish to web") |
| Featured content | Curate recommended reports on the home page |
| Protection metrics | Sensitivity label usage and coverage |
Content Certification & Endorsement
Mark trusted content so users know which reports are official.
| Level | Badge | Meaning |
|---|---|---|
| Promoted | 🔵 Blue badge | Content owner recommends it as ready for use |
| Certified | 🟢 Green badge | Admin-approved as the official source of truth |
Certification Steps:
- Admin enables certification in Tenant settings
- Designates who can certify content (specific groups)
- Certified items appear with a badge in search results and recommendations
Data Lineage
Track data flow from source to report:
- In a workspace → Click Lineage view (top right)
- See the visual flow: Data Source → Dataset → Report → Dashboard
- Identify dependencies and impact of changes
Sensitivity Labels
Microsoft Information Protection (MIP) labels classify and protect data:
| Label | Description | Example |
|---|---|---|
| Public | No restrictions | Marketing brochures |
| General | Internal use | Team meeting notes |
| Confidential | Restricted distribution | Financial reports |
| Highly Confidential | Strictly controlled | Customer PII, salaries |
Applying Labels:
- Open a report or dataset → File → Sensitivity label
- Select the appropriate label
- Label follows the data — even when exported to PDF or Excel
Audit Logs
Track all Power BI activities for compliance and security:
What's Logged: • Report views, dashboard views • Data exports • Sharing and permission changes • Dataset refreshes • Admin setting changes • Report creation and deletion
Accessing Audit Logs:
- Admin portal → Audit logs → Opens Microsoft 365 compliance center
- Filter by date, user, activity type
- Export logs for analysis
Governance Best Practices
• Establish a Center of Excellence (CoE) — a team responsible for governance • Define naming conventions for workspaces, reports, datasets • Require certification for production reports • Enable sensitivity labels for data classification • Review audit logs regularly for unauthorized access • Create a data dictionary documenting datasets and measures • Set tenant settings to restrict external sharing and "Publish to web" • Train users on governance policies and best practices • Monitor usage metrics to identify adoption gaps and optimization opportunities • Implement data quality checks in ETL pipelines before data reaches Power BI