About a year ago, the Power BI team introduced data protection capabilities into the Power BI service, making Power BI the first and only BI product to support Microsoft Information Protection sensitivity labels, helping enterprises classify content and protect it even as data is exported from Power BI to Excel, PowerPoint and PDF files without compromising productivity or the ability to collaborate. Power BI’s sensitivity label support helps organizations and enterprises to meet security requirements and compliance regulations, which have become increasingly strict with the move to “work-from-home” mode during the COVID crisis, while at the same time allowing users to safely create, collaborate, and consume content in Power BI.
After we first launched data protection capabilities in Power BI, we continued to introduce more and more features to help keep content securely protected, whenever and wherever it is developed or consumed, building a top notch data loss prevention solution for the Power BI service.
Today, we are excited to extend Power BI’s sensitivity label capabilities by bringing Microsoft Information Protection sensitivity labels into Power BI Desktop, allowing creators to apply sensitivity labels just as they start building their datasets and reports in Power BI Desktop.
Sensitivity labels in Power BI Desktop
With sensitivity labels in Desktop,
- It’s easy to classify and protect .pbix files like it is done with Excel, Word, and PowerPoint files. With just 2 clicks, your file can be tagged according to its level of sensitivity and, even further, be encrypted if it contains business-confidential data.
- Once a label has been applied to a .pbix file, it will be visible in the window status bar.
Figure 1: Apply sensitivity label in Power BI Desktop
- When you publish a labeled .pbix file to the Power BI service, or upload it to the service using “Get Data”, the sensitivity label will be applied to the dataset and report the file contains.
- When you download a .pbix file from a labeled dataset or report in the Power BI service, the label settings will be automatically applied to the file.
- Encryption settings on labeled .pbix files are enforced. For example, users can apply a Confidential label to a file and be sure that it will be kept encrypted while stored, either locally on the user’s workstation or remotely in online services.
Note: For protected .pbix files, Power BI Desktop honors Microsoft Information Protection sensitivity label settings to ensure that only authorized users, as defined during sensitivity label creation in the Microsoft 365 Security and Compliance admin portal, are allowed to open and edit them.
First, be sure you have what’s needed to use sensitivity labels in the Power BI service.
Then, opt in to the Information protection preview feature. In Power BI Desktop, go to File > Options and settings > Options > Preview features, and check the box next to Information protection. Learn more in this article.
Figure 2: Power BI Desktop “Preview features” settings
We continue to extend sensitivity label support to address top customer asks, such as sensitivity label inheritance scenarios (both within Power BI as well as from data sources to Power BI), admin APIs for applying sensitivity labels, support for mandatory label policies, and sensitivity labels in deployment pipelines. So stay tuned!
To learn more about the capabilities covered in this blog, read about data protection in the Power BI documentation.