Skip to main content

Announcing Power BI inheritance of MIP labels from Azure Synapse Analytics (Public Preview)

Headshot of article author Anton Fritz

As companies embrace their digital transformation and data become more accessible for analysis, the risk of accidental oversharing or misuse of business-critical information increases. It is more important than ever to answer the questions: “Where is my sensitive data? Who can access my sensitive data? How can I improve my end-to-end protection to prevent my sensitive data from leaking?”

 

Last year we announced the general availability of Power BI data protection capabilities, being the only BI product leveraging Microsoft Information Protection sensitivity labels (MIP) and providing users a simple way to classify critical content in Power BI without compromising productivity or the ability to collaborate. Sensitivity labels can be applied on datasets, reports, dashboards, and dataflows, and those labels are persisted along with relevant protection when data is exported from Power BI to Excel, PowerPoint, PDF, or PBIX files.

Last December, Microsoft released Azure Purview, a unified data governance service, including integration with Power BI and the ability to auto-label data in Azure Synapse Analytics and Azure SQL Database with MIP labels.

 

UI of campaign analytics

 

Today, we’re happy to announce a public preview of Power BI MIP label inheritance when import data from Azure Synapse Analytics and Azure SQL Database. This capability will help you to ensure your data remains classified and secured across its data journey from Azure, through Power BI and to Office.

 

 

Power BI datasets connecting to classified data in Azure Synapse Analytics or Azure SQL Database will inherit those labels such that data remains classified and secure when brought into Power BI and inherited when exported to Office. The result is secure, end-to-end inheritance and protection of your business data, from source to point of consumption.

 

How to configure MIP label inheritance from Azure Synapse Analytics or Azure SQL Database

To enable MIP label inheritance from source, follow these steps:

  1. To apply MIP labels on data in source require you to perform these two-steps:
    1. Automatically apply sensitivity labels to your data in Azure Synapse Analytics or Azure SQL DB using Azure Purview.
    2. Classify your Azure SQL data using Azure Purview labels.
  2. Enable MIP sensitivity labels in Power BI and inheritance from source in Power BI admin portal. See Enable MIP sensitivity labels in Power BI, Enable inheritance from source preview in Power BI admin portal.
  3. Refresh in Power BI the dataset that is connected to data with MIP labels in Azure Synapse Analytics or Azure SQL database.

See Sensitivity label inheritance from data sources for more details.

 

Limitations:

  1. Inheritance from source supported for datasets importing data from Azure Synapse Analytics or Azure SQL Database in Power BI service. Direct query, refresh in Power BI desktop currently does not support inheritance from the source.
  2.  For Power BI to apply the MIP label from the source the label should be in the dataset’s owner label policy.
  3.  Get data via data gateway or VNet currently doesn’t support inheritance.
  4. Inheritance from source don’t override label applied by the user in Power BI.

 

What next:

  1. To meet compliance requirements many organizations require all content in Power BI tenant to have MIP labels, existing content and content that is added. Two new features coming soon will help organizations to meet this goal:
    1. Label policy to require users to set MIP label when upload PBIX to Power BI and when create or edit content in Power BI. Mandatory label policy for Power BI users will be available in M365 MIP label policy settings.
    2. Power BI admin APIs to set/remove MIP labels in Power BI, enabling Power BI admins programmatically bulk label content in Power BI.
  2. Make it simple to apply labels on the entire data lineage in Power BI with automatic downstream inheritance. Label applied on a dataset, manually or via inheritance from source will be automatically applied on all downstream content (datasets, reports, and dashboards).
  3. Enable deployment of artifacts with MIP labels with deployment pipelines.

 

Thank you for reading this blog! We hope that these and other information protection capabilities we’re introducing will help you drive data culture and digital transformation in your organization. Will be happy to get your feedback, answer questions.

Feel free to use comments below or Power BI community channels.