Power BI Security: 7 Simple Tips To Get Started

One of the most valuable features of Power BI is its security features.

They’re comprehensive and easy to work with – a rare combination!

This beginners’ article looks at Power BI’s top 7 security features.

Power BI has plenty more security features, but you should start with these if you are learning to use Power BI.

Workspace Security

Workspace security is the first level of Power BI security. 

Workspace security governs access to published artefacts like datasets and reports.

When you create a workspace in Power BI service, each workspace is divided into four roles.

  • Admin.
  • Member.
  • Contributor.
  • Viewer.

Only give users the access level that they will need and no more.

To access workspace security, locate the Settings tab and select Admin Portal to create a workspace. You must be an administrator to do this.

screenshot of locating the settings tab and selecting admin portal to create a workspace

You can assign the ability to create new Workspaces to different users in your organisation in the Tenant settings, then click Apply.

red selection shows tenant settings and click apply.

Advantages of using Power BI Workspaces

The benefits of using workspaces when you are sharing data with many people using Power BI are:

  • Simpler Team Collaboration
  • Multiple Workspaces
  • Isolated User/Group Management
  • Improved Developer Environment


With a Power BI Pro license (see power bi licencing for more details), the administrator has complete control of a workspace. 

An administrator can update or delete the workspace, add or remove other administrators, and disallow external data sharing.

Only grant admin privileges to people you trust well. 

You manage the Power BI settings for all users in your organisation through the admin portal.

screenshot of power bi admin portal

Sharing and Export Settings

Power BI allows users to share content with people outside your company as standard. 

It isn’t a good idea to have this as a default setting.

In the Tenant settings, you should Disable it.

admin portal tenant settings

Similarly, it also allows you to export to Excel and PowerPoint.

There’s little point in securing data in Power BI if people can just download it and then share it. 

Again, go into the admin portal and disable this setting.

Row-Level Security

Row-Level Security (RLS) is a feature of Power BI that allows you to publish reports to users within your organisation, but show different people different rows of data. 

You can define filters within roles to limit data access at the row level.

Roles and rules are defined in Power BI Desktop. 

When you publish data or a report to Power BI Service, you also publish role definitions. This allows you to assign specific roles to specific users. 

Row-level security is a powerful tool for controlling access to sensitive datasets, dashboards, and reports and means you don’t need to create different reports for different users. To learn more, see: Row-level security in Power BI and dynamic row-level security in Power BI.

Power BI Data Protection

Power BI’s Microsoft Information Protection, also known as data protection, allows you to apply sensitivity labels to your data.

It helps you protect your organisation’s data regardless of how or where it is accessed.

For example, imagine a member of your organisation downloads an Excel spreadsheet containing sensitive data from Power BI.

Information Protection would automatically apply a sensitivity label and protect the data by encrypting it and content-marking the downloaded file.

It helps to keep the data and content secure outside Power BI.

admin portal tenant settings information protection

Office 365 Admin Centre

The Microsoft Office 365 Admin Center is where you administer your organisation’s Microsoft 365 subscription. 

It allows you to add and remove users, change licenses, and reset passwords, among other things.

Admin permissions are automatically granted to anyone who signs up for and purchases a Microsoft 365 for business subscription. 

This person can give other people administrator permissions to help them manage Microsoft 365.

To see who has which privileges, you can review them in the admin centre.

Log in to your Office 365 account to access the Admin Centre.

In the app launcher, select Admin.

applauncher admin

Expand the Navigation menu to perform more administrative tasks.

expand navigation menu

As you can see, there are lots of different options in the admin centre.

You can add and remove users, assign product licences, and do a lot more as an administrator.

removing users, assign product licences

Azure Active Directory

Azure Active Directory (“AAD”) controls access to Power BI service. 

If you use AAD, you can implement a number of useful policies like:

  • Limiting access to and from trusted locations
  • Restricting access to machines with specific operating systems and / or joined to the domain
  • Enforcing multifactor authentication

Final Thoughts

In Power BI, each level of security protects a specific area. 

The most critical is workspace security, which regulates access to objects like datasets and reports. 

As your Power BI skills improve, make sure that your security skills also grow to keep your data safe!

For more on Power BI, check out our this article to get 15 Power BI experts top tips!

About Ben Richardson

Ben is a director of Acuity Training which he has been running for over 10 years.

He is a Natural Sciences graduate from the University of Cambridge and a qualified accountant with the ICAEW.

He previously worked as a venture capitalist and banker and so had extensive experience with Excel from building financial models before moving to learn SQL, Microsoft Power BI and other technologies more recently.