Blog Post

Security, Compliance, and Identity Blog
4 MIN READ

Sensitivity label support in Microsoft Fabric and Power BI enables end-to-end information protection

Anna_Chiang's avatar
Anna_Chiang
Icon for Microsoft rankMicrosoft
Jul 18, 2023

Did you know that 88% of organizations lack the confidence to prevent sensitive data loss?Discovery and classification of sensitive data is important for organizations who want to better protect sensitive personally identifiable information (PII) and corporate intellectual property. When these sensitive labeled files are used in business intelligence and analytics solutions, it’s important they remain protected and are shared and accessed only by authorized individuals.

 

With Microsoft Purview Information Protection, we provide a built-in, intelligent, unified, and extensible solution to protect sensitive data across your digital estate. This includes Microsoft clouds such as Microsoft 365 and Azure, as well as on-premises, hybrid and third-party clouds, and SaaS applications. 

 

In addition, to ensure the security of your organization’s data, it's imperative to also enable governance over your organization’s data estate. We are pleased to announce new capabilities in both Microsoft Fabric and Power BI.

 

With Fabric, Microsoft provides centralized visibility into what's happening with your data, gives insights into usage and adoption, and enables organizations to secure and govern data end to end with a single central data repository. Fabric provides a unified intelligent data foundation for all first-party analytics workloads and integrates Power BI, Data Factory, and the next generation of Synapse to offer customers an easy –to use and powerful modern analytics solution.

 

Figure 1: Microsoft Fabric key components

Today we are announcing the following Microsoft Purview capabilities in Fabric, all in public preview:

  1. Integration with Information Protection sensitivity labels
  2. Microsoft Purview Hub support
  3. Audit logs support

Fabric natively integrates the same familiar unified Information Protection sensitivity labels that are used in Microsoft 365, so users can easily see if a file or email is confidential and whether they are blocked from exporting the file. Data owners can apply a sensitivity label to a lakehouse or any other Fabric item, and the label will flow with the data to all downstream items in Fabric. These labels and their protection settings are also automatically applied to Microsoft 365 files that are exported from Fabric.  Learn more about Information protection in Fabric.

 

Figure 2: Using Information Protection sensitivity labels in Fabric.

Fabric admins can also use the Microsoft Purview hub, which contains insights about sensitive data as well as certified and promoted items. It also serves as a gateway to advanced capabilities in Microsoft Purview and analytics information showing labeled versus unlabeled files containing sensitive data that need to be addressed.  

.

Figure 3: Microsoft Purview hub portal view

In addition, Fabric is also integrated with Microsoft Purview audit, which provides Fabric and compliance admins with comprehensive logs of Fabric activities. All user and system operations are captured in the audit logs and made available in the Microsoft Purview compliance portal. Learn more about audit logs in Fabric.

 

Finally, we are also pleased to announce the following capabilities in Power BI now in general availability:

  1. Inheritance of sensitivity labels from connected data sources in Power BI
  2. Data Loss Prevention support for Power BI

Power BI datasets that connect to sensitivity-labeled data in Azure Synapse Analytics Azure SQL Database and Excel files stored in OneDrive or SharePoint Online can automatically inherit those labels, so that the data remains classified and secure when brought into Power BI. Power BI is also supported as a workload in Data Loss Prevention policies, so that sensitive data can be automatically detected and prevented from data exfiltration. When a DLP policy for Power BI detects a sensitive dataset, a policy tip can be attached to the dataset in the Power BI service that explains the nature of the sensitive content, and an alert can be registered on the data loss prevention Alerts page in the Microsoft Purview compliance portal for monitoring and management by administrators. In addition, email alerts can be sent to administrators and specified users. Learn more about DLP policies in Power BI.  

 

An example of downstream inheritance and inheritance from data sources is illustrated below. At the top, we see the Excel file RegionalSales, that is labeled as Highly Confidential. Below that in lineage view we see the Excel file as an external data source, and how its sensitivity label filters down and gets applied to the dataset and its downstream content, which in the image below are the reports built from the dataset.

Figure 4. Screenshot of lineage view that illustrates label inheritance from data sources and downstream inheritance

 

Along with inheritance from data sources, inheritance upon creation of new content, inheritance upon export to file (e.g., Excel), and other capabilities for applying sensitivity labels, downstream inheritance helps ensure that sensitive data remains protected throughout its journey in Power BI, from data source to point of consumption. Confidential and highly sensitive data that is labeled and protected by Microsoft Purview Information Protection can continue to be protected in Power BI datasets and reports throughout its lifecycle. This provides organizations with more comprehensive visibility, manual or automated protection of sensitive information, and end-to-end information protection within Power BI. Learn more about how to apply sensitivity labels in Power BI here.


How to Get Started 

Read this blog to see how you can get a free trial to Fabric and view Fabric trial documents.

Get access to Microsoft Purview solutions directly in the Microsoft Purview compliance portal with a trial. By enabling the trial in the Purview compliance portal, you can quickly access these advanced classifiers. Visit your Microsoft Purview compliance portal for more details or check out the Microsoft Purview solutions trial.

 

1 Forrester, Security Concerns Security Priorities Survey 2020.

Updated Jul 20, 2023
Version 3.0
No CommentsBe the first to comment