Microsoft Azure Information Protection Secures Power BI Data Exports for a Seamless DLP Strategy
Published Feb 24 2020 05:41 AM 11K Views

Business Intelligence and Analytics are often restricted in Healthcare organizations due to regulatory concerns about sensitive data such as Personally Identifiable Information (PII). Report viewers often want to export data from reports, but until now there has been no way to effectively track and protect exported files of data. Also, allowing access to reports from un-managed devices has often been an all-or-nothing approach. Microsoft Information Protection and Cloud App Security tools are now in Preview for Power BI as part of your enterprise Data Loss Prevention strategy. Here’s a demo of how Microsoft Information Protection works as a part of Power BI Data Protection:



This article is the third in a series exploring how Power BI paired with Azure data tools creates a flexible, scale-able, and achievable healthcare analytics architecture:

  • #1 - Unleash Massive Healthcare Data Volumes to Analytics using Power BI Aggregations - Click Here!
  • #2 - Control PII and Sensitive Data Risk for Self-Service BI using Power BI DataFlows and Azure Data Lake - Click Here!
  • #3 - Microsoft Azure Information Protection Secures Power BI Data Exports for a Seamless DLP Strategy (this article)
  • #4 - Combine Azure Synapse and Power BI RLS to Analyze Aggregated Data while Controlling Granular PII - Click Here!

A previous article at this link reviews many of the challenges that Healthcare organizations face due to Privacy and Regulatory concerns for PHI and other types of Sensitive Data. The diagram below is from that article, and shows three common ways that Sensitive Data can be shared inappropriately:


PII Sharing can be Controlled Using Power BI Data ProtectionPII Sharing can be Controlled Using Power BI Data Protection


  1. User Exports Data and Shares with Unapproved Users – Power BI Data Protection (using MIP/AIP) is now in Preview to prevent inappropriate sharing.
  2. User Shares a Report with an Unapproved User – Power BI Workspace Level Security, Row Level Security, and Data Protection can all be used to mitigate this scenario.
  3. Re-Identification due to Small Data Aggregation sizes, Using Deep Learning or Referencing Other Databases – Cloud App Security Tools and other Power BI capabilities can reduce this risk, but thoughtful Data Model design by solution architects is also needed and sometimes requires expertise outside of what can be provided by a digital toolset.

Finally, here is a video that reviews Power BI Data Protection that was recently recorded at Microsoft Ignite:


Version history
Last update:
‎Apr 23 2020 10:03 AM
Updated by: