Microsoft Information Protection is a built-in, intelligent, unified, and extensible solution to protect sensitive data across your enterprise – in Microsoft 365 cloud services, on-premises, third-party SaaS applications, and more. Microsoft Information Protection provides a unified set of capabilities for classification, labeling, protection and data loss prevention across Microsoft 365 apps (Word, PowerPoint, Excel, Outlook) and Microsoft services like Power BI, OneDrive, SharePoint, Teams, and Exchange.
Security and compliance are important for democratizing access to data and insights, particularly in today’s remote work environment. This focus on security and compliance has helped Power BI enable employees and business partners to make data-driven decisions confidently. Power BI leverages Microsoft Information Protection to help organizations protect their sensitive data no matter where or how it is accessed.
Today we are excited to announce the general availability of Microsoft Information Protection’s sensitivity labels in Power BI. The same sensitivity labels you use to classify and label data in Microsoft365 apps (e.g. Excel) can now be used to classify and label sensitive data in the Power BI service too. Labels and protection actions like file encryption will persist when sensitive data is exported out of Power BI to Excel, Power Point, or PDF files. We are also announcing roll out of new capabilities that further persist labeling and protection of data as it moves between Power BI and other solutions like Microsoft Teams.
Customers like BP already benefit from Microsoft Information Protection in Power BI to gain better visibility and control over their business-critical data:
“Our data owners can now classify their data with ease within Power BI and align with our existing Microsoft Information Protection labels. The integration with Microsoft Information Protection means that we can see where our important data is being used and be assured that exported data is automatically labelled and protected in accordance with our policies. In this way our users practice security by choice because it is easy. The ability to monitor activity and block or protect downloads of classified data in real-time using [Microsoft Cloud App Security] is a very powerful control, which gives us increased flexibility on collaborating and sharing securely.”
-- Geoff Elton, Information Protection Security Engineering Lead at BP
General availability of sensitivity labels in Power BI
Sensitivity labels provide a simple way for your users to classify critical content in Power BI without compromising productivity or the ability to collaborate. Sensitivity labels can be applied on datasets, reports, dashboards, and dataflows. When data is exported from Power BI to Excel, PowerPoint or PDF files, Power BI automatically applies a sensitivity label on the exported file and protects it according to the label’s file encryption settings. This way your sensitive data remains protected no matter where it is.
Figure 1: Power BI report's sensitivity label and protection applied on Excel file upon data export.
Sensitivity labels applied on Power BI reports and dashboards are also visible in the Power BI iOS and Android mobile apps.
Figure 2: Sensitivity labels appear in the Power BI mobile app
With sensitivity labels now generally available in Power BI, you gain more value when you create and deploy labels and policies from the Microsoft 365 compliance center. The Microsoft 365 compliance center provides visibility into label-related user activities (e.g. applying, removing, or changing sensitivity labels).
New information protection capabilities in Power BI
It is a common scenario for your users to embed a Power BI report in Microsoft Teams or maintain a live data connection between an Excel file and a Power BI dataset. The ability to maintain the same sensitivity label as data moves has been a top ask from users. We heard you! The capabilities listed below are rolling out soon.
Figure 3: Power BI dataset’s sensitivity label applied on an Excel file upon creating a live connection
Power BI and Microsoft Cloud App Security
Microsoft Cloud App Security is a Cloud Access Security Broker (CASB) that leverages Microsoft Information Protection’s labels and policies to provide data loss prevention in Microsoft services like Power BI and extends that to third-party cloud applications. For example, with Cloud App Security, you can create a policy that will block the download of sensitive data when the user is accessing data via an unauthorized device. Microsoft Cloud App Security enables you to gain rich visibility into shadow IT, identify and remediate cloud-native attacks via integration with Microsoft Threat Protection, and control how your data travels across all of your cloud resources.
Cloud App Security analyzes Power BI activities and raises a security alert if suspicious behavior is detected. For example:
We are continuously expanding the capabilities of Microsoft Information Protection. You can see in this blog a summary of some of the investments we’ve made in the last two months. We are working on adding sensitivity labels in Power BI Desktop. This will enable you to classify, label, and protect PBIX files as well. To learn more about the capabilities covered in this blog:
As you navigate this challenging time, we have additional resources to help. For more information about securing your organization in this time of crisis, visit our Remote Work site. We’re here to help in any way we can.
Denis Mizetski, Senior Program Manager, Microsoft Information Protection
Anton Fritz, Senior Program Manager, Power BI
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.