This document provides an overview of external sharing in Power BI using Azure Active Directory Business-to-Business (Azure B2B) collaboration. Azure B2B allows Power BI content to be securely distributed to guest users outside the organization while maintaining control over internal data. There are three main approaches for sharing - assigning Pro licenses manually, using guest's own licenses, or sharing to guests via Power BI Premium capacity. Azure B2B handles invitations, authentication, and governance policies to control external sharing. All guest actions are audited. Conditional access policies can also be enforced for guests.
James Serra Power BI Architect Profile and Portfolio
1. James Serra
Data & AI Architect
Microsoft, NYC MTC
JamesSerra3@gmail.com
Blog: JamesSerra.com
2. About Me
Microsoft, Big Data Evangelist
In IT for 30 years, worked on many BI and DW projects
Worked as desktop/web/database developer, DBA, BI and DW architect and developer, MDM
architect, PDW/APS developer
Been perm employee, contractor, consultant, business owner
Presenter at PASS Business Analytics Conference, PASS Summit, Enterprise Data World conference
Certifications: MCSE: Data Platform, Business Intelligence; MS: Architecting Microsoft Azure
Solutions, Design and Implement Big Data Analytics Solutions, Design and Implement Cloud Data
Platform Solutions
Blog at JamesSerra.com
Former SQL Server MVP
Author of book “Reporting with Microsoft SQL Server 2012”
3. Table of Contents
1. Overview & Product Portfolio
2. Deployment Strategy
3. Usage Scenarios & Prototyping
4. External Sharing
5. Data Storage & Data Refresh
6. Administration & Security
10. Power BI Premium
Dedicated resources in the cloud
Flexibility to license by capacity
Greater scale and performance
Extending on-premises capabilities
Premium capacity – P3
Premium capacity – P2
Premium capacity – P1
My workspace
User 2
My workspace
User 3
App workspace
Marketing
App workspace
Sales
My workspace
User 1
APIs
Custom app
Power BI service – Contoso organization
Power BI Premium
11. On-premise reporting solution
Power BI reports and SSRS report on-premises
Connect to data
Over 70+. Data can be imported, queried directly or live connection to SSAS
Power BI reports
Fully interactive reports on-premises to visualize your data and gain insights
SSRS reports
Precisely formatted operational reports
Consume in multiple ways
Mobile Apps, Web Portal, Embedded in your organizational apps
12. Spend time focusing on your product instead of
building visual analytic features from scratch
Connect to countless data sources so that you can
expose insights to your customers
Take advantage of our existing Custom Visual library
or dream up the right visual for your customers
Embed consistent, easy-to-navigate visualization
experiences across any device
Leverage other familiar services like Visual Studio,
Azure Web Aps and other Azure services
Embed stunning, fully interactive reports and visuals into your applications
13. Power BI Desktop Data sources
Over 100+ data sources and growing (Oct 2019)
14. February 2019
*Gartner “Magic Quadrant for Analytics and Business Intelligence Platforms,” by Cindi Howson, Rita L. Sallam, James Laurence Richardson, Joao Tapadinhas, Carlie J. Idoine, Alys Woodward, February 2018
The above graphics were published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from Microsoft. Gartner does not endorse any
vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research
organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
15.
16. Today, BI extends to everyone
Everyone
Analyst to end user
IT to end user
2nd wave
Self-service BI
1st wave
Technical BI
3rd wave
End user BI
21. Power BI Delivery Approaches
Business-Led
Self-Service BI
Bottom-Up Approach
IT-Managed
Self-Service BI
Blended Approach
Corporate BI
Top-Down Approach
Analysis using any type of data source; emphasis on
data exploration and freedom to innovate
Ownership:
Business supports all elements of the solution
Scope of Power BI use by business users:
Data preparation, data modeling, report creation &
execution
Governed by:
Business
A “managed” approach wherein reporting utilizes only
predefined/governed data sources
Ownership:
IT: data + semantic layer
Business: reports
Scope of Power BI use by business users:
Creation of reports and dashboards
Governed by:
IT: data + semantic layer
Business: reports
Utilization of reports and dashboards published by IT
for business users to consume
Ownership:
IT supports all elements of the solution
Scope of Power BI use by business users:
Execution of
published reports
Governed by:
IT
Ownership Transfer
Over time, certain self-service solutions deemed as critical to the business may transfer ownership and maintenance to IT. It’s also possible for business users to adopt a
prototype created by IT.
22. Key Decision Points
Where is the source data stored?
In a web-based cloud service, in a proprietary on-premises database,
etc.
Who is going to be responsible for dataset and/or
report development?
Segment of dataset authors, report authors, and consumers
Who is going to consume the reports?
Select number of internal users only, a wide variety of internal users,
and/or external users such as customers or business partners
How will they consume reports?
In a web browser, via mobile devices, embedded within an application,
etc.
What are the usage patterns? Dashboards, reports, interactive filtering and/or downloads of data
How much data latency (delay) is acceptable?
Importing the data generally offers superior performance, but requires
a data refresh which introduces latency
Do corporate security standards permit publishing
data to a cloud-based service?
The Power BI Service is cloud-based and offers the most functionality;
on-premises deployments can be done with Power BI Report Server
integration
What is the complexity level of the solution? Model size/complexity, query complexity, row-level security needs
23. Enterprise Wide Roll Out Responsibilities
Corporate BI
• Product evaluation
• Governance and security
• Infrastructure setup
• IT led solution delivery
• IT Training
Business-Led Self Service BI
• Work with IT on the service management
aspects
• End user/ Power user training
• Identify Power BI Champions within
teams/departments
• Business led reporting insights shared
with IT
24. Licensing Considerations
Power BI Pro Only
Segmentation of who consumes and publishes is limited when deploying
a “Power BI Pro Only” user-based model.
• Pro Only = All Pro users are trusted to publish
Power BI Premium
Power BI Premium provides the best flexibility for managing what
information is published
• Premium + Pro Users = Pro users segmented as authors while
unlicensed users consume from a Premium backed workspace
30. Definitions
Power BI App Workspace: A shared collaboration area within the Power BI Service. An App Workspace is a distinct area,
separate from My Workspace, which is dedicated to a specific team, subject area, or project. Power BI and Excel reports are
published to an App Workspace so that colleagues can view the content and contribute as appropriate. App Workspaces must
be specifically created
Power BI App: A set of packaged up content in the Power BI Service for the purpose of distributing related reports and
dashboards to a larger base of consuming users
Collaboration is associated to multi-person content creation within an App Workspace
Sharing is associated with the individual report and dashboard sharing feature in Power BI
Distribution is associated with the ability to publish Apps from an App Workspace or the ability to embed content in portals or
collaboration applications
My Workspace: Every Power BI user has a workspace created for them automatically called "My Workspace", which is
intended purely for personal use
41. Workflow Automation + Updating Data from
Within Power BI
The family of tools that is
comprised of Power BI,
Flow, and PowerApps
allows for many
interesting use cases that
involve integration
between these three
business applications.
In this scenario, envision
that we are checking for
data quality issues or
missing data. Flow is
used to send a
customized e-mail alert
which directs a user back
to Power BI to update
some source data:
46. Power BI service Live Connection
Get Data -> Power Platform -> Power BI datasets
To give others access to a dataset, after publishing, give Build
permission to the dataset in the Power BI service
47. Power BI templates
• .pbit files
• Corporate color scheme
• Corporate branding
• Connections to commonly used data sources
• Parameterized queries
• Commonly used DAX measures
51. Storage Modes
Desktop Service Desktop & Service
Connection Type
Edit
Queries
Modeling Visuals
Requires
Refresh
Current Data
Displayed
Data Copied
to PBI
Data Stays in
Source
Import X X X X X
Direct Query X X X X
Live Connection X X X
57. Composite Models
Allows a single report to seamlessly combine data from one or
more DirectQuery sources, and/or combine data from a mix of
DirectQuery sources and imported data. So this means you can
combine multiple DirectQuery sources with multiple Import
sources.
58. Aggregations
Create layers of pre-aggregated values that are
stored in memory that allow fast queries of
billions of rows.
61. Power BI Gateway
High availability clusters and load balancing: https://docs.microsoft.com/en-us/data-integration/gateway/service-gateway-high-availability-clusters
62. When Do I Need the Gateway?
A gateway is required to access on-premises data sources for data refresh, DirectQuery, or SSAS
live connection.
Typically, a data gateway is not necessary to access cloud sources, with the following exceptions:
1. Data sources which reside in an IaaS (Infrastructure-as-a-Service) virtual machine.
2. If the Web.Page() function is utilized in an M query.
3. When a single M query combines data from cloud and on-premises data sources.
PaaS (Platform-as-a-Service) services, such as Azure SQL Database, Azure SQL Data Warehouse, or
Azure Analysis Services do not require a gateway for connectivity, nor do SaaS (Software-as-a-
Service) solutions such as Salesforce or Google Analytics.
Setting up the On-Premises Data Gateway involves the following process:
65. Dev = App Workspace; Prod = App
Publish Type = Manual
The first option involves utilizing an App Workspace as the Development area. The act of
publishing or updating an App represents moving content into Production.
This option is lightweight and easy to implement.
It offers the ability to control exactly when the user base sees changes to reports and dashboards.
A middle tier to handle testing is not available.
If there are different data source connections (ex: to query from, say, a test system instead of a production system), that cannot be handled in
this option.
66. Dev, Test, Prod = Distinct App Workspaces + Distinct Apps
Publish Type = Manual
The second option involves more complex application
lifecycle management. This option depicts the usage of
separate App Workspaces for the separation of
Development, Test, and Production.
Since the different tiers are specifically enumerated,
the number of environments needed can be easily
customized to exactly what is needed.
This option requires some processes/procedures,
and efficient team communication, to execute
seamlessly. IT teams are typically used to this type of
rigor, whereas business-oriented teams are often
less familiar with deployment processes.
Since this technique relies on publishing from Power
BI Desktop, usage of the Power BI Service for
content creation (i.e., web only reports) is
discouraged.
A future feature coming to App Workspace
management is the ability to copy content between
App Workspaces. At that point in time, the
publishing process beyond the Development
environment would no longer involve Power BI
Desktop. (See Option 3 next for a current alternative.)
67. Dev, Test, Prod = Distinct App Workspaces + Distinct Apps
Publish Type = Automated
The third option also involves separate App Workspaces for the
separation of Development, Test, and Production. However,
instead of deploying from Power BI Desktop as shown in Option
2, the Power BI REST APIs are utilized to export content from a
workspace and re-import to another. This technique is discussed
in this blog post, which also includes a sample PowerShell script.
Since the different tiers are specifically enumerated, the
number of environments needed can be easily customized
to exactly what is needed.
This technique changes the Test and Production
deployment techniques to a programmatic process, which
is considered a much more sound practice for deployments
as compared to deploying from a client tool like Power BI
Desktop.
This technique clones all of the content from a workspace,
so it can also deploy dashboards and web-only reports.
Requires knowledge of using PowerShell to call the Power
BI REST APIs.
This option requires some processes/procedures, and
efficient team communication, to execute seamlessly. IT
teams are typically used to this type of rigor, whereas
business-oriented teams are often less familiar with
deployment processes.
There is not currently an API to publish an App. Therefore, it
is not possible to completely automate the full end-to-end
process.
Can now use Power BI cmdlets instead of Power BI REST API calls
68. The future of content lifecycle management in Power BI
https://myignite.techcommunity.microsoft.com/sessions/83502
69. The future of content lifecycle management in Power BI
https://myignite.techcommunity.microsoft.com/sessions/83502
71. Power BI integrates with Azure Active Directory Business-to-Business (AAD B2B) to allow secure distribution of Power BI content to
guest users outside the organization – while still maintaining control over the internal data.
cc c
Azure B2B – Overview
Approach 1 Approach 2 Approach 3
Lucy has no Power
BI License, but can
still access Contoso’s
app, since it is in
premium
Power BI Premium Pro Licenses Assigned Manually Guest’s Bring their Own License
Supports Ad-hoc Invites, Planned Individual Invites (via Admin portal), and Bulk Invites (via PowerShell)
73. Azure B2B – Governance
Control guest invites
Power BI administrators can control external sharing just for Power BI by visiting the Power BI admin portal. But
tenant administrators can also control external sharing with various AAD policies. These policies allow tenant
administrators to
• Turn off invitations by end users
• Only admins and users in the Guest Inviter role can invite
• Admins, the Guest Inviter role, and members can invite
• All users, including guests, can invite
You can read more about these policies in Delegate invitations for Azure Active Directory B2B collaboration.
All Power BI actions by external users are also audited in our auditing portal.
Conditional Access policies for guest users
Contoso can enforce conditional access policies for guest users who access content from the Contoso tenant.
You can find detailed instructions in Conditional access for B2B collaboration users.
74. Azure B2B – FAQ
Can I send an invitation that is automatically redeemed, so that the user is just “ready to go”? Or does the user always have to
click through to the redemption URL?
• Invitations that are sent by a user in the inviting organization who is also a member of the partner organization do not
require redemption by the B2B user.
• You should invite one user from the partner organization to join the inviting organization. Add this user to the guest
inviter role in the resource organization. This user can invite other users in the partner organization by using the sign-in
UI, PowerShell scripts, or APIs. Then, B2B collaboration users from that organization aren't required to redeem their
invitations.
Can I force multi-factor authentication for guest users if its partners don't have multi-factor authentication?
• Yes. For more information, see Conditional access for B2B collaboration users.
How does B2B collaboration work when the invited partner is using federation to add their own on-premises authentication?
• If the partner has an Azure AD tenant that is federated to the on-premises authentication infrastructure, on-premises
single sign-on (SSO) is automatically achieved. If the partner doesn't have an Azure AD tenant, an Azure AD account is
created for new users.
Can I invite guest users with consumer email accounts?
• Inviting guest users with consumer email accounts is supported in Power BI (including domains such as hotmail.com,etc.)
75. Azure B2B – Limitations
1) External B2B guests are limited to consumption of content only. External B2B guests can view apps,
dashboards, reports, export data and create email subscriptions for dashboards and reports. They can't access
workspaces or publish their own content.
2) This feature is not currently available with the Power BI mobile apps. On a mobile device, you can view Power
BI content shared using Azure AD B2B in a browser.
3) This feature is not currently available with the Power BI SharePoint Online report web part.
77. Administration Roles
Type of administrator Administrative scope Power BI scope
Office 365 Global Administrator Office 365
Can manage all aspects of a Power BI tenant and
other services.
Power BI Service Administrator Power BI tenant
Has full control over a Power BI tenant and its
administrative features (except for licensing).
Office 365 Billing Administrator Office 365
Can acquire Power BI licenses through Office 365
subscriptions.
Power BI Premium Capacity Administrator A single Premium capacity
Has full control over a premium capacity and its
administrative features.
Power BI Embedded Capacity Administrator A single Embedded capacity
Has full control over an embedded capacity and its
administrative features.
There are several roles related to Power BI administration, which are covered in the following table.
84. Automating and Managing PBI Programmatically
• PowerShell Cmdlets for Power BI
• https://www.powershellgallery.com/packages/Microsoft.PowerBI.PowerShell/1.2
• Power BI REST APIs
• https://docs.microsoft.com/en-us/rest/api/power-bi/
89. Helpful Links on Security
Whitepaper on Power BI Security
Documentation on Power BI Security
Whitepaper on “Supporting Your EU GDPR Compliance Journey With Microsoft Power BI
Security documentation available in the Service Trust Portal
Whitepaper on Distributing Power BI content to external guest users via Azure Active Directory B2B
91. Making Your Content Performant
Limit the number of visuals in dashboards and reports
Put custom visuals through their paces
Set and save filters in reports
Limit complicated measures and aggregates in data models
Perform load testing on your backend
93. Resources
• powerbiweekly.info - Great weekly PBI newsletter
• M language reference - Official Power Query M Reference
• DAX Studio - Useful open source tool for executing and analyzing DAX queries, founded by Darren Gosbell
• DAX Guide - Your go-to reference on the DAX language, created by the SQLBI team
• Power BI Visuals Reference - An exhaustive list (as of Sep. 2018) of all Power BI native & custom visuals,
placed into separate categories, again created by the SQLBI team
• Report Theme Generator - A handy report theme generator created by the Power BI Tips and Tricks team
• Power BI Theme templates - Detailed Power BI Theme templates for all the native visuals, created by David
Eldersveld
• Power BI from Rookie to Rock Star - Free, detailed eBook to get up and running with Power BI, written by Reza
Rad
• Power BI Architecture diagram - An informative Power BI Architecture diagram, created by Dustin Ryan
• Power BI Whitepapers - A list of official Power BI whitepapers, covering Security, Premium deployment,
Advanced Analytics and more
• Power BI Events - Interactive report displaying upcoming Power BI events worldwide, built by Matt Allington, Phil
Seamark and Reid Havens
• Guidance for Power BI
• Power BI Team Blog - Regular roundups of new updates and features, technical tips, and announcements
• Guy In a Cube YouTube Channel - Excellent resource available for you to learn about Power BI
• Power BI Documentation - The official Power BI documentation site is very detailed and updated on a regular
94. Resources
• Power BI Community Site - Many contributions including a community knowledgebase, forums for Q&A,
announcements, and several galleries such as the Themes Gallery, Data Stories Gallery, R Scripts Gallery,
Quick Measures Gallery, among others
• Power BI User Groups - Great place to hear presentations by Power BI experts, talk to other Power BI users,
and potentially even recruit new staff
• Power BI Community Bloggers
• Dax Formatter - The DAX Formatter tool improves the readability of DAX
• Lingo - Lingo is a web-based code editor for editing the linguistic schema in Power BI, for the purpose of
improving how the natural language Q&A functionality
• Power BI Helper - The Power BI Helper aids in removing unused data elements from a model, finding
dependencies, and in documenting a model
• Power BI Documenter - Power BI Documenter is a tool which auto-generates documentation from Power BI
Desktop, for the purpose of identifying and documenting data usage, visuals, and development practices
• Power Update - Power Update is a tool which moves scheduled refresh operations for datasets in Power BI
Desktop or Excel to a local machine
• Power BI Visual Planning - The Visual Planning tool allows for users to edit data directly in a report or
dashboard
• Power Pivot Utilities - Power Pivot Utilities is an add-in for Excel. It aids with documenting models, relationships,
calculated columns, unused columns, and memory usage via a set of VBA macros
• Turbo.net Power BI Desktop Application - The Turbo.net tools allow applications to run on any desktop. Their
95. Roadmap Features
Download the 2019 release wave 2 PDF (last updated September 23, 2019)
The Power Platform release plan (formerly release notes) for the 2019 release wave
2 describes all new features releasing from October 2019 through March 2020 for
PowerApps, Power BI, and Microsoft Flow. You can either browse the release
plan online or download the document as a PDF file.
Let us know your thoughts. Share your feedback on a community forum
for Dynamics 365 or users of the "Power" suite of products (Power BI, PowerApps,
Flow, and Stream). We’ll use your feedback to make improvements.
Note: (These release notes describe functionality that may not have been released yet. Delivery timelines and projected
functionality may change or may not ship (see Microsoft policy).)
96. Q & A ?
James Serra, Big Data Evangelist
Email me at: JamesSerra3@gmail.com
Follow me at: @JamesSerra
Link to me at: www.linkedin.com/in/JamesSerra
Visit my blog at: JamesSerra.com (where this slide deck is posted under the “Presentations” tab)