Category: Purview

Azure, Azure SQL Database, Business Intelligence - BI, Fabric Administrator, Fabric Capacity, Microsoft Fabric, Power BI, Power BI Governance, Power BI Service, Purview

Sharing Power BI Reports with External Users – Part 3: Sensitivity Labels, Encryption, and Secure Sharing

Sharing Power BI Reports with External Users the Right Way, Part 3: Sensitivity Labels, Encryption, and Secure Sharing

In Part two of this series, we walked through how to configure your Microsoft Fabric environment to securely share Power BI reports with external users across Microsoft 365 tenants. We covered licensing requirements, admin portal settings, how to invite guest users, and how to share reports directly with them.

Now, in the third and final part of this blog series, we focus on two important areas that are often overlooked:

  • What happens when Microsoft Purview sensitivity labels are applied to a report
  • How to refine admin portal settings to better control guest users’ access to Fabric

This series was originally created to support a YouTube video I published in April 2025. The topic turned out to be too broad to explain well in one blog, so I decided to split it into three parts.

Here is the complete series:

  • Part 1: Understanding the Problem and Core Concepts
    This post explains why external sharing can be tricky, the key requirements to get it working, important terminology, user roles, and how the whole process fits together.
  • Part 2: Hands-On Guide to Setup and Sharing
    A step-by-step walkthrough of how to share reports across tenants, covering licensing, admin portal settings, inviting guest users, and how report access looks from the guest’s side.
  • Part 3: Sensitivity Labels, Encryption, and Secure Sharing (this blog)

In this last part, we will look at what happens when Microsoft Purview sensitivity labels are applied, including access control, and will also discuss key admin settings you may need to adjust for more secure collaboration.

If you like to listen to the content on the go, here is the AI generated podcast explaining everything about this blog 👇.

If you are someone who prefers video over reading, you can watch the full walkthrough here 👇.

Let’s now get into the final piece of this guide.

Sensitivity Labels in Microsoft Fabric

Microsoft Purview sensitivity labels are part of a broader Purview Information Protection framework. These labels are not exclusive to Microsoft Fabric or Power BI. They are designed to be consistently applied across various Microsoft services, including but not limited to Outlook, Word, Excel, SharePoint, and Azure SQL DB. This ensures that data is classified and protected uniformly, regardless of where it is created, stored, or shared. In the context of Power BI, when you apply a sensitivity label to a report, it adds classification metadata and, if configured, applies protection such as encryption and access restrictions. These protections travel with the content. For example, if a report is exported to PDF or PowerPoint, and the label has encryption enabled, that exported file will also be encrypted. So only the users who are authorised to view the content will be able to open it, even outside of the Power BI service. This means your data remains secure not only inside your tenant but also when it moves across users, devices, and even organisations.

What Happens When You Share Encrypted Reports?

Let’s walk through an example.

You share a Power BI report with a guest user. This report has a label applied that encrypts its content. Here is what the guest user can and cannot do:

Continue reading “Sharing Power BI Reports with External Users – Part 3: Sensitivity Labels, Encryption, and Secure Sharing”
Azure, Business Intelligence - BI, Data Catalog, Power BI, Power BI Governance, Purview, Self-Service BI

Power BI Governance, Good Practices: Setting up Azure Purview for Power BI

Power BI Governance, Good Practices: Setting up Azure Purview for Power BI

Microsoft newly announced a piece of very exciting news that Azure Purview now supports Power BI. This is massive news from a data governance point of view. Azure Purview is the next generation of Azure Data Catalog with more metadata discovery power and the ability to use sensitivity labels. After reading the news, I immediately decided to set up my test environment and give it a go. I followed the steps mentioned in this article on the Microsoft documentation website but I faced some difficulties to get it to work. And here we are, another blog post to help you to set up the Azure Purview for Power BI.

Note: In this blog post I am not intending to explain what Azure Purview is. You can find heaps of useful information here.

Creating an Azure Purview Resource

We first need to have an Azure subscription, if you don’t have, don’t worry, you can start your Azure free trial subscription here. The following steps explain how to set up Azure Purview for Power BI:Login to the Azure Portal

  1. Click Create a resource button
Creating Azure Purview resource in Azure Portal
Creating Azure Purview resource in Azure Portal

2. Type in Purview in the search box

3. Click Azure Purview

Searching for Purview resource in Azure Portal
Searching for Purview resource in Azure Portal

4. Click the Create button

5. Select your Subscription

6. Select a Resource group or Create new if you don’t have any

7. Type in a name in the Purview account name text box

8. Select the Location

9. Click Review + Create (if you require to do more configurations click Next:Configuration > button)

Creating Azure Purview Account
Creating Azure Purview Account

At this point, Azure validates the configurations and requirements. You may get an error message like below:

Continue reading “Power BI Governance, Good Practices: Setting up Azure Purview for Power BI”