Tag: Microsoft Fabric

Azure, Azure SQL Database, Business Intelligence - BI, Fabric Administrator, Fabric Capacity, Microsoft Fabric, Power BI, Power BI Governance, Power BI Service, Purview

Sharing Power BI Reports with External Users – Part 3: Sensitivity Labels, Encryption, and Secure Sharing

Sharing Power BI Reports with External Users the Right Way, Part 3: Sensitivity Labels, Encryption, and Secure Sharing

In Part two of this series, we walked through how to configure your Microsoft Fabric environment to securely share Power BI reports with external users across Microsoft 365 tenants. We covered licensing requirements, admin portal settings, how to invite guest users, and how to share reports directly with them.

Now, in the third and final part of this blog series, we focus on two important areas that are often overlooked:

  • What happens when Microsoft Purview sensitivity labels are applied to a report
  • How to refine admin portal settings to better control guest users’ access to Fabric

This series was originally created to support a YouTube video I published in April 2025. The topic turned out to be too broad to explain well in one blog, so I decided to split it into three parts.

Here is the complete series:

  • Part 1: Understanding the Problem and Core Concepts
    This post explains why external sharing can be tricky, the key requirements to get it working, important terminology, user roles, and how the whole process fits together.
  • Part 2: Hands-On Guide to Setup and Sharing
    A step-by-step walkthrough of how to share reports across tenants, covering licensing, admin portal settings, inviting guest users, and how report access looks from the guest’s side.
  • Part 3: Sensitivity Labels, Encryption, and Secure SharingΒ (this blog)

In this last part, we will look at what happens when Microsoft Purview sensitivity labels are applied, including access control, and will also discuss key admin settings you may need to adjust for more secure collaboration.

If you like to listen to the content on the go, here is the AI generated podcast explaining everything about this blog πŸ‘‡.

If you are someone who prefers video over reading, you can watch the full walkthrough here πŸ‘‡.

Let’s now get into the final piece of this guide.

Sensitivity Labels in Microsoft Fabric

Microsoft Purview sensitivity labels are part of a broader Purview Information Protection framework. These labels are not exclusive to Microsoft Fabric or Power BI. They are designed to be consistently applied across various Microsoft services, including but not limited to Outlook, Word, Excel, SharePoint, and Azure SQL DB. This ensures that data is classified and protected uniformly, regardless of where it is created, stored, or shared. In the context of Power BI, when you apply a sensitivity label to a report, it adds classification metadata and, if configured, applies protection such as encryption and access restrictions. These protections travel with the content. For example, if a report is exported to PDF or PowerPoint, and the label has encryption enabled, that exported file will also be encrypted. So only the users who are authorised to view the content will be able to open it, even outside of the Power BI service. This means your data remains secure not only inside your tenant but also when it moves across users, devices, and even organisations.

What Happens When You Share Encrypted Reports?

Let’s walk through an example.

You share a Power BI report with a guest user. This report has a label applied that encrypts its content. Here is what the guest user can and cannot do:

Continue reading “Sharing Power BI Reports with External Users – Part 3: Sensitivity Labels, Encryption, and Secure Sharing”
Azure, Fabric Administrator, Microsoft Fabric, Power BI, Power BI Governance

Sharing Power BI Reports with External Users – Part 2: Hands-On Guide to Setup and Sharing

In Part one of this series, we covered the foundational concepts behind sharing Power BI reports with external users. We explained why this is more complex than it seems, outlined the key requirements, clarified essential terms like guest users and Entra ID, and defined the roles involved in setting up secure external access.

Now that we have the groundwork in place, it’s time to walk through the process step by step.

This blog is based on the walkthrough portion of my YouTube video published in April 2025, where I explained the scenario and how to implement it, from configuring the necessary settings to sharing reports across two Azure tenants.

Here’s a quick guide to the full series:

  • Part 1: Understanding the Problem and Core Concepts
    This post explains why external sharing can be tricky, the key requirements to get it working, important terminology, user roles, and how the whole process fits together.
  • Part 2: Hands-On Guide to Setup and Sharing (this blog)
    A step-by-step walkthrough of how to share reports across tenants, covering licensing, admin portal settings, inviting guest users, and how report access looks from the guest’s side.
  • Part 3: Sensitivity Labels, Encryption, and Secure Sharing
    An in-depth look at what happens when Microsoft Purview sensitivity labels are applied, including access control, encryption, and key admin settings you may need to adjust for secure collaboration.

In this post, we’ll focus on a practical scenario. One organisation, let’s call it Tenant A, wants to share a Power BI report with someone from another organisation, Tenant B. We’ll cover everything from verifying licenses to configuring the Fabric Admin Portal and inviting the external user. If you’re looking to follow along, this guide will give you a clear path to replicate the same setup in your environment.

If you like to listen to the content on the go, here is the AI generated podcast explaining everything about this blog πŸ‘‡.

If you are someone who prefers video over reading, you can watch the full walkthrough here πŸ‘‡.

Scenario Overview

Let’s imagine we have two different Azure tenants. One belongs to the organisation that owns the Power BI report (Tenant A) and the other belongs to a partner or customer who needs access to that report (Tenant B).

The objective is to share a report from Tenant A with a user in Tenant B, in a secure and controlled way.

We will go through the steps the admin and report owner in Tenant A need to follow to make this work properly.

Step 1: Verify Power BI Licensing

Before setting up anything, make sure both users involved have a valid Power BI license. This might seem obvious, but it is a very common reason why external sharing fails or behaves unexpectedly.

In the demo example:

  • The report owner in Tenant A has a Power BI Pro license.
  • The external user from Tenant B (named Nestor) also has a Power BI Pro license.

You can confirm this by clicking the Account Picker icon in Microsoft Fabric and looking at the License type. If the external user does not already have a Pro or PPU license, you either need to assign one through your tenant or ask them to obtain the license.

Continue reading “Sharing Power BI Reports with External Users – Part 2: Hands-On Guide to Setup and Sharing”
Azure, Fabric Administrator, Fabric Capacity, Microsoft Fabric, Power BI

Sharing Power BI Reports with External Users – Part 1: Understanding the Problem and Core Concepts

Sharing Power BI reports with external users is a common but often misunderstood scenario. While it may seem simple on the surface, doing it properly and securely involves many moving parts. I’ve already published a video on this topic, which turned out longer than expected because of the number of details involved.

To make this blog easier to follow and more digestible, I’ve broken the content into a three-part blog series. Each part covers a focused area of the topic:

Part 1 (this blog): Understanding the Problem and Core Concepts This post explains why external sharing can be tricky, the key requirements to get it working, important terminology, user roles, and how the whole process fits together.

Part 2: Hands-On Guide to Setup and Sharing A step-by-step walkthrough of how to share reports across tenants, covering licensing, admin portal settings, inviting guest users, and how report access looks from the guest’s side.

Part 3: Sensitivity Labels, Encryption, and Secure SharingΒ An in-depth look at what happens when Microsoft Purview sensitivity labels are applied, including access control, encryption, and key admin settings you may need to adjust for secure collaboration.

If you like to listen to the content on the go, here is the AI generated podcast explaining everything about this blog πŸ‘‡.

If you are someone who prefers video over reading, you can watch the full walkthrough here πŸ‘‡.

Introduction

Are you a Power BI developer or someone in a BI or finance team who needs to share reports with customers, partners, or vendors? If they are not part of your Microsoft 365 tenant, things get a bit more complex than just clicking the “Share” button.

This is a common need, especially in consulting scenarios, but doing it securely and correctly takes more than people often think. It involves both technical setup and a clear understanding of roles and terminology.

Continue reading “Sharing Power BI Reports with External Users – Part 1: Understanding the Problem and Core Concepts”
Azure, Fabric Capacity, Microsoft Fabric, Power BI, Power BI Governance

Microsoft Fabric: Revealing Cost-Saving Results from Automating Pause & Resume Fabric Capacity

Microsoft Fabric: Revealing Cost-Saving Results from Automating Pause & Resume Fabric Capacity

If you work in data and analytics, particularly within the Microsoft Data Platform, you have likely heard of Microsoft Fabric and its many capabilities. However, one of the biggest challenges organisations face is managing costs effectively.

In previous blogs and videos, I have covered how to optimise Microsoft Fabric capacity costs by automating the pause and resume process using Logic Apps. This approach ensures that your Fabric capacity runs only when needed, reducing unnecessary expenses. But how much can this method actually save? In this post, I share the real cost-saving results after applying this automation over the past few months.

Why Automate Pause & Resume?

Microsoft Fabric is a powerful platform, but maintaining capacity during off-peak hours can be costly. If your workloads are not running 24/7, you might be paying for unused capacity. By automating the pause and resume process, you can ensure that your environment is active only when required, leading to substantial savings.

When Should Organisations Consider Automation?

Not every organisation requires automated capacity management, but here are some scenarios where it makes sense:

  • Non-Continuous Workloads: If your organisation runs batch processing, reporting, or analytics workloads that do not need 24/7 uptime, automation can help cut costs.
  • Business Hours Usage: If your team primarily operates during specific hours, pausing capacity during off-hours prevents unnecessary spending.
  • Seasonal or Project-Based Needs: Companies with fluctuating workloads based on seasons or projects can optimise expenses by automating capacity scaling.
Continue reading “Microsoft Fabric: Revealing Cost-Saving Results from Automating Pause & Resume Fabric Capacity”