Power BI
Best Practice:
Power BI is a business analytics service provided by Microsoft. It provides interactive visualizations with self-service business intelligence capabilities, where end users can create reports and dashboards by themselves, without having to depend on information technology staff or database administrators.
The following sections explain prerequisites, resources, and instructions for integrating with SaaS Management.
| • | Stored Power BI Information |
| • | Required Minimum Permissions for Power BI |
| • | Power BI Authentication Method |
| • | Required Credentials for Power BI |
| • | Data Anonymization for Power BI |
| • | Integrating Power BI With SaaS Management |
| • | Power BI API Endpoints |
The following table describes the available integration tasks and stored data within SaaS Management.
|
Available Integration Tasks |
Information Stored |
|||||||||||||||
|
Application Roster |
|
|||||||||||||||
|
Application Access |
|
Note:The information stored is subject to change as enhancements are made to the SaaS application.
Required Minimum Permissions for Power BI
The minimum API required permissions are based on the Required Application Permissions for Power BI and the Required User Role for Power BI .
Required Application Permissions for Power BI
|
Application Permission |
Description |
Integration Task Name |
|
Directory.Read.All |
Enables you to read the list of users in your Microsoft account. |
Application Roster |
|
AuditLog.Read.All |
Enables you to read the audit log details in your Microsoft account. |
Application Access |
|
Offline_access |
Enables you to generate the refresh token. |
|
Required User Role for Power BI
Note:The following SaaS application user role is not applicable to Flexera One roles.
|
User Role |
Description |
|
Application Administrator |
To grant the application permissions, the user must have Application Administrator access. For more information, see Microsoft’s description of the Application Administrator. |
Note:Consider the following:
| • | After the Authorization is completed and the integration tasks are executed successfully, the user role can be reduced to the Report Reader role. |
| • | After Authorizing, changing the password, or revoking the user roles for the user used for authorizing will result in an integration task failure. |
| • | To fetch sign-in events, you must have an Azure AD Premium P1 or Premium P2 license assigned per tenant (for more information, see Microsoft’s documentation topic, Microsoft Entra Plans & Pricing), and you must ensure the Office 365 audit log is turned on (for more information, see Microsoft’s documentation topic, Turn Auditing On or Off). |
Power BI Authentication Method
The required authentication method is OAuth 2.0 With Authorize Flow. For more information, see Microsoft’s documentation topic, Microsoft Identity Platform and OAuth 2.0 Authorization Code Flow.
Required Credentials for Power BI
The following credentials are required:
| • | Username |
| • | Password |
| • | License Type. |
Note:Username and Password are required only for authorizing the application permissions. These values are not stored in SaaS Management.
Data Anonymization for Power BI
Data anonymization is the processing technique that removes or modifies identifiable information. After the process is complete, data cannot be associated with a specific user. It helps protect private and sensitive data as well as private activities while maintaining its integrity.
When adding the Power BI application, it is important to make sure that anonymized users are not imported from Power BI into SaaS Management. You will need to access reports that provide information about your organization’s use of applications and services.
The following procedure is important as a prerequisite to ensure that anonymized user data is not imported when integrating Power BI with SaaS Management.
To view reports with anonymized user data:
| 1. | Sign in to the Microsoft 365 Portal Admin Center. |
| 2. | In the menu, go to Settings > Org settings and click the Services link at the top. |
| 3. | Scroll down and click Reports. |
| 4. | In the window that is displayed, clear the Display concealed user, group, and site names in all reports box. |
| 5. | Proceed to Integrating Power BI With SaaS Management. |
Note:Ensure that data anonymization is disabled in your Microsoft account. Otherwise, all activity data will end up in Suspicious SaaS Activities. For more information, see Microsoft’s documentation topic, Microsoft 365 Reports Show Anonymous User Names Instead of Actual User Names. If anonymized user data has been imported after integrating Power BI with SaaS Management, submit a Flexera Support Case.
Integrating Power BI With SaaS Management
Note:If you are using both a stand alone Power BI license and an Office 365 enterprise package license, SaaS Management is not able to differentiate user activities between the two licenses due to the Microsoft Graph API limitations. As a result, Office 365 activities display as Suspicious Activities.
Complete the following steps to integrate Power BI with SaaS Management.
To integrate Power BI with SaaS Management:
| 1. | In SaaS Management, add the Power BI application. For more information, see Adding an Application. |
| 2. | For License Type, select the appropriate option: |
| • | Free is for Power BI. |
| • | Paid is for Power BI Pro. |
Leave blank if both free and paid licenses are needed.
| 3. | Click Authorize, which will redirect you to the Microsoft portal. |
| 4. | In the Microsoft portal, enter your Application Administrator username and password to sign in. |
| 5. | In the Microsoft Permissions requested window, click Accept to authorize and provide access to the account for the APIs used in the integration. |
Note:All blocked users will be displayed as normal users in SaaS Management.
Application Roster
https://graph.microsoft.com/v1.0/users
Application Access
https://graph.microsoft.com/v1.0/users/auditLogs/signins