Monthly Archives: August 2022

Power BI Governance – Processes

Part 4. The Process and framework pillar

This is part 4 of my Power BI Governance series. You can read previous parts here:

Part 1, Introduction to Power BI governance

Part 2, Power BI Governance Strategy

Part 3, The people pillar

Process and framework pillar

The second of the five pillars of Power BI Governance is the Process and frameworks pillar. The order of the pillars is not important, so all the pillars are equally important.

Processes and frameworks are the backbone of a good governance strategy. They are used to guide administrators and users how to use Power BI in a compliant manner and using best practices.

In my opinion, when it comes to governance, a framework is just a collection of processes. Therefore, I will only talk about processes in this blog.

It´s important to say at this point that we are just talking about documents to help people use Power BI correctly. If you prefer to call them something else than processes, there is no reason not to. Many of my customers prefer to call these documents best practices documents, while others don´t mind the name process. The important thing to remember is that you make it clear to the users which parts of the documents are required, and which are optional best practices. In my experience people tend to take processes more seriously than best practices but also dread them more. You need to find the best way in your organization to keep people interested and make sure they take the documents seriously.

There are many different processes you could create in an organization. It all depends on your governance strategy and how much you want to split up topics. For instance you might create a development process that covers everything from Power BI Desktop development to publish and share or you might have one development process and another process for publish etc.

When I work with customers on Power BI governance, I will suggest that we cover at a minimum:

  • Power BI Development guide
  • Power BI publish / deployment guide
  • Power BI sharing guide
  • Power BI Administration guide
  • Power BI Tenant settings documentation

There are others that could be done separately such as a security process or a naming standard but that depends on the customer and the users (their skill, tolerance to documentation and usage scenarios)

Normally I will create the documents with my customer by first running workshops to better understand what they want and need. Normally, I will do one for each document or audience depending on how the customer wants to proceed. The important thing here is to listen to the stakeholders.

For the admin docs, you need to talk to current Admins on how they are administrating the system and balance that on best practices and the governance strategy (what do we allow of settings, separation of duties etc.). I will often use the tenant setting documentation to make sure everyone understands each setting and set it appropriately. In my opinion it´s very important to understand them well and challenge each decision to turn off settings that might make life easier to the user. Preferably you will write in the tenant settings documentation why the setting is sat in the documented manner.

For the development docs you will need to talk to representation of developers, both IT and business to understand how they are developing and want to develop and balance that against the governance strategy. You might end up with one process for IT and another for business users. For example, you might decide that it shouldn’t be a problem requiring IT to use source control, but it might be too much for business users. They might be comfortable with OneDrive version control instead.

For the publish and sharing docs the audience for the workshop depends on how it works in your organization. Do you have a deployment process in place or does everyone publish from Power BI Desktop? Do you allow users access to all workspace, or do you have separation of duties on some (production) workspaces? Does the same person do both publish and share? How you proceed with the publish and sharing docs will always depend on your environment.

If you figure out that the governance requirements would fundamentally change how the users work with Power BI or turn off settings that are crucial to the way, they work you have a huge communication task ahead of you and need strong management backing.

This concluded part 4, Process and framework pillar. Part 5 will cover pillar 3 Training and support

Power BI Governance – People

Part 3. The People pillar

This is part 3 of my Power BI Governance series. You can read previous parts here:

Part 1, Introduction to Power BI governance

Part 2, Power BI Governance Strategy

People pillar

First of the five pillars of Power BI Governance is the People pillar. The order of the pillars is not important, so all the pillars are equally important.

The people pillar is about having the right roles in place and actually recognize that people who have those roles need time to perform them. There are no fixed roles in Power BI but there are some roles that I see many customers have in common. The roles are not always organizational/technical roles but sometimes a set of tasks that the same person performs that are important to the governance of the platform. The Power BI related roles I typically see in organizations are:

  • Power BI Administrator
  • Power BI Gateway Administrator
  • Power BI Auditor
  • Power BI Supporter(s)

In many cases multiple roles will be covered by one person but there might also be multiple people for a single role. As there is no one way this is done from organization to organization I´m not going to dig deep into the roles.

The main point I always try to make when it comes to roles in the Power BI governance effort is that organization acknowledge that these roles exist even though they are not described in the persons job description. I want them to also acknowledge that the roles require time from the person performing them. So, it´s about placing the hat (role) and either allocate time or understand this role is being performed at the cost of other roles the person has. All to often I see that these roles are unofficial/invisible, and people are expected to perform them besides their “normal” day job which is most often developing in Power BI. If you work in Power BI or are responsible for Power BI in your organization, I encourage you to figure out which tasks your Power BI people are doing besides developing and try to figure out if there is a need for a role description and time allocation for the role to be performed to the standard your organization wants. You should also consider if they need training to perform these tasks effectively and to a high standard.

This concluded part 3, People pillar. Part 4 will cover pillar 2 Processes and Framework.

Power BI Governance series – strategy

Part 2. Governance strategy

This is part 2 of my Power BI Governance series. You can read part 1, Introduction to Power BI Governance here

Governance strategy

In Power BI, as with so many other things, the main governance issue is people. You are trying to influence people’s behavior with either guidance or technical restrictions. Although technology does help in many cases, more often than not, governance is about influencing people’s behavior with training and best practice documents. Keep that in mind when you design your governance strategy. Don´t focus too heavily on technology. Having well trained users that know how to use Power BI in the right way is the best way to stay compliant.

Having a good governance strategy and implementing it properly is a huge step in securing compliance. In this part 2 of my Power BI governance series, we will explore what you should keep in mind when creating your governance strategy and what the key things to implementing it successfully are. A governance strategy is most often a separate document describing the purpose and goals of your governance effort. It, most likely, won´t go into details of the controls themselves.

When you start creating your governance strategy there are few things, I think. you should keep in mind:

  • Consider current IT Governance strategy
  • In your organization is Power BI:
    • Enterprise BI tool
    • Self-service BI tool
    • Managed self-service
    • All the above
  • Other considerations
    • How sensitive is your data?
    • How do developers and users work with Power BI?
    • How experienced are your developers?
    • What kind of security requirements and/or industry standards do you have to adhere to?
    • How much audit trail do you need?

The answer to the questions above should get you one step closer to figuring out what your governance strategy should contain. You can then use the five pillars of Power BI Governance described in part 1 of this blog series to help you understand what topics to cover in your strategy.

When it comes to implementing a Power BI governance strategy there are few things that can help you to be successful with it.

The key to success is, in my mind, is:

That you secure management buy-in. Without management buy-in you will have hard time implementing your strategy. Governance is often about restricting people and making them use tools in a certain way which might be different to what people want to do. Convincing people to follow your strategy without management backing will be an uphill battle in most cases.

Find a way to document your control measures. It might sound very simple but deciding before you start how you are going to document the strategy and the controls you will implement can be extremely beneficial. You need to make sure that the documents are easy for users to find, read and understand. What the right level of documentation, language and storage are for your organization will depend a lot on what your users are used to. If you are in a highly regulated business your users will be used to reading and understanding heavy texts and will know where governance documents are stored. If on the other hand you are operating in a business where users are not used to that, you might need to keep the documents on a lighter level so that you don´t risk users dismissing them or not reading them properly. There are several techniques that you can use to help your less experienced users to understand governance documents such as having short summaries at the top with key takeaways or breaking them into smaller documents that don´t require as much reading.

Figure out how you want to enforce the controls you put in place. If you put in place controls that you expect people to follow you need to be able to enforce them. When you set up your controls you need to ask yourself two questions. How do I understand if the control is being followed or not and how do I react if they are not? If you don´t know if your controls are being followed or not, they are not very useful. Yes, they might help people use Power BI correctly but it´s very important to understand if they are or not. Likewise, you need to know how you will enforce the control if people are not following them as if you don´t do anything or if you react in an unpredictable way it´s hard for people to take the control seriously. This is where management backing is very important as they usually have bigger say in how people behave.

This concludes part 2, Power BI Governance Strategy. Part 3 will cover the first pillar People

Power BI Governance series – introduction

This is the first part in a 7 part series on Power BI governance. I will add links to the next parts as I publish them.

Part 1. Introduction to Power BI governance

Governance can mean many things and often different things to different people. In this article series I want talk about my view on Power BI governance and what I think you should be doing when it comes to governing your Power BI environment.

Before I go any further, I just want to mention that Microsoft has some material on Power BI governance that you might be interested in. You can find it here:

Why governance

Governance is about making sure the right people do the right thing within the defined boundaries of the organization. We need to make sure the BI system (Power BI) does not expose data to the wrong people and that the artifacts are stored, shared, and maintained in the right way. Furthermore, we need to make sure that the users, creators, and administrators know how to use, manage, and secure the artifacts

As Power BI is partly self-service, it is vital that the governance is implemented early and in such a way that it does not impede creators and users unless necessary. Being restrictive in the wrong place can lead to implementation failure and un-governed solution frequently known as Shadow IT. It´s important to tread carefully to avoid that situation but at the same time make sure your organization is compliant and secure

Governance strategy

In my opinion Power BI governance strategy has 5 pillars, People, Processes and framework, Training and support, monitoring and Settings and external tools.

Most of these pillars are non-technical. Only Monitoring and Settings and external tools are technical. This often distracts organizations as many like to think that problems should be solvable with technology. The reality is that technology can only partly help. As with so many other things the main governance issue is people. Having well trained users that know how to use Power BI in the right way is the best way to stay compliant.

Having a good governance strategy and implementing it properly is therefore a huge step in securing compliance.

The 5 pillars cover all of what your governance strategy implementation should cover (in my mind).

The people pillar is about having the right roles in place and actually recognize that people what have those roles need time to perform them. All too often I see that people have unofficial Power BI roles with no time allocation. For example, I see with few of my clients that the Power BI Administrator is the best Power BI person in the company who is expected to do the administration besides their Power BI development. It might work and often does but it should still be recognized that it takes time and it comes with responsibility which requires it to be done properly.  

The processes and framework pillar is about having the proper documents in place so users can use Power BI correctly and be compliant. Processes or best practices are document that describe how to use or administer Power BI. Frameworks often describe the method on which you base the process/best practice documents on.

The training and support pillar is about making sure everyone that uses Power BI has gotten the required training. Here you will describe your training plan, decide what type of training each user type should get and how to make sure you reach everyone with your training. It´s also here you might describe how you support your users going forward with things such as internal user groups or subscription to external training library.

The monitoring pillar is about setting up monitoring of Power BI. Usually, it involves extracting data from the Power BI activity log as well as the Power BI REST APIs for information about existing artifacts in your Power BI tenant. Sometimes you might extract data from other parts of Microsoft 365 such as employee data to supplement the activity and inventory data. This part of the governance effort is both about describing your monitoring (documentation) as well as implementing it.

The settings and external tools pillar is about making sure Power BI settings are correctly sat as well as how to use other approved tools to support Power BI. Here you will describe all the settings and their correct value in a document. You will also describe how other tools such as Microsoft 365 sensitivity labels or Tabular Editor should be used with Power BI.

This concludes part 1, introduction to Power BI Governance. Part 2 will cover Power BI Governance strategy