Tag Archives: monitoring

Power BI Governance series – strategy

Part 2. Governance strategy

This is part 2 of my Power BI Governance series. You can read part 1, Introduction to Power BI Governance here

Governance strategy

In Power BI, as with so many other things, the main governance issue is people. You are trying to influence people’s behavior with either guidance or technical restrictions. Although technology does help in many cases, more often than not, governance is about influencing people’s behavior with training and best practice documents. Keep that in mind when you design your governance strategy. Don´t focus too heavily on technology. Having well trained users that know how to use Power BI in the right way is the best way to stay compliant.

Having a good governance strategy and implementing it properly is a huge step in securing compliance. In this part 2 of my Power BI governance series, we will explore what you should keep in mind when creating your governance strategy and what the key things to implementing it successfully are. A governance strategy is most often a separate document describing the purpose and goals of your governance effort. It, most likely, won´t go into details of the controls themselves.

When you start creating your governance strategy there are few things, I think. you should keep in mind:

  • Consider current IT Governance strategy
  • In your organization is Power BI:
    • Enterprise BI tool
    • Self-service BI tool
    • Managed self-service
    • All the above
  • Other considerations
    • How sensitive is your data?
    • How do developers and users work with Power BI?
    • How experienced are your developers?
    • What kind of security requirements and/or industry standards do you have to adhere to?
    • How much audit trail do you need?

The answer to the questions above should get you one step closer to figuring out what your governance strategy should contain. You can then use the five pillars of Power BI Governance described in part 1 of this blog series to help you understand what topics to cover in your strategy.

When it comes to implementing a Power BI governance strategy there are few things that can help you to be successful with it.

The key to success is, in my mind, is:

That you secure management buy-in. Without management buy-in you will have hard time implementing your strategy. Governance is often about restricting people and making them use tools in a certain way which might be different to what people want to do. Convincing people to follow your strategy without management backing will be an uphill battle in most cases.

Find a way to document your control measures. It might sound very simple but deciding before you start how you are going to document the strategy and the controls you will implement can be extremely beneficial. You need to make sure that the documents are easy for users to find, read and understand. What the right level of documentation, language and storage are for your organization will depend a lot on what your users are used to. If you are in a highly regulated business your users will be used to reading and understanding heavy texts and will know where governance documents are stored. If on the other hand you are operating in a business where users are not used to that, you might need to keep the documents on a lighter level so that you don´t risk users dismissing them or not reading them properly. There are several techniques that you can use to help your less experienced users to understand governance documents such as having short summaries at the top with key takeaways or breaking them into smaller documents that don´t require as much reading.

Figure out how you want to enforce the controls you put in place. If you put in place controls that you expect people to follow you need to be able to enforce them. When you set up your controls you need to ask yourself two questions. How do I understand if the control is being followed or not and how do I react if they are not? If you don´t know if your controls are being followed or not, they are not very useful. Yes, they might help people use Power BI correctly but it´s very important to understand if they are or not. Likewise, you need to know how you will enforce the control if people are not following them as if you don´t do anything or if you react in an unpredictable way it´s hard for people to take the control seriously. This is where management backing is very important as they usually have bigger say in how people behave.

This concludes part 2, Power BI Governance Strategy. Part 3 will cover the first pillar People

Power BI Governance series – introduction

This is the first part in a 7 part series on Power BI governance. I will add links to the next parts as I publish them.

Part 1. Introduction to Power BI governance

Governance can mean many things and often different things to different people. In this article series I want talk about my view on Power BI governance and what I think you should be doing when it comes to governing your Power BI environment.

Before I go any further, I just want to mention that Microsoft has some material on Power BI governance that you might be interested in. You can find it here: https://docs.microsoft.com/en-us/power-bi/service-admin-governance

Why governance

Governance is about making sure the right people do the right thing within the defined boundaries of the organization. We need to make sure the BI system (Power BI) does not expose data to the wrong people and that the artifacts are stored, shared, and maintained in the right way. Furthermore, we need to make sure that the users, creators, and administrators know how to use, manage, and secure the artifacts

As Power BI is partly self-service, it is vital that the governance is implemented early and in such a way that it does not impede creators and users unless necessary. Being restrictive in the wrong place can lead to implementation failure and un-governed solution frequently known as Shadow IT. It´s important to tread carefully to avoid that situation but at the same time make sure your organization is compliant and secure

Governance strategy

In my opinion Power BI governance strategy has 5 pillars, People, Processes and framework, Training and support, monitoring and Settings and external tools.

Most of these pillars are non-technical. Only Monitoring and Settings and external tools are technical. This often distracts organizations as many like to think that problems should be solvable with technology. The reality is that technology can only partly help. As with so many other things the main governance issue is people. Having well trained users that know how to use Power BI in the right way is the best way to stay compliant.

Having a good governance strategy and implementing it properly is therefore a huge step in securing compliance.

The 5 pillars cover all of what your governance strategy implementation should cover (in my mind).

The people pillar is about having the right roles in place and actually recognize that people what have those roles need time to perform them. All too often I see that people have unofficial Power BI roles with no time allocation. For example, I see with few of my clients that the Power BI Administrator is the best Power BI person in the company who is expected to do the administration besides their Power BI development. It might work and often does but it should still be recognized that it takes time and it comes with responsibility which requires it to be done properly.  

The processes and framework pillar is about having the proper documents in place so users can use Power BI correctly and be compliant. Processes or best practices are document that describe how to use or administer Power BI. Frameworks often describe the method on which you base the process/best practice documents on.

The training and support pillar is about making sure everyone that uses Power BI has gotten the required training. Here you will describe your training plan, decide what type of training each user type should get and how to make sure you reach everyone with your training. It´s also here you might describe how you support your users going forward with things such as internal user groups or subscription to external training library.

The monitoring pillar is about setting up monitoring of Power BI. Usually, it involves extracting data from the Power BI activity log as well as the Power BI REST APIs for information about existing artifacts in your Power BI tenant. Sometimes you might extract data from other parts of Microsoft 365 such as employee data to supplement the activity and inventory data. This part of the governance effort is both about describing your monitoring (documentation) as well as implementing it.

The settings and external tools pillar is about making sure Power BI settings are correctly sat as well as how to use other approved tools to support Power BI. Here you will describe all the settings and their correct value in a document. You will also describe how other tools such as Microsoft 365 sensitivity labels or Tabular Editor should be used with Power BI.

This concludes part 1, introduction to Power BI Governance. Part 2 will cover Power BI Governance strategy

What´s on in your Power BI environment? – Tenant Settings

Power BI is essentially a self-service BI tool where users traditionally have a lot of freedom to create the reports and dashboards that they need and organize it in a way that suits them.

If you are a Power BI admin or if you´re concerned with governance or security, you often want to know what´s going on in your Power BI environment. Since Power BI is first and foremost a self-service BI tool, Microsoft has not (yet) developed good, out of the box, monitoring tools. This means that you need to develop your own way of monitoring Power BI.

This series of blogs describe what you should be monitoring in Power BI and what method works best for each.

The blogs are:

  1. Power BI Admin Portal Settings
  2. Power BI Artifact Inventory
  3. Power BI Activities
  4. Power BI Capacities

We will start this blog series with looking at how you should monitor your Power BI Admin Portal settings.

Part 1. Power BI Admin Portal

The Power BI Admin Portal is the place where the Power BI Admin can change settings and monitor certain things.

One of the main points of interest is the Tenant settings. Some of the settings that you can change in the Tenant settings part of the portal are who can publish to web, who can share externally, who can create workspaces and where the internal help portal is. There are in all, at the time of this writing, 31 settings you can change. Some of them are fine in the default settings while others like Publish to web should be changed as soon as possible.

Besides the Tenant Settings some of the other things you can change are Capacity Settings, Dataflow Settings, look at all workspaces in the tenant, turn on audit logs, brand the Power BI portal, manage Protection metrics and add Featured content. What ever you decide to change the purpose of this blog is to encourage you to document and monitor the settings

Figure 2: Power BI Admin Portal

Record and monitor Tenant settings

It´s very important that the Tenant settings are documented and monitored regularly. Unfortunately, you cannot monitor these settings automatically, so someone needs to login to the portal and manually check the settings. We recommend that you write down all the settings and have the admin check them once a month. This is especially important if you have more than one administrator. The main reason for that is that any change made in the portal is not logged anywhere you can access. If you have not written down how you want the settings to be, it´s very difficult for an admin to know if the settings are correct as they cannot see if they have been changed unless they remember the previous setting.

Figure 3: Example of Power BI Admin Portal Settings documentation

Besides the Tenant settings we recommend that you turn on Audit logs which are needed for activity monitoring and review Embed codes to make sure there is no sensitive data being embedded outside of an approved system. If you have Power BI Premium you can also use the Capacity settings to control your capacities.

Conclusion

Go through all the settings in the Power BI Admin Portal. Change the settings as needed and then documents every setting. Manually monitor that the settings have not been changed at least once a month as a part of your governance process. Turn on Audit logs and make sure there are no reports being embedded outside of approved systems.

Come back for the next blog on Power BI Artifact collection and monitoring

If you want to discuss Power BI monitoring or governance or get help with implementing it in your organization please contact Ásgeir Gunnarsson on asgeir@northinsights.com or go to https://northinsights.com and find out what we offer and how to get in touch. We offer consulting and advisory as well as training on the whole Business Intelligence lifecycle including Power BI.

Written by:

Ásgeir Gunnarsson

Microsoft Data Platform MVP