In Power BI, sensitivity labels are applied to datasets, reports, and dashboards to enforce data security and compliance policies. Here's an overview of how to apply these labels and the best practices for doing so:
1. Applying Sensitivity Labels to Datasets:
-
In Power BI Service: Sensitivity labels can be applied to datasets directly in the Power BI Service by admins. When creating or updating a dataset, admins can assign a label via the Settings page of the dataset.
-
Automatic Labeling: Sensitivity labels can be set to apply automatically based on predefined criteria (e.g., keywords or patterns like credit card numbers). This is done using Microsoft Information Protection policies in the Security & Compliance Center.
2. Applying Sensitivity Labels to Reports and Dashboards:
-
In Power BI Service: When publishing reports or dashboards to the Power BI Service, users or admins can apply sensitivity labels by selecting the appropriate label from the Sensitivity dropdown on the report/dashboard settings page.
-
In Power BI Desktop: The sensitivity label for reports or dashboards can be applied before publishing by selecting the label from the File → Options and settings → Options → Sensitivity.
3. Best Practices for Applying Sensitivity Labels:
-
Define Clear Labeling Policies: Develop clear sensitivity labeling policies that define the types of data that require specific labels (e.g., “Confidential”, “Internal Use Only”, etc.).
-
Automate Labeling: Use automatic labeling policies in Microsoft Purview (formerly known as Microsoft Compliance Center) to ensure sensitive data is classified consistently across Power BI and other Microsoft 365 tools.
-
Test Labels: Test labels on smaller datasets and reports first to ensure they are applied correctly before broad deployment.
-
Monitor and Audit: Regularly audit and monitor how sensitivity labels are being applied to ensure compliance. Use Power BI's built-in monitoring tools and Microsoft Purview for comprehensive auditing capabilities.
-
Educate Users: Ensure that Power BI users understand the importance of applying sensitivity labels and follow the organizational guidelines to maintain data security.
4. Enforcing Sensitivity Labels:
-
Access Control: Labels can be used to enforce security, such as restricting data access or preventing sharing and export of sensitive data based on the applied label.
-
Data Loss Prevention (DLP): Sensitivity labels can trigger DLP policies to prevent unauthorized sharing or accidental exposure of sensitive information.
5. Limitations:
-
Sensitivity labels can only be applied in Power BI if your organization is using Microsoft Information Protection, which is a part of Microsoft 365 Compliance.
-
Sensitivity labels don’t encrypt the dataset by default; they enforce actions such as restricting export or sharing.
