Question

How can you audit and monitor label usage in Power BI?
I’m looking for ways to audit and track the usage of sensitivity labels within Power BI, including how to monitor who applied which labels and how they affect data access or sharing.

Answer 1

To audit and monitor sensitivity label usage in Power BI, you can utilize several tools and features within Power BI and Microsoft 365. Here's how you can track and manage label usage effectively:

1. Audit Logs in Microsoft Purview (formerly Microsoft Compliance Center):

• Activity Log: You can access Power BI audit logs in the Microsoft 365 Compliance Center or Security & Compliance Center. These logs capture various activities in Power BI, including who applied, changed, or accessed reports and datasets with sensitivity labels.

• Audit Log Search: Use the Audit Log Search feature in Microsoft Purview to filter by specific actions such as "Apply sensitivity label," "Export report," or "Share report," and identify who performed these actions and when. You can search logs by users, time ranges, and events.

Steps:

• Go to the Microsoft 365 Compliance Center → Audit → Select Power BI activities.

• You can filter for specific events related to sensitivity labels and export the results for further analysis.

2. Power BI Admin Portal:

• Usage Metrics: As a Power BI administrator, you can use the Power BI Admin Portal to monitor user activity and ensure compliance with your sensitivity labeling policies.

• Data Access and Sharing Reports: You can track the usage of Power BI reports and datasets shared externally or internally, providing insights into how sensitivity labels are impacting data access and sharing.

3. Sensitivity Label Reports in Microsoft Purview:

• Label Usage Insights: Microsoft Purview allows admins to run reports that show how sensitivity labels are applied across different workloads, including Power BI. This can help you track which labels are applied to datasets, reports, and dashboards over time.

• Detailed Insights: These reports can give you an overview of label application and identify if any labels are not being applied as expected. You can also monitor if sensitive data is being shared outside the organization.

4. Power BI Service Activity Reports:

• Shared Content and Label Compliance: In Power BI, you can monitor if sensitive content is being shared or exported inappropriately. Activity reports in Power BI can provide data on report views, exports, and sharing, which helps you verify if the applied labels are being respected.

• Workspace and Dataset Permissions: You can also monitor dataset and report access permissions to ensure users are adhering to access restrictions based on sensitivity labels.

5. Setting Up Alerts for Sensitive Data Exposure:

• Data Loss Prevention (DLP) Policies: In Microsoft Purview, you can set up DLP policies to automatically alert or block actions related to sensitive data exposure. These alerts can notify you when reports with sensitive labels are shared or exported in ways that violate policies.

Steps:

• Configure DLP policies to automatically detect the sharing of labeled content (e.g., confidential information) and receive alerts when there is non-compliance.

6. Power BI Activity Log API:

• For more advanced monitoring, you can leverage the Power BI Activity Log API to fetch detailed information about Power BI activities, including the application of sensitivity labels. This API can be used to build custom dashboards or alerts to track label usage across your organization.

Best Practices for Auditing and Monitoring:

• Regularly Review Reports: Schedule regular audits to ensure that the correct sensitivity labels are being applied and monitored.

• Train Admins and Users: Ensure that admins and users understand the importance of sensitivity labels and their proper application to maintain data security and compliance.

• Leverage Automation: Automate reporting and alerting to stay on top of label usage and ensure compliance without manual intervention.