Difference between public link x Embed for your co...

marcelocostafil · ‎04-04-2024

Hey everyone!

I don't know if this makes sense, so please share your thoughts...

So, I've "build" the solution from the Embed for Your Costumers code examples from MS, put in my application and now I have a report from Power BI that appears in my application, using the Azure App to generate the token, and now I have two questions:

1 - When I open my application with this solution, the report appears to me, without the need to put login and password. In this case, what's the difference between this way and the "public link" way? Like...in both ways the user does not need a licence, and I want to show just my report, without additional filters or anything like that.

2 - There's a way to create a authentication method? In the way that, the user does not need to have a license, but needs to be inside our organization tenant to check the report.

A few notes.

- My application already have a login and password, but even with this security step, I really need more security to show the report only for the customers inside of our tenant.

- Here is the step by step that I followed - Embed content in your Power BI embedded analytics application - Power BI | Microsoft Learn
- Here the example solution - GitHub - microsoft/PowerBI-Developer-Samples: A collection of Power BI samples for developer use.

Anonymous · ‎04-04-2024

Hi @marcelocostafil ,

I hope this message finds you well. I understand you’re seeking clarity on the differences between the “Embed for Your Customers” and “Public Link” options in Power BI. Here’s a detailed explanation:

Embed for Your Customers: This approach, also known as the “App Owns Data” model, allows you to securely embed Power BI content into your application. This is particularly useful for users who lack the necessary permissions or licenses to access Power BI content within your organization. The embedded content can only be accessed via your application, providing you with full control over access and interaction. Furthermore, Azure Active Directory (AAD) can be utilized for user authentication, ensuring that only users within your organization’s tenant can view the report.

Public Link: Also referred to as “Publish to Web”, this option allows anyone on the internet to view your published report or visual without requiring authentication. However, it offers less control over who can access the content.

It’s important to note that while your application may already have login and password security measures in place, embedding Power BI reports necessitates additional security precautions to ensure that only authorized users can access the reports.

For more information, you may refer to the following resources:

Best Regards

marcelocostafil · ‎04-05-2024

Hello @Anonymous.

Thank you for the response!

So, in the end, if I want to get real security using this solution from the GitHub repository, I need to put in the code another step for authentication using Azure, right?
Because, if I leave the way it's built, all the users using my application could see.

Note: I think I was not clear before, but we have this application, and we have users with login and password. But not everyone with login and password should to see the report, only those who are in our Tenant. So it would be two separate things (1 - The user can enter our application and do his process as normal and 2 - just a few users should get to the report, for planning and strategies).