Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Join us at the 2025 Microsoft Fabric Community Conference. March 31 - April 2, Las Vegas, Nevada. Use code FABINSIDER for $400 discount. Register now

Abhilash_P
Advocate IV
‎02-20-2025 09:00 AM

Securing Data using Sensitivity Labels in Power BI

Sensitivity labels provide a simple way for users to classify critical content in Power BI without compromising productivity or the ability to collaborate. Before applying the sensitivity labels in PBI Service or PBI Desktop, we need to create different sensitivity labels and their descriptions in Microsoft Purview Portal according to the organization's policies.

 

As of February 2025, the classic Microsoft Purview compliance portal (https://compliance.microsoft.com) has been retired and now redirects to the new purview portal (https://purview.microsoft.com). To create and manage sensitivity labels, users need permissions such as Compliance Data Administrator, Compliance Administrator, or Security Administrator.

 

 

Below are the steps to create sensitivity labels:

  • Access the Microsoft Purview Portal:

Navigate to https://purview.microsoft.com and sign in with the necessary admin credentials.

 

  • Create a New Sensitivity Label:

On the Sensitivity labels page, select + Create a label to start the new sensitivity label configuration.

Abhilash_P_0-1739467966086.png

 

 

 

 

  • Give a name, display name( like public, confidential, Highly confidential), description for users,description for admins and Click Next

 

  • Next, we need to define the scope of the sensitivity labels, this is where we need to apply them like files, emails, sharepoint sites and Teams. Select appropriate check boxes and click Next

 

  • Next choose the protection settings for the files and emails.

 

  • After providing all the information click on Create Label

 

 

Publish Sensitivity Label:                    

 

Now we have created the labels, the next step is to publish them so that users can apply them to their content.

 

  • Sign in to the Microsoft Purview Portal -> Solutions > Information Protection > Sensitivity labels

 

  • On the Label policies page, select Publish label to start the Create policy configuration

Abhilash_P_1-1739467966095.png

 

  • On the Choose sensitivity labels to publish page, select the Choose sensitivity labels to publish link and select the labels that you want to make available in apps and to services, and then select Add.

 

  • Choose Users and Groups: Specify the users and groups for whom the labels will be available.

 

  • Name and Describe the Policy: Provide a name and description for the policy

 

  • Review and Submit: Review your settings and complete the process by submitting. Completing the Create Policy Configuration automatically publishes the label policy.

 

After publishing the label policy, navigate back to Power BI. Under Information Protection, enable the toggle button and click Apply to activate the sensitivity labels in Power BI.

 

 

Applying Sensitivity Labels to a Report

 

Before applying sensitivity labels, we need to consider below requirements :

 

  •  PBI Pro or premium per user license is must along with edit permissions on the content which we want to label

 

  • Sensitivity labels must be enabled for your organization.

 

  • Must belong to a security group that has permissions to apply sensitivity labels

 

  • All licensing and other requirements must be met.

 

Once the above requirements are satisfied, we can apply sensitivity labels by following the below steps.

 

  1. Go the report in the PBI service -> click on three dots -> settings

 

  1. Click on the sensitivity Label and choose the label from the drop down that we want to apply.

 

Below image shows the sensitivity label for a dashboard to Highly Confidential\Any User (No Protection)

 

Abhilash_P_0-1739468047795.png

 

 

  1. Click on the save button to apply the settings.

 

Apply Sensitivity Labels to a Semantic Model

 

  • Go the semantic model in the PBI service -> click on three dots -> settings

 

Abhilash_P_1-1739468047814.png

  • Click on the sensitivity Label and choose the label from the drop down that we want to apply.

 

Abhilash_P_0-1739468078514.png

 

 

  • Select Apply to save the modified settings

How to identify the sensitivity label of a report or semantic model?

 

Once sensitivity label is applied for a report, we can view them under the sensitivity column in the list view of dashboards, reports, semantic models, and dataflows.

 

Abhilash_P_1-1739468155021.png

 

 

This shows how the data is being categorized into different sensitivity labels and thus preventing unauthorized data access. It is also important to note that when labeled data leaves Power BI, either via export to Excel, PowerPoint, PDF, .pbix files, or via other supported export scenarios such as Analyze in Excel or live connection PivotTables in Excel, Power BI automatically applies the label to the exported file and protects it according to the label's file encryption settings.This way our sensitive data can remain protected, even when it leaves Power BI.

 

Summary

Labeling our data correctly with sensitivity labels ensures that only authorized individuals can access sensitive information, protecting it from misuse or unauthorized sharing. These labels classify data based on its confidentiality level, such as public, internal, or highly confidential, and enforce appropriate restrictions accordingly.

Sensitivity labels play a crucial role in maintaining compliance with organizational and regulatory policies, safeguarding data during sharing, and ensuring secure collaboration across teams. By implementing these labels, organizations gain improved control, visibility, and security for their critical data assets while promoting responsible data handling practices.

Comments