Solved: Best Approach to Build a Unified Portal for Power ...

dorku · ‎05-25-2025

Hi everyone,

I'm looking for advice on the best architectural approach to create a centralized, web-based portal that can display Power BI reports that are published in two separate environments:

1. Power BI Service (Cloud - app.powerbi.com)

2. Power BI Report Server (On-Premises)

The challenge is to provide a seamless experience to end users where they can access all relevant reports from a single entry point (such as an internal or Azure-hosted portal), regardless of where the report is hosted.

I’d appreciate any insights, experiences, or architectural recommendations from those who have dealt with a similar hybrid reporting setup.

Thanks in advance!

v-hashadapu · ‎05-25-2025

Hi @dorku , Thank you for reaching out to the Microsoft Community Forum.

Host the portal on Azure App Service for scalability and easy integration with Power BI. Use a modern frontend like React or Angular to build a clean, responsive interface where users can browse or search a report catalog, unaware of whether reports are cloud-based or on-premises. The portal should feel intuitive, with filters for departments or categories to simplify navigation.

For authentication, implement single sign-on (SSO) with Azure Active Directory. Power BI Service integrates natively with AAD, enabling seamless access to cloud reports. For Power BI Report Server, use Windows Authentication internally and Azure AD Application Proxy to securely connect the cloud portal to the on-premises server. This ensures users log in once and only see reports they’re authorized for, managed via AAD groups for cloud reports and folder-level permissions for Report Server. Apply Row-Level Security (RLS) within Power BI datasets to enforce data-level access control.

Embed reports differently for each environment. For Power BI Service, use Power BI Embedded or the Power BI JavaScript SDK in the App-Owns-Data model, where the portal authenticates via a service principal to generate embed tokens. For Power BI Report Server, embed reports using iframes with their URLs, passing credentials securely via Application Proxy. A unified embedding layer in the portal ensures reports from both sources look consistent, minimizing user confusion.

Store report metadata in an Azure SQL Database to power the catalogue. Use the Power BI REST API to fetch cloud report details and the Report Server Web Service API or SSRS catalogue queries for on-premises reports. Sync the catalogue regularly to reflect updates in report availability or permissions, ensuring users see an accurate, filtered list. Secure all connections with HTTPS. Use Azure AD Application Proxy or a VPN for low-latency, secure access to the on-premises Report Server. Monitor performance with Azure Monitor and cache metadata in Azure Cache for Redis to speed up report loading. For scalability, leverage Power BI Embedded’s capacity management for cloud reports and ensure the Report Server has adequate resources.

Start with a small set of reports to test authentication, embedding, and performance. Note that Report Server reports may lack some cloud features, so adjust the UI for consistency. Consider migrating reports to Power BI Service over time to simplify the architecture if your business allows.

If this helped solve the issue, please consider marking it “Accept as Solution” and giving a ‘Kudos’ so others with similar queries may find it more easily. If not, please share the details, always happy to help.
Thank you.

View solution in original post

v-hashadapu · ‎06-01-2025

Hi @dorku ,
I hope the information shared was helpful. If you have any additional questions or would like to explore the topic further, feel free to reach out. If any of the responses resolved your issue, please mark it "Accept as solution" and give it a 'Kudos' to support other members in the community.
Thank you!

v-hashadapu · ‎05-29-2025

Hi @dorku ,
I wanted to follow up and see if you’ve had a chance to review the information provided here.
If any of the responses helped solve your issue, please consider marking it "Accept as Solution" and giving it a 'Kudos' to help others easily find it.
Let me know if you have any further questions!

v-hashadapu · ‎05-25-2025

Hi @dorku , Thank you for reaching out to the Microsoft Community Forum.

Host the portal on Azure App Service for scalability and easy integration with Power BI. Use a modern frontend like React or Angular to build a clean, responsive interface where users can browse or search a report catalog, unaware of whether reports are cloud-based or on-premises. The portal should feel intuitive, with filters for departments or categories to simplify navigation.

For authentication, implement single sign-on (SSO) with Azure Active Directory. Power BI Service integrates natively with AAD, enabling seamless access to cloud reports. For Power BI Report Server, use Windows Authentication internally and Azure AD Application Proxy to securely connect the cloud portal to the on-premises server. This ensures users log in once and only see reports they’re authorized for, managed via AAD groups for cloud reports and folder-level permissions for Report Server. Apply Row-Level Security (RLS) within Power BI datasets to enforce data-level access control.

Embed reports differently for each environment. For Power BI Service, use Power BI Embedded or the Power BI JavaScript SDK in the App-Owns-Data model, where the portal authenticates via a service principal to generate embed tokens. For Power BI Report Server, embed reports using iframes with their URLs, passing credentials securely via Application Proxy. A unified embedding layer in the portal ensures reports from both sources look consistent, minimizing user confusion.

Store report metadata in an Azure SQL Database to power the catalogue. Use the Power BI REST API to fetch cloud report details and the Report Server Web Service API or SSRS catalogue queries for on-premises reports. Sync the catalogue regularly to reflect updates in report availability or permissions, ensuring users see an accurate, filtered list. Secure all connections with HTTPS. Use Azure AD Application Proxy or a VPN for low-latency, secure access to the on-premises Report Server. Monitor performance with Azure Monitor and cache metadata in Azure Cache for Redis to speed up report loading. For scalability, leverage Power BI Embedded’s capacity management for cloud reports and ensure the Report Server has adequate resources.

Start with a small set of reports to test authentication, embedding, and performance. Note that Report Server reports may lack some cloud features, so adjust the UI for consistency. Consider migrating reports to Power BI Service over time to simplify the architecture if your business allows.

If this helped solve the issue, please consider marking it “Accept as Solution” and giving a ‘Kudos’ so others with similar queries may find it more easily. If not, please share the details, always happy to help.
Thank you.