Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Next up in the FabCon + SQLCon recap series: The roadmap for Microsoft SQL and Maximizing Developer experiences in Fabric. All sessions are available on-demand after the live show. Register now

Reply
darioderoover
New Member

Power BI Template app - Share outside tenant

‎01-27-2026 07:12 AM

Dear all

 

I've created a Power BI report that connects to Azure Blob Storage using SAS tokens to access data in my customer's Azure tenant (I need to avoid storing customer data locally). The report includes parameters for flexibility.

 

I want to share this report with my customer and their employees outside my tenant. I'm considering a template app, but I have questions about access control:

  1. Once a template app is in production, can anyone with a Power BI license discover and install it, or can I restrict who can access it?
  2. Are there better alternatives for this scenario?

My requirements:

  • Connect to customer's Azure Blob Storage via SAS or Service Principal
  • No local data storage
  • Controlled access (only specific customer users should see it)
  • Customer users need to use their own credentials/parameters
  • Customer cannot download .pbix

Any guidance would be appreciated!

Message 1 of 7
600 Views
1 ACCEPTED SOLUTION
v-pnaroju-msft
Community Support
Community Support

‎02-04-2026 09:52 AM

Thankyou, @johnbasha33 for your response.

Hi darioderoover,

Thankyou for the followup.

Based on my understanding, a regular Power BI App may be a more suitable fit for your scenario. You can build the report using sample data, publish it within your tenant, package it as an app, and grant access solely to the app (not the workspace) to a customer specific security group via Azure AD B2B. This approach keeps access fully controlled, prevents PBIX download, works across tenants, and allows the data to reside in Azure Blob Storage, refreshed in the Power BI Service (no local storage required).

With a regular app, customers cannot modify dataset parameters or credentials themselves. Connections using SAS or a Service Principal are owned and managed in your tenant. Thus, addressing the requirement that the “customer uses their own parameters” typically entails maintaining one dataset per customer or automating deployment per customer. For a small number of customers and customer owned Power BI licenses, this approach offers the best balance of security, governance, and simplicity.

Additionally, please refer to the links provided below:
Publish an app in Power BI - Power BI | Microsoft Learn
Export and sharing tenant settings - Microsoft Fabric | Microsoft Learn
Install, share, and update template apps in your organization with Power BI - Power BI | Microsoft L...
What are Power BI template apps? - Power BI | Microsoft Learn
Create template apps in Power BI - Power BI | Microsoft Learn
Template app admin settings - Microsoft Fabric | Microsoft Learn
Manage Published Power BI Template Apps - Power BI | Microsoft Learn
Tenant settings index - Microsoft Fabric | Microsoft Learn

We hope the information provided helps to resolve the issue. Should you have any further queries, please feel free to contact the Microsoft Fabric community.

Thank you.

View solution in original post

Message 5 of 7
376 Views
6 REPLIES 6
v-pnaroju-msft
Community Support
Community Support

‎02-12-2026 01:29 AM

Hi darioderoover,

We are following up to see if what we shared solved your issue. If you need more support, please reach out to the Microsoft Fabric community.

Thank you.

Message 7 of 7
279 Views
0
v-pnaroju-msft
Community Support
Community Support

‎02-09-2026 02:12 AM

Hi darioderoover,

We would like to follow up and see whether the details we shared have resolved your problem. If you need any more assistance, please feel free to connect with the Microsoft Fabric community.

Thank you.

Message 6 of 7
308 Views
0
v-pnaroju-msft
Community Support
Community Support

‎02-04-2026 09:52 AM

Thankyou, @johnbasha33 for your response.

Hi darioderoover,

Thankyou for the followup.

Based on my understanding, a regular Power BI App may be a more suitable fit for your scenario. You can build the report using sample data, publish it within your tenant, package it as an app, and grant access solely to the app (not the workspace) to a customer specific security group via Azure AD B2B. This approach keeps access fully controlled, prevents PBIX download, works across tenants, and allows the data to reside in Azure Blob Storage, refreshed in the Power BI Service (no local storage required).

With a regular app, customers cannot modify dataset parameters or credentials themselves. Connections using SAS or a Service Principal are owned and managed in your tenant. Thus, addressing the requirement that the “customer uses their own parameters” typically entails maintaining one dataset per customer or automating deployment per customer. For a small number of customers and customer owned Power BI licenses, this approach offers the best balance of security, governance, and simplicity.

Additionally, please refer to the links provided below:
Publish an app in Power BI - Power BI | Microsoft Learn
Export and sharing tenant settings - Microsoft Fabric | Microsoft Learn
Install, share, and update template apps in your organization with Power BI - Power BI | Microsoft L...
What are Power BI template apps? - Power BI | Microsoft Learn
Create template apps in Power BI - Power BI | Microsoft Learn
Template app admin settings - Microsoft Fabric | Microsoft Learn
Manage Published Power BI Template Apps - Power BI | Microsoft Learn
Tenant settings index - Microsoft Fabric | Microsoft Learn

We hope the information provided helps to resolve the issue. Should you have any further queries, please feel free to contact the Microsoft Fabric community.

Thank you.

Message 5 of 7
377 Views
darioderoover
New Member

‎01-29-2026 07:22 AM

Hi @johnbasha33 

 

Thanks for the quick response!

 

Do I understand correctly that it would be best for us to switch to a “regular app”?

 

That would mean the following:

  • A report based on sample data

  • Publish it in our workspace (tenant)

  • We create an app and add the report to it

  • We grant access (only to the app, not the workspace) to a specific security group — e.g. Customer A with 10 employees

  • The customer can then download this app in their tenant and connect it to their datasets via the parameters

Is that correct?

 

Our main points of concern are the following: 

 

  • Connect to the customer’s Azure Blob Storage via SAS or service principal

  • No local data storage (if there’s no other option, then in our Power BI Service cloud)

  • Controlled access (only specific customer users are allowed to view it)

  • Customer users must use their own parameters

  • The customer must not be able to download the .pbix file!

 

For now, the number of customers is very limited (it is still in its infancy), so around 3 customers. Finally, it would be great if they own the Power BI licences.

 

Many thanks!

Message 4 of 7
508 Views
0
johnbasha33
Super User
Super User

‎01-28-2026 01:41 AM

Hi @darioderoover 

Can anyone install a Template App?
No.
Template Apps can be restricted to specific Azure AD users, groups, or customers. They are not publicly discoverable unless you publish to AppSource (public).

 

 Does a Template App fit your requirements?
⚠️ Partially, but with caveats.

What works:

  • Customer uses their own parameters (SAS / Service Principal)
  • No local data storage
  • Customer cannot download PBIX
  • Works cross-tenant
  • Each customer gets their own dataset copy

What’s risky:

  • SAS tokens are user-entered (can be mishandled)
  • Limited control once installed (customer owns the dataset)

 

Better alternatives (recommended):

Best option: Power BI App + B2B (External Users)

  • Invite customer users as Azure AD B2B guests
  • Use Service Principal or SAS
  • Full control over:
    • Access
    • Refresh
    • Security
  • Requires managing guest users

If scaling to many customers:

  • Embed for Customers (Power BI Embedded)
    • Full isolation
    • No Power BI licenses for users
    • Strongest security
    • More engineering effort

 

Bottom line

  • Few customers → Power BI App + B2B (best control)
  • Many customers / SaaS → Power BI Embedded
  • Template App → acceptable, but not ideal for strict control

If you want, tell me:

  • Number of customers
  • Do they already have Power BI licenses?
    and I’ll give you the best-fit architecture in one paragraph.

Did I answer your question? Mark my post as a solution! Appreciate your Kudos !!

Message 2 of 7
540 Views
darioderoover
New Member
In response to johnbasha33

‎02-02-2026 11:48 PM

Hi @johnbasha33 

 

Thanks for the quick response!

 

Do I understand correctly that it would be best for us to switch to a “regular app”?

 

That would mean the following:

  • A report based on sample data

  • Publish it in our workspace (tenant)

  • We create an app and add the report to it

  • We grant access (only to the app, not the workspace) to a specific security group — e.g. Customer A with 10 employees

  • The customer can then download this app in their tenant and connect it to their datasets via the parameters

Is that correct?

 

Our main points of concern are the following: 

 

  • Connect to the customer’s Azure Blob Storage via SAS or service principal

  • No local data storage (if there’s no other option, then in our Power BI Service cloud)

  • Controlled access (only specific customer users are allowed to view it)

  • Customer users must use their own parameters

  • The customer must not be able to download the .pbix file!

 

For now, the number of customers is very limited (it is still in its infancy), so around 3 customers. Finally, it would be great if they own the Power BI licences.

 

Many thanks!

Message 3 of 7
431 Views
0

Helpful resources

Announcements
New to Fabric survey Carousel

New to Fabric Survey

If you have recently started exploring Fabric, we'd love to hear how it's going. Your feedback can help with product improvements.

Power BI DataViz World Championships carousel

Power BI DataViz World Championships - June 2026

A new Power BI DataViz World Championship is coming this June! Don't miss out on submitting your entry.

March Power BI Update Carousel

Power BI Community Update - March 2026

Check out the March 2026 Power BI update to learn about new features.

View All