Top 5 Power BI Admin Settings You Need Disabled

In this video, Nick Lee from Pragmatic Works outlines the top five Power BI admin settings that should be disabled to enhance security and control within your Power BI tenant. Whether you’re an admin or a user, understanding these settings can help safeguard your organization’s data and prevent unintentional access or sharing.

1. Users Can Invite Guest Users

This setting allows users to invite external guest users to access your Power BI tenant by sharing reports or data. While this can be helpful for contractors or vendors, Nick recommends disabling it for the entire organization and enabling it only for specific security groups, such as admins. This ensures better control over who can share reports externally.

2. Allow Sharable Links to Grant Access to Everyone in the Organization

This setting lets users share a Power BI report link, which can then be forwarded to anyone in the organization, effectively bypassing permissions. Nick suggests disabling this feature to prevent widespread sharing of sensitive reports and data. If needed, this can be enabled for select security groups.

3. Users Can Work with Semantic Models in Excel

This feature enables users to connect Excel to Power BI's underlying semantic model, creating pivot tables. While useful, it can expose sensitive data not intended for general users, especially when specific visuals or data limitations are needed. Nick advises disabling this feature unless explicitly required for certain user groups.

4. Allow Users to Download Reports

Downloading Power BI reports as PBIX files can be risky, especially when row-level security (RLS) is in place. Once a user downloads a report, RLS is no longer enforced, which can expose all data in the dataset. Nick recommends disabling this for most users to ensure sensitive data remains protected.

5. Publish to Web

This setting is enabled by default and allows users to publicly publish Power BI reports to the web, making them accessible to anyone. This is extremely risky as it bypasses all security measures. Nick strongly urges admins to disable this setting and only enable it for specific cases, such as public reports from government or healthcare organizations.

Conclusion

Disabling these five Power BI admin settings helps to secure your data, prevent unauthorized access, and maintain better control over report sharing within your organization. 

Don't forget to check out the Pragmatic Works' on-demand learning platform for more insightful content and training sessions on Power BI and other Microsoft applications. Be sure to subscribe to the Pragmatic Works YouTube channel to stay up-to-date on the latest tips and tricks.