Top 5 Power BI Admin Settings You Need Disabled Now

    In this insightful video, Nick Lee from Pragmatic Works shares five critical Power BI admin settings that should be disabled to protect organizational data and strengthen security. Even if you're not a Power BI admin, understanding these settings will help you communicate better with your administrators and ensure secure data governance.

1. Disable: Guest User Invitations

This setting allows users to invite external guests to collaborate through item sharing. While useful in some scenarios—like working with contractors—leaving it open organization-wide can introduce serious risks. If enabled:

• External users gain guest accounts in your Microsoft Entra ID.
• They can view shared reports and dashboards.
• It increases exposure to accidental data leaks.

Recommendation: Restrict this setting to specific security groups, such as Power BI Admins, to maintain control and ensure external collaboration is deliberate and monitored.

2. Disable: Shareable Links for Everyone

This option allows users to generate shareable links that grant access to reports to anyone in the organization.

• These links can be passed around freely without audit trails.
• They bypass the typical explicit sharing controls.
• Content could be viewed by users in departments that shouldn’t have access.

Recommendation: Disable this feature or restrict it to centers of excellence or team leads who understand the implications of wide sharing.

3. Disable: Semantic Model Access via Excel Live Connection

This setting permits users to connect to semantic models using Excel pivot tables. While powerful, it opens a backdoor to sensitive data exploration.

• Allows users to build new reports outside Power BI's controlled environment.
• Can expose data that wasn’t meant for general visibility.
• Bypasses visual-level security and curated storytelling.

Recommendation: Restrict to specific users with clear business need. Be aware this is only available to users with contributor or member workspace roles.

4. Disable: Report Downloads

Allowing users to download PBIX files removes reports from the controlled Power BI Service environment.

• Breaks Row-Level Security (RLS) once downloaded.
• Users can access all data within the model—beyond their original permissions.
• File can be stored, copied, or emailed unmonitored.

Recommendation: Restrict downloads to advanced users or specific groups. This is especially important if you're using RLS.

5. Disable: Publish to Web

Arguably the most dangerous setting. When enabled, users can publicly publish reports accessible by anyone with a link or embed code.

• Bypasses all security, including RLS, permissions, and internal controls.
• Creates permanent URLs visible on the public web.
• Was historically used during the pandemic for public COVID dashboards, but should be rare today.

Recommendation: Disable this for all users. Only enable for select security groups under strict policy with valid use cases, such as public government dashboards.

Training Opportunity

Nick also highlights CertXP courses on Pragmatic Works’ platform for mastering Power BI and Microsoft certifications. Use code nick4 for a 40% discount on the annual subscription to their on-demand learning platform.

Security is crucial in Power BI administration. Disabling these five settings reduces your data risk significantly. 

Don't forget to check out the Pragmatic Works' on-demand learning platform for more insightful content and training sessions on Power BI and other Microsoft applications. Be sure to subscribe to the Pragmatic Works YouTube channel to stay up-to-date on the latest tips and tricks.