Data Science

How do I monitor and audit sensitivity label usage across my Power BI tenant?

RI Asked by Richard Thompson · 29-01-2024
0 upvotes 21,608 views 0 comments
The question

We’ve finally rolled out sensitivity labels in Power BI, but now the compliance team is asking for proof of adoption. I need to find out:

  1. Which datasets and reports are currently labeled "Confidential"?

  2. Who is changing labels from "Highly Confidential" to "Public" (downgrading)?

  3. Is there a way to see a dashboard of our overall protection coverage?

I’ve checked the standard "Usage Metrics," but they don't seem to show the label metadata. Do I need to use the Microsoft Purview portal for this, or is there a built-in Power BI admin report? Also, can I automate an alert if a specific label is removed from a high-priority dataset?

 

3 answers

0
BR
Answered on 12-02-2024

For forensic auditing—like finding out exactly who changed a label at 2:00 PM yesterday—you need the Microsoft Purview Audit Logs.

ST 16-02-2024

In the Purview Compliance portal, you can search for specific Power BI activities. Look for these keys: SensitivityLabelApplied: When a label is first added. SensitivityLabelChanged: This is the one you want for "downgrades." It includes the OldSensitivityLabelId and NewLabelId. SensitivityLabelRemoved: When protection is stripped entirely. You can even set up Alert Policies in Purview. For instance, if anyone removes a "Highly Confidential" label, it can trigger an automated email to the security team immediately.

0
KI
Answered on 14-02-2024

If you are a Power BI Admin, you don't need to leave the platform for a high-level overview. Go to the Admin Portal > Protection Metrics.

This built-in report is a dedicated Power BI dashboard that shows you the percentage of your artifacts (reports, datasets, dashboards) that have labels applied. It breaks down the data by label name and even allows you to see which workspaces have the highest concentration of sensitive data. It’s the perfect "executive summary" for a compliance meeting.

0
LI
Answered on 20-02-2024

If you want to build your own custom monitoring dashboard (maybe in Power BI itself!), use the Power BI Activity Log API.

RI 26-02-0224

Exactly, Steven. The API allows you to pull the last 30 days of activity. In 2026, many of us use a PowerShell script to fetch these logs daily and store them in Azure Data Lake. This allows for long-term "Posture Drift" analysis. You can correlate the ArtifactID with your inventory to see if your most-visited reports are appropriately protected. If you see a high-traffic report labeled "Public," it’s an immediate red flag for your governance team.

Share your thoughts

Your email address will not be published. Required fields are marked (*)

Professional Counselling Session

Still have questions?
Schedule a free counselling session

Our experts are ready to help you with any questions about courses, admissions, or career paths. Get personalized guidance from industry professionals.

Request a Call Back

Search Online

We Accept

We Accept

Follow Us

"PMI®", "PMBOK®", "PMP®", "CAPM®" and "PMI-ACP®" are registered marks of the Project Management Institute, Inc. | "CSM", "CST" are Registered Trade Marks of The Scrum Alliance, USA. | COBIT® is a trademark of ISACA® registered in the United States and other countries.

Book Free Session