Power BI Service Management: how to manage | Power BI Adoption Framework

Power BI Service Management: how to manage | Power BI Adoption Framework

– [Paul} Hello, and welcome
to this video series on the Power BI Adoption Framework, which is about empowering
every decision maker. I’m Paul. – [Manu] And I’m Manu. – [Paul] And in this video, we will talk about how to manage the various parts of Power BI. The Power BI admin portal enables you to manage the Power BI tenant for your organization. The portal includes items such as usage metrics, access to the Microsoft 365 admin center and settings. The first thing that you will need to do is get access to the admin portal and those tenant settings. To do so, you will need to
be a global administrator within Office 365 or Azure Active Directory or have been assigned the Power BI service administrator role. There are various tenant
settings in the admin portal, and these give you more control over what features are made available to your organization. If you have concerns
around sensitive data, some of the default settings may not be right for your organization, or you may only want a given feature to be available to a
specific set of users. The admin portal is used to change the various tenant settings available from sharing, to visualizations, to audit and developer settings. Most tenant settings have three states available to them. You can disable a feature and make it so users will
not be able to use it at all. You can enable a feature for the entire organization, which will let all users
have access to that feature. You can also enable a feature
at security group level, which means you can have a subset of users who can use this feature. This can happen in a few different ways. You can enable it for
the entire organization except for a specific set of users, or you could enable the feature only for a specific group of users and even disable it for
another group of users. This would make sure that certain users don’t
have access to the feature even if they’re in that allowed group, which means the disabled
overwrites the enabled. As I go through each
of the tenant settings, I will highlight which settings can be controlled at group level and which settings have
to either be on or off for the entire organization. This level of control can potentially change in the future. Power BI has links in the menu for help, support, and licensing. With these feature settings, you can customize those links for learn, community, and Get Help to point at websites specific
to your organization. It’s also possible to specify a URL to direct users to a custom solution for licensing requests. You can also enable security groups to receive email notifications if the tenant is impacted by a severe outage or incident. All of these settings can be controlled at group level and are disabled by default because they are custom links for your organization. Admins can use the
create workspaces setting to indicate which users
in the organization can create app workspaces to collaborate on dashboards, reports, and other content. They can also control where the datasets can be
used across workspaces. These features can be
controlled at group level and are enabled by default, which means all users can use both of these features. The admin portal also has
another section of settings about the workspaces in your tenant. In that section, you can sort and filter
the list of workspaces and display the details
for each workspace. There are a number of settings that relate to exporting
and sharing in Power BI. You can control whether users
can export to PowerPoint, PDF, or print their reports. These features can be
controlled at group level and are enabled by default. You can also control whether your users can configure email
subscriptions for reports. This feature can be controlled
at organizational level only and is enabled by default. Your organization can
also certify datasets that are the authoritative source for business-critical information. These datasets are featured prominently when report designers
start creating a report and are looking for a reliable dataset. This feature can be
controlled at group level and is disabled by default, as you will need to specify which users can certify these datasets. You can control whether users can share dashboards and reports with users outside of your organization. This feature can be
controlled at group level and is enabled by default. By default, external users only have the ability to view content. With this setting, you
can allow external users to edit and manage content
in your tenant as well. This feature can be
controlled at group level and is disabled by default. If enabled, it is recommended that you control this at group level, controlling which external users can edit content. Please note, for external sharing to work, Azure Active Directory
business-to-business, or B2B, needs to be enabled. With Power BI Publish to web, you can easily embed interactive Power BI visualizations online, such as in blog posts, websites, through emails of social
media on any device. When you use Publish to web, the report or visual you publish can be viewed by anyone on the internet. There is no authentication used when viewing these reports. Only use Publish to web with reports and data that anyone on the internet
should be able to see. Before publishing this report, ensure you have the
rights to share the data and visualizations publicly. Do not publish confidential
or proprietary information. This feature can be
controlled at group level and is enabled by default
and can be disabled. It is very common to limit this feature to a small set of users
in your organization. With the export data settings, you can control whether users
can export data to Excel at a visualization or a dataset level. This feature can be
controlled at group level and is enabled by default. In Power BI, you can create apps to bring related dashboards
and reports together, all in one place, and then publish them to
large groups of people in your organization. You can control whether users have the ability to share
with the entire organization with a single click or if they need to
specify one or more groups that they want to share with. This feature can be
controlled at group level and is enabled by default. Power BI template apps enable users to build Power BI apps with little or no coding and deploy them to users
in your organization. Users can connect to the apps and specify parameters relevant to them. This will create a personalized
copy of the app content for their consumption. This feature can be
controlled at group level and is disabled by default. With push apps enabled, you can automatically install apps in the app content list for users. Rather than the user
having to find the app in [unintelligible] of AppSource or follow an installation link. This feature can be
controlled at group level and is disabled by default. If you enable this feature, we recommend to limit
this to a set of users, because if too many apps
are preinstalled for a user, this may diminish their value. There are times when you
may want to use Excel to view and interact with the dataset that you have in Power BI. With the Analyze in Excel feature, you can do just that and access pivot table, charts, and slicer features in Excel based on a dataset that
resides in Power BI. With this option, administrators can disable the use of Analyze in Excel with on-premises datasets. When that option is disabled, Analyze in Excel is disabled for Analysis Services databases but continues to be available for use with other data sources. To disable this feature for all datasets and data sources, you also need to disable
the export data option. The combination of
ArcGIS maps and Power BI takes mapping beyond the
presentation of points on a map to a whole new level. Choose from base maps, location types, themes, symbol styles, and reference layers to create informative map visualizations. The combination of authoritative
data layers on a map with spatial analysis conveys a deep understanding of the data in your visualization. ArcGIS Maps for Power
BI is provided by Esri. Your use of ArcGIS Maps for Power BI is subject to Esri’s
terms and privacy policy. Power BI users wishing
to use the ArcGIS maps need to accept the consent dialog when they first use it. Users in the organization can
use external search features that rely on Azure Search. For example, users can use Cortana to retrieve key information directly from Power BI
dashboards and reports. All of these features
shown on the screen here can be controlled at group level and are enabled by default. When creating or editing
a Power BI report, there are many different
types of visuals available for you to use. These visuals display in
the visualizations pane. And when you download Power BI Desktop or open the Power BI service, this set of visuals come prepackaged. But you’re not limited
to this set of visuals. Selecting the ellipsis opens up another source of report visuals called Custom Visuals. Custom Visuals are created by developers using the Custom Visuals SDK to enable business users to see their data in a way that fits the business best. Report authors can then
import the Custom Visual files into their report and use them as any other Power BI visual. This feature can be
controlled at group level and is enabled by default. A custom visual could contain code with security or privacy risks. Make sure you trust the author and the source of the custom visual before importing it into your report. Power BI certified visuals are marketplace visuals that have passed additional
rigorous testing for quality and are supported in additional scenarios such as email subscriptions and exports of PowerPoint. This feature can be controlled at organizational level only and is disabled by default, meaning you can use all custom visuals. Power BI admins can deploy custom visuals into their organization
so that report authors can easily discover and
use the custom visuals that the admin has approved for use inside their organization. This gives the admin the control to choose specific
custom visuals to deploy as well as an easy way to manage, update versions,
disable/enable those visuals. For the report author, it is an easy way to discover visuals that are unique to the organization as well as a seamless support for updating those visuals. The admin portal has
another section of settings to manage the organization
of visuals in your tenant. The Power BI service supports viewing and
interacting with visuals created with R scripts. Visuals created with R scripts can present advanced data
shaping and analytics such as forecasting
using the rich analytics and visualization power of R. This feature can be controlled
at organizational level only and is enabled by default. Your organization can use auditing to monitor actions taken in Power BI by users in your organization. Power BI audit logs are now always available for tenants that have enabled recording user and admin activity in the Office 365 admin portal. If you create dashboards and reports, usage metrics help you
understand their impact. When you run either dashboard
or report usage metrics, you discover how those
dashboards and reports are being used throughout
your organization. This feature can be
controlled at group level and is enabled by default. Disabling this will stop the logging of all workspace-level usage metrics. I’ll explain in more
detail about usage metrics in the following section. When you go to dashboard
or report usage metrics, you’ll also see a breakdown of the number of views by user. The report includes the
display name and login names of your end users. As an IT admin, we understand you may be tasked with ensuring that Power
BI remains compliant with a variety of
regulations and standards. IT admins have further control over which users in your organization can take advantage of this
user-level usage metrics. The usage metrics admin
control is granular, allowing you to enable usage metrics for a subset of your organization and is enabled by default. Power BI offers APIs for embedding your dashboard and reports into applications. There are two main scenarios when embedding Power BI content: embedding for users in your organization and embedding for your
users and customers. Examples of embedding
for your organization include internal web applications, SharePoint Online web parts, or Microsoft Teams integration. An example of embedding for your customer is an ISV application being
sold to other companies. This feature can be
controlled at group level and is enabled by default. Service principal is beneficial when using Power BI Embedded or when automating Power
BI tasks and processes. When working with Power BI Embedded, there are advantages when
using service principal. A primary advantage is you don’t need a master account with a Power BI Pro license that’s merely a username and password to authenticate for your application. This feature can be
controlled at group level and is disabled by default. We would recommend
turning this on for people who would develop custom applications. The Power BI admin portal also has another section for
administering embed codes. As an administrator, you
can view the embedded codes that are generated for your tenants. You can also revoke or delete these codes. Power BI template apps enable partners to build Power BI apps with little or no coding and deploy them to any Power BI customer. You build template apps that allow your customers to connect and instantiate with their own accounts. As the main experts, they can unlock the data in a way that’s easily consumable
by their business users. You can submit your template apps to the cloud partner portal, and the apps then become
publicly available in the Power BI app gallery and on Microsoft AppSource. This feature can be
controlled at group level and is enabled by default. Users in the organization can download and install template apps only from AppSource. With this setting, you can control which specific users or security groups can install template apps from AppSource. This feature can be
controlled at group level and is enabled by default. You can also control which
users in your organization can download and install template apps that are not listed in AppSource which they have been sent a link to open. This feature can be
controlled at group level and is disabled by default. Every dashboard is different. And depending on the data
source you’re connecting to, you will likely find that you and the colleagues you share with will need to take different precautions depending on the sensitivity of the data. Some dashboards should never be shared with those users outside
of your organization or printed out, while others can be shared freely. By using dashboard data classifications, you’ll be able to raise awareness, with those viewing your dashboards about what level of
security should be used. You can tag your dashboards
with your classifications defined by your company’s IT department so everyone viewing the content will have the same level of understanding around the sensitivity of the data. This feature can be controlled
at organizational level only and is disabled by default because you need to
define the classifications for your organization. Sometimes the fastest way to
get an answer from your data is to ask a question
using natural language. For example, what were
total sales last year? The Q&A feature in Power BI lets you explore your
data in your own words. With this feature, you
can review the words users have searched in Q&A, to fine-tune the response. You can create definitions or synonyms to fix previously unsuccessful searches, improving the experience
for those using Q&A. This feature can be
controlled at group level and is enabled by default. Power BI introduces dataflows to help organizations unify
data from disparate sources and prepare it for modeling. Analysts can easily create dataflows using familiar self-service tools. Dataflows are used to ingest, transform, integrate, and enrich big data by defining data source connections, ETL logic, refresh schedules, and more. In addition, the new
model-driven calculations engine that’s part of dataflows, makes the process of data preparation more manageable, more deterministic, and less cumbersome for data analysts and report creators alike. This feature can be controlled
at organizational level only and is enabled by default. The Power BI admin portal also has another section for administering the dataflow settings. By default, data used with Power BI is stored in internal storage provided by Power BI. With the integration of dataflows and Azure Data Lake Generation 2, you can store your dataflows
in your organization’s Azure Data Lake Storage
Generation 2 account. You should discuss each
of the tenant settings, agree on its configuration,
and document this. Think about what roles will need to use, which setting. This will be discussed
during the roles section, which might result in amendments here. When reviewing the tenant settings, it is advisable to open the admin portal and look at how they’re
currently configured for your organization. You can then take a note of what settings need to be changed after this portion of
the workshop is complete. As well as deciding on what the tenant settings
are going to be set to, you need to decide who will
administer the Power BI tenant. Typically, we see this done
by Office 365 administrators, BI development teams, or the support team for
the Power BI tenant. As an administrator, you can customize the
look and feel of Power BI for your organization. Custom branding lets you
change the theme color that appears in the top navigation bar. Add your company logo and bring your default
landing page to life by adding a cover image. The first tab in the admin portal is usage metrics. The usage metrics report gives the ability to monitor
usage within Power BI for your organization. It also provides the ability to see which users and
groups are the most active within Power BI. Once the dashboard loads, you will see two sections of tiles. The first section includes
usage data for individual users, and the second section
has similar information for groups in your organization. With this information, you’ll
be able to get real insights into how people are using Power BI across your organization and be able to recognize
those users and groups who are very active. These metrics are only available to the Power BI administrators. If you create dashboards and reports, usage metrics help you
understand their impact. When you run either
dashboard usage metrics or report usage metrics, you discover how those
dashboards and reports are being used throughout
your organization. What’s being used? By whom? These usage metrics reports are read-only; however, you can personalize
a usage metrics report by using Save As. This creates a brand new dataset and converts the read-only report to have access to usage metrics for all dashboards, all reports in the selected workspace. These reports are available
to the content creators for the workspace, the people that have edit access. To access the auditing section of the Office 365 Security
& Compliance Center, you must either be a global admin or have an Exchange admin role that provides access to the audit log. If you have access to the audit log but are not a global admin or Power BI service administrator, you will not have access to
the Power BI admin portal. In this case, you must get a direct link to the Office 365 Security
& Compliance Center. You can filter the audit
data by date range, user, dashboard, reports, datasets, and activity type. You can also download the
activities in a CSV file to analyze offline. There are a lot of activities that are written to the audit log, some of which are included on this slide, including when somebody views, creates, edits, deletes, shares, prints, or exports a dashboard or report, as well as creation, installation, and updating of apps, usage of gateways, changes in tenant settings, and Power BI Pro trial signup, just to name a few. If you want to use the audit data, then you will need to look
at backing up the data to another source, as it’s
only stored for 90 days. You need to consider
who will be responsible for backing up of the audit data, where this backup will be stored, how this will be automated, who will create the reports, and what reports are required. All of these points should be discussed and decided upon. On this slide, we have highlighted some of the options for
each of these stages. Please feel free to pause the recording to have a read through the options, and we’ve included links to some of those options in the description below. – [Manu] Before we start talking
about enterprise gateways, we start with asking the question if the organization
does have a requirement to connect to on-premises data sources, because if the answer is no, then this section would not be relevant. And if the answer is yes, then it will be very relevant. Let’s start with defining
an on-premises data gateway. A gateway is software that facilitates access to data that resides on a private
on-premises network for subsequent use in a
cloud service like Power BI. It’s like a gatekeeper that listens for connection requests and grants them only
when a user’s requests meet certain criteria, such as whether they are
allowed to use the gateway. This lets organizations leave databases and data warehouses on their on-premises networks, yet securely use subsets of that data and create compelling reports and dashboards in Power BI. A gateway also secures access and data by encrypting and compressing all the data that passes through it, as well as any passwords used
to connect to data sources. There are three parts or stages to putting a gateway to work: install the gateway, add users to the gateway to let them use the gateway, and connect to data sources. The download icon in
the upper-right corner in the Power BI service allows you to download
the installation files for an on-premises gateway. This screen gives you an
ultra-condensed explanation of what the gateway does. It also provides a couple of important
pieces of information. This page inside the
Power BI service canvas allows you to manage your gateways. Data source connections and user access are also managed by the Power BI service. There are a number of
installation considerations when deploying an on-premises gateway. The number of users consuming a report that’s using the gateway is a very important metric in deciding where to install the gateway. Here are a few questions to consider: Are users going to use these reports at different times of the day? What type of connections
are they going to use? Will it be DirectQuery or import? Are all users using the same report? If all users are accessing a given report at the same time each day, you’d like to make sure that you install the gateway on a machine that’s capable of
handling all the requests. There’s a constraint in Power BI that allows only one gateway per report. So even if a report is based
on multiple data sources, all such data sources must
go through a single gateway. However, if a dashboard is
based on multiple reports, you can use a dedicated gateway for each contributing report and thereby distribute the gateway load amongst those multiple reports that contribute to the single dashboard. Power BI offers two types of connections: DirectQuery and import. Not all data sources support
both connection types, and many reasons may contribute to choosing one over the other, such as security requirements, performance, data limits,
and data model sizes. Depending on which type
of connection you use, gateway usage can be different. For example, you should try to separate
DirectQuery data sources from scheduled data refresh sources where possible. Doing so prevents the gateway from having thousands of
DirectQuery requests queued up at the same time as the
morning’s scheduled refresh of a large-size data model that’s used for the
company’s main dashboard. The location of the gateway installation can have significant impact on your query performance. So try to make sure that your gateway, your data source locations, and the Power BI tenant are as close as possible to each other to minimize the network latency. There are a few tools that you can use to monitor the use and performance of your installed gateways. There are many performance counters that can be used to
evaluate and assess activity occurring on the gateway. The counters can help you understand whether you have large volumes of activity by a specific type, which may prompt you to
deploy a new gateway. The gateway counter, in addition
to your machine’s counters, provides you with an idea of how much load your
machine is currently handling and can provide an indication of whether the server resource capacity is becoming stretched or exceeded. These counters can be accessed from the Windows Performance Monitor and can be consumed by any reporting tools that you use for this purpose. Configuration and service
logs provide another dimension on what’s happening with your gateway. Always check your gateway logs when your connection is
not working as expected, as not all error messages are surfaced on the Power BI service. An easy way to view all
log files on your machine is to use the Export logs button on the on-premises data gateway when you reopen the gateway after the installation is complete, and then select Diagnostics export logs. By default, the gateway
performs basic logging. If you’re investigating gateway issues and need more information
about query connection details, you can temporarily enable verbose logging to gather additional log information. To do this, in the installed gateway, select Diagnostics additional logging. You can recover your existing gateway or move it to a new machine using the recovery key. The recovery key is provided to the user who installs the gateway, and it cannot be changed later. The recovery key is used
both for data encryption and gateway recovery. At this stage, you should discuss who will be responsible for administering and monitoring the gateways. It is very unlikely, that this will be a two-minute discussion. Having said that, the
key options you have are Office 365 administrators, BI team, or a support team. The organization may have
offices across the globe and may have datacenters
in multiple locations, so a very important question to ask is where will the gateways be installed, and how will they be configured? We’ve provided a very
detailed list of the steps that you need to go through in order to install the gateways and configure them on this slide. Please feel free to pause
the video at this stage and review the steps. You can always access
the slides later as well. This section is only relevant if you’re planning to
use Power BI Premium, so please have a discussion and then document these steps along with any other additional steps that you need to take in
your Power BI adoption plan. Capacity is a set of resources reserved for the exclusive
use by your organization. Having capacity allows
you to publish dashboards, reports, and datasets to users throughout your organization without having to purchase
licenses for them. It also guarantees dependable
and consistent performance for the contents hosted in the capacity. Capacity is transparent to your end users. They will continue to use Power BI or your application as usual. They don’t have to be aware that some or all of the content is hosted
in your dedicated capacity. To take advantage of dedicated capacity, you will need to purchase a subscription for Power BI Premium within the Office 365 admin center or create a Power BI Embedded resource within the Microsoft Azure portal. When you purchase Power BI Premium SKUs, your tenant will receive the corresponding number of virtual cores for use in running capacities. For example, purchasing
a Power BI Premium P3 SKU provides the tenant with 32 virtual cores. When you are assigned as a
capacity admin to a capacity, you have full control over the capacity and its administrative features. From the Power BI admin portal, you can add more capacity admins or give users capacity
management permissions. You can bulk assign
workspaces to a capacity and view usage metrics on a capacity. Each capacity has its own admins. Defining a capacity admin to one capacity does not give them access
to all the capacities within your organization. Capacity admins do not have access to all Power BI admin areas by default, such as usage metrics, audit logs, or tenant settings. Capacity admins also
do not have permissions to set up new capacities or change the SKU of existing capacities. Only global admins or Power
BI service administrators have access to those. After you have purchased capacity nodes within Office 365, you will then need to
set up a new capacity. This is done through the
Power BI admin portal. Within the admin portal, you will see a section
called Capacity settings. This is where you will manage Power BI Premium capacities
for your organization. The number of virtual cores will reflect the amount used and the amount available
to create capacities with. The amount of virtual cores
available to your organization is based on the Premium SKUs that you have purchased. For example, purchasing a P3 and a P2 would result in 48 available cores– 32 from the P3 and 16 from the P2. When you set up a new capacity, you can choose from the available cores, give the capacity a name, and specify the capacity admins. You can assign additional capacity admins for Power BI Premium capacities. Users that have assignment permissions can assign an app
workspace to the capacity, if they are an admin of that workspace. They can also assign their
personal My workspace to the capacity. In this slide, we’ve summarized how you
can potentially optimize the use of your Power BI Premium capacity. This is based on a mature implementation. During the initial rollout, it is likely that there will be only one Premium node. Once a second node is required due to all the resources being used, separate the heavy or important reports into one node and the rest into another. The next question your
organization needs to answer is how will you purchase and
configure your Premium nodes? We’ve provided a summary of
the various considerations on this slide, so please have a discussion
about these points and document your responses in terms of how you’ll purchase and configure your Premium nodes. For each capacity, you will be able to see usage measurements for CPU, memory, and DirectQuery. Each KPI has three indicators:
good, which is green, marginal, which is yellow, and critical, which is red. We suggest monitoring these metrics to ensure that your users
see good performance while using Premium content. You can monitor the CPU
usage of your cores, the memory utilization
of your back-end cores, specifically, there is a metric of how often models
are evicted from memory due to memory pressure from
usage of multiple models. We limit the total number of DirectQuery and live connection queries per second. The limits are 30 per second for P1, 60 per second for P2 and 120 per second for P3. DirectQuery and live connection queries count equally to the throttle. For example, if you have 15 DirectQueries and 15 live queries in a second, you hit the throttle. This applies equally to on-premises and cloud connections. When these metrics are
marginal or critical, your users may see degradation of report and refresh performance, especially during peak load times. Metrics reflect utilization
over the past week and are designed to count instances when the capacity is overloaded and is therefore providing less than optimal performance for your users. Each occurrence of
utilization over 80 percent should be considered a potential case of performance degradation. Too many cases is a good indicator of significant performance
problems for users. At this point, you
should have a discussion about how you will monitor
your Power BI Premium nodes. We’ve provided a list of bullet
points in terms of the steps, so please go through these steps and discuss whether you
want to follow these steps as they are or if you want to make slight changes for your organization, and then please document these. We have included a link to the slides that we’ve used in this presentation in the description below. Thanks for listening, and if you have any feedback or questions, please leave a comment below. See you in the next one.

You May Also Like

About the Author: Oren Garnes

1 Comment

  1. hi!!! guys I have an issue… when i assign a rls to a report AND asign a user in the sevice to a role, that user, cant access that dataset to create its own report in His Workspace. In the contrary, he only can create a new report with datasets without rls. Its that the way it works? Thanks!!

Leave a Reply

Your email address will not be published. Required fields are marked *