We’re excited to announce the general availability of Microsoft Purview’s data loss prevention policies (DLP) for Power BI. This follows the successful public preview of DLP policies for Power BI which we launched back in April 2022!
DLP policies help you automatically detect sensitive information managed in your Power BI tenant and take risk remediation actions, to help you comply with governmental or industry regulations, such as the European Union’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).
On top of the GA we’re also introducing further enhancements to DLP policies in Power BI:
- Detect sensitive information using custom keywords
- Create advanced rules using a combination of AND/OR/NOT operators
- DLP policies have been extended to national clouds
DLP policies—classify and protect your Power BI data
Nowadays, organizations are taking more measures to properly classify sensitive information and install processes and guardrails for their employees on how to interact with sensitive information. That said, we still see Compliance and Security Administrators who are worried about business-critical data that is still in the dark. This is precisely where the power of DLP policies comes into play: with DLP you can automatically detect sensitive information as it is uploaded to Power BI, and by thus uncover data that may have been accidentally uploaded into the wrong workspace, for instance.
Compliance admins can set alerts to be automatically generated when sensitive information is found in datasets. They can provide customized messages to users and help guide them on how to interact with the sensitive data. For example, whenever proprietary information is detected, show Power BI users a message explaining that this information is internal and should not be shared externally.
DLP is audited in the Microsoft Purview Compliance Portal, where compliance admins can also monitor their policies and refine them based on feedback from users, such as reported false positives.
By using DLP policies in Power BI, you strengthen your security posture and reduce the risk of sensitive information being uploaded to the cloud without your knowledge.
To learn more about how to setup DLP policies, visit our interactive guide.
Detect sensitive information using custom keywords
Some organizations consider certain terms, such as internal project names, as sensitive information that they want to ensure is not exposed outside of the organization. With this update you will be able to define those unique internal terms as a custom keyword sensitive info type and use it as a trigger for DLP in Power BI.
Complex conditions
Complex conditions enable Admins to create advanced rules using a combination of AND/OR/NOT operators. With a new and improved flow, you can configure granular and flexible rules that utilize a combination of conditions, such as detecting bank account numbers in datasets that are not labeled as ‘confidential’. A common scenario is locating sensitive data where it is not properly labeled according to the organization’s guidelines. In this case you could also use the custom policy tip text to draw this guideline into attention and encourage users to set the correct label.
DLP policies in national clouds
All of the capabilities above have been extended to include national clouds: US Government: GCC, GCC High, DoD; China: China East. With the introduction of DLP in national clouds, users can take advantage of all the value DLP brings to the organization in governmental scenarios as well.
Resources:
- Overview video
- Overview of DLP policies for Power BI
- Configure a DLP policy for Power BI
- Respond to a policy violation
- CPU metering for DLP policy evaluation
- Define Microsoft Purview DLP policies for Power BI (cloudguides.com) – Interactive Guide
We’re always happy to hear any comments or feedback you may have regarding data loss prevention in Power BI. For any suggestions, please fill out this form.