Hopefully, you are well aware that one of the most powerful aspects of the Power BI platform is the ability it gives report authors to share, with fellow users, the solutions they create and insights they discover. Here we will review some of the established options for sharing Power BI artifacts with users outside an organization, and take a deeper look at a newer option – through Azure Active Directory business-to-business (Azure AD B2B) – that makes it much easier for report developers to share reports with users outside their organization, such as suppliers, subsidiaries, or partner organizations.
Sharing reports and dashboards within an organization is most commonly accomplished through the use of apps. Report developers can collaborate in app workspaces on report and dashboard creation, then publish those reports and dashboards as apps to be consumed by groups or individuals throughout an organization. Those consumers must either have a Power BI Pro license to access to the reports and dashboards, or the reports and dashboards must be published to Power BI Premium capacity on the tenant.
But what if you need to share your insights with people outside of your organization?
Enable Peer-to-Peer Sharing
The peer-to-peer sharing option is one method report developers can use to share published dashboards or reports with individuals outside their organization, but only if those recipients have a Power BI Pro license. You can add individual email addresses (no groups allowed) to allow sharing with multiple individuals, and enable features like row-level security to limit the data the user sees. Besides needing a Power BI Pro license to view the content, these outside users cannot re-share your dashboards with individuals outside of your organization. Due to its limitations, this option is best suited to sharing with a small number of individuals on an ad-hoc basis, and not for large numbers of report consumers that will regularly use the reports and dashboards.
Create an Organizational User Account
The second option for enabling Power BI report and dashboard access outside of your organization involves something of a “workaround”. Creating an organizational user account for your tenant for an outside user allows them to use that account and password to access the Power BI service. For example, if I want to provide Bob at Contoso access to my BlueGranite Power BI reports, I need to create a duplicate Power BI account using firstname.lastname@example.org for him to use to view the reports on our tenant. However, managing multiple user accounts can be complicated, and the user will need a separate account for every Power BI tenant that they need to access. This can quickly become confusing for users and complicated to manage for administrators.
Use Power BI Embedded
The third option for sharing dashboards and reports with individuals outside of your organization is through Power BI Embedded. Power BI Embedded is primarily focused on providing a developer platform for embedding Power BI visual elements into your own applications and websites. Power BI Embedded doesn’t require the user to have a Power BI license, or to sign into the Power BI service. Pricing for using Power BI Embedded is based on capacity and is dependent on the number of Power BI elements rendered per hour. As a Power BI Embedded developer, you are responsible for the development of your application or website, including the integration of Power BI elements, and you are responsible for developing solutions to restrict access and authenticate users to your application or website. While Power BI Embedded can be used to develop compelling applications and websites that integrate the value of visualizations and interactive data exploration into your offering, the target customers for Power BI Embedded are organizations that provide data and information as a service offering for paid customers.
What if you have suppliers or customers that would derive business value from the insights that you’ve discovered? How can you make interactive dashboards and reports based on your data available to them?
Azure AD B2B Eases Sharing
Late last year, Microsoft enabled Power BI to be used with Azure Active Directory business-to-business. Azure AD B2B allows you to invite external users as guest users into your organization, and to grant permissions to those users to view published dashboards and reports on your tenant. Administrators can provision external users to get access, or Power BI app creators can send invitations to the external users to access the published app. Providing access to large numbers of users can be scripted through PowerShell. The permissions to apps are handled in the same way that they are with internal users, as is role-based security functionality. If you have multiple partner organizations that consume the same reports, you can use role-based security to filter the data in your reports by the user’s domain.
Using Azure AD B2B means that you can share dashboards and reports with external users without resorting to the previously mentioned, more complicated methods, but it does require the correct licensing to allow for guest user access. If the user has a Power BI Pro license on their own organization’s tenant, the user can then access the content in your tenant without additional licensing. If the user doesn’t have a Power BI Pro license, you have two options for providing access:
- You can assign a Power BI Pro license from your organization to that user when they access the content on your tenant.
- Alternatively, if the Power BI app is published to Power BI Premium capacity on your tenant, the guest user can access the content without additional licensing.
Beyond sharing your Power BI reports and dashboards with external partners, Azure AD B2B applies to many other collaboration scenarios where the same type of shared access to applications might be desired. For example, Azure B2B can also provision access to other internal applications and services that you use to collaborate with those external partners and can manage options for secure access, like requiring multifactor authentication and auditing and reporting.