Power BI’s integration with and reliance on Office 365 has been a source of great strength in many areas. In other areas, it has been a cause of frustration. Obtaining usage data from the Office 365 audit log is one area that can be complex yet critical to providing a data-driven measurement of Power BI adoption.
The complexity usually stems from organizational security or politics rather than technical aspects. Power BI usage data has traditionally been difficult to get since it requires elevated access rights beyond the Power BI service administrator role. With the Power BI activity logs released in December 2019, service administrators no longer need to try to obtain permissions apart from their existing rights. Any user with the Power BI service administrator role can access the new activity logs either through the API directly or using PowerShell.
What is this activity data, and how is it valuable?
The audit/activity log data contains details for every interaction that users in your tenant have with the Power BI service (powerbi.com). Activities such as viewing reports, publishing apps, modifying gateway data sources, changing workspace security, and dozens of others have records broken out by user and timestamp.
Using this data, organizations not only know who does what and at what time. You can move beyond a simple audit trail to measure how well Power BI adoption is progressing at your enterprise. In this case, adoption targets for a group’s collective number of touchpoints can be compared to the actuals obtained from the logs—even down to the individual object level. Using the logs in this manner by combining actuals to targets, BlueGranite often finds underutilized reports or other opportunities to improve adoption.
Reducing complexity while improving security
BlueGranite has helped many organizations large and small with Power BI deployments, and auditing for adoption is a common topic. Depending on organizational policy, some security teams feel comfortable providing the O365 access and others do not.
Many organizations do not feel comfortable providing elevated access to Power BI service administrators because it grants access to read logs from other Office 365 projects. In other organizations, service administrators might already be admins for some of these other products, so there is less of an issue. Every business is different.
Even though the data can be filtered down to only Power BI activity, the raw O365 data contains usage for other products in its Audit.General category. For example, with the Office 365 audit log, admins see data from Microsoft Teams, Yammer, and other products in addition to Power BI. With the new Power BI activity log feature, admins no longer mix log data with those other products.
How does the Power BI activity log differ from the Office 365 audit log?
From a Power BI perspective, the Power BI activity log contains the same data you receive in the Office 365 audit log. This data is simply prefiltered for Power BI usage so that only the Power BI data is available to Power BI service administrators.
According to Microsoft, the name was changed to help differentiate the two methods of obtaining the data. In this manner, you can have discussions about Power BI auditing and know that the source will be the traditional O365 audit logs versus the newly available activity logs. This helps avoid confusion, and anyone involved in getting data can immediately know by using the term activity log that it pertains to the new access method.
Activity Logs for New Deployments
Any new Power BI deployment project should consider the new activity logs to avoid additional complexity and any security concerns surrounding elevated permissions. Note that there could be overlap in efforts at larger organizations where Office 365 admins may already be collecting this data for reasons outside of a specific Power BI rollout. In that case, the O365 admins may plan to make filtered audit log data available so that Power BI adoption could be tracked without a new dedicated effort from the Power BI deployment team.
Transitioning Existing Deployments
What if you already have a Power BI auditing solution built on the Office 365 audit logs, and that works smoothly? In that case, nothing should have to change in the short term. Remember, the new activity log is a different way to access the same data. While not likely, however, simply watch for any possible differences that may appear in the future. Longer term, it may be worthwhile to shift to the dedicated Power BI activity log in order to simplify training and maintenance for Power BI service administrators by reducing your solution’s complexity.
For more details of the new activity log, watch this recording of BlueGranite's Power BI Office Hours dated January 2020.
As mentioned previously, BlueGranite has helped businesses of all sizes with Power BI deployment and adoption. We look forward to implementing the new activity log in our auditing solutions because of the simplified access and reduced complexity. If you’re interested in learning more about how we can help accelerate your Power BI adoption, contact us today.