Azure Active Directory
As with other Microsoft Azure services, Power BI relies on Azure AD to authenticate and authorize users. Therefore, even if Power BI is the only service being utilized, organization's can leverage Azure AD's rich set of identity management and governance features, such as conditional access policies, multi-factor authentication (MFA) and business-to-business collaboration. For example, a conditional access policy can be defined within the Azure Portal which blocks access to Power BI based on the user's network location, or which requires MFA given the location and the security group of the user. Additionally, organizations can invite external users as guest users within their Azure AD tenant to allow for seamless distribution of Power BI content to external parties, such as suppliers or customers.
Guidance on configuring Azure AD security groups to support row-level security (RLS) is included in Chapter 10, Developing DAX Measures and Security Roles. This section reviews...