Mandatory Requirements: Power BI Embedding & On-Premises Data Gateway

Mandatory Requirements: Power BI Embedding & On-Premises Data Gateway

Mandatory Requirements: Power BI Embedding & On-Premises Data Gateway

Embedding Power BI reports and configuring the On-Premises Data Gateway are powerful capabilities that come with specific mandatory requirements. Understanding these roles, permissions, and licenses is crucial for a successful and secure implementation in your organization. Let's break down what you need to know.

✅ Requirements for Embedding Power BI Reports

Embedding Power BI reports can follow two distinct models, each with its own set of requirements:

🔸 A. User Owns Data (Used in Microsoft Teams, SharePoint)

This is the most common model for internal users within an organization. In this scenario, the user viewing the embedded report must have their own Power BI license and permissions to access the content.

Requirement Details
🔐 Power BI License Users viewing the embedded report must have a Power BI Pro license. Alternatively, the report must be hosted in a Power BI Premium capacity workspace (P SKUs), where users can access content without individual Pro licenses.
👤 Azure AD Account The user must be a part of your organization's Azure Active Directory (Azure AD) and authenticated with their own identity.
👥 Workspace Access The report must be published to a Power BI workspace, and users must have at least the Viewer role (or higher, like Contributor/Member/Admin) in that workspace to see the report.
🔒 RLS / Security If Row-Level Security (RLS) is used in the report's dataset, users must be mapped to the appropriate security roles defined within the dataset in Power BI Service.
💼 SharePoint Embed For embedding in SharePoint, you need SharePoint Online. The user must have access to both the specific SharePoint page and the Power BI report/dataset.

👉 Used in: Microsoft Teams tabs, SharePoint Online pages, and direct links to Power BI reports.

👤 Who opens it: The actual end-user, authenticated with their own identity (their Azure AD account).

🔸 B. App Owns Data (For Developers Building Custom Web Apps)

This model is for developers building custom web applications where the application itself authenticates with Power BI and embeds content for users, including those who may not have a Power BI Pro license or even an Azure AD account within your organization.

Requirement Details
🧠 Power BI Embedded (A SKU) or Premium Capacity (P SKU) A dedicated capacity is needed to render reports and generate embed tokens for anonymous or external users. This is a crucial cost component for "App Owns Data."
🔧 Azure AD App Registration You must register an application in Azure AD to obtain a Client ID and potentially a Client Secret. This app represents your custom web application.
🔐 Service Principal or Master Account Your application will use either a Service Principal (recommended for production) or a Master User Account to programmatically access Power BI APIs and generate embed tokens.
🧰 Power BI Admin Consent Required to grant the Azure AD application (Service Principal) the necessary API permissions to interact with Power BI on behalf of your organization.
🔑 Tenant Settings Enabled The Power BI tenant setting "Allow service principals to use Power BI APIs" must be turned on by a Power BI administrator.

👉 Used in: Custom portals, bespoke web applications, or multi-tenant SaaS solutions.

👤 Who opens it: Your application, which then renders the report, potentially impersonating users via embed tokens.

✅ Requirements for On-Premises Data Gateway

The On-Premises Data Gateway is essential for connecting Power BI Service (cloud) to your data sources located within your private network.

🚪 Installing & Configuring the Gateway

Requirement Details
🧑‍💼 Power BI Pro account The account used to install and register the gateway must have a Power BI Pro license.
🖥️ Server Machine (Always On) The gateway should be installed on a reliable, always-on on-premises server or virtual machine, not on a user's laptop, to ensure continuous data refreshes.
🔐 Admin Access Local administrator rights are required on the machine where you install the gateway software.
🌐 Internet Access The server hosting the gateway must have outbound internet access to connect to Azure Service Bus endpoints (no VPN-only environments, as it initiates outbound connections).
🔐 Firewall Rules Outbound TCP ports 443 and 5671 (for Azure Service Bus) must be open. No inbound ports are typically required.
🧑‍🤝‍🧑 Gateway Admin Role The account used to register the gateway automatically becomes a gateway administrator. Other users needing to add data sources to the gateway must also be added as gateway admins in Power BI Service.
🧱 SQL Authentication (Recommended) When configuring data sources in the gateway for SQL Server, using SQL Authentication (a dedicated SQL Login with `db_datareader` role) is generally recommended over Windows Authentication, especially if Kerberos is not configured.

🔒 Permissions in Power BI Service

Beyond the gateway installation, specific roles and permissions within Power BI Service are needed for various actions:

Action Required Role / Permission
Create Workspace Power BI Pro license (or Premium capacity) and appropriate organizational settings.
Publish Report Contributor role or higher (Member, Admin) in the target workspace.
Add Data Source to Gateway Gateway Admin role for that specific gateway in Power BI Service.
Schedule Refresh Dataset Owner (the user who published the report or was granted ownership) or a user with Write/Reshare permissions on the dataset.
View Embedded Report Power BI Pro license (or Premium access) + at least Viewer role in the workspace where the report resides.

✅ Additional Licensing Considerations

Feature License Required
Embed in Teams / SharePoint Power BI Pro per user OR Power BI Premium per capacity (P SKUs).
Embed in Custom App (App Owns Data) Power BI Embedded (A SKUs) OR Power BI Premium (P SKUs).
SharePoint + Power BI Both must be part of the same Microsoft 365 tenant for seamless integration.
Real-time Refresh Supported with the On-Premises Data Gateway. Higher refresh frequencies (e.g., every 30 minutes) often require a Premium capacity.

⚠️ Common Mistakes to Avoid

Mistake Fix
Trying to embed with a Free Power BI license. Upgrade to Power BI Pro or ensure the report is in a Premium workspace.
Using Windows Authentication in Gateway without proper Kerberos configuration. Use SQL Authentication (create a dedicated SQL Login) instead, as it's simpler to configure for gateways.
Installing the gateway on an unstable laptop or a machine that often goes offline. Install the gateway on a dedicated, reliable server or always-on VM.
Forgetting to set the refresh schedule for the dataset. Set it explicitly under Dataset > Settings > Scheduled Refresh in Power BI Service.
Users cannot access the report in the Teams tab or SharePoint page. Ensure the user has at least the Viewer role in the Power BI workspace where the report is published, and a valid Power BI license.

🧩 Summary

Task Mandatory Requirements
Embed in Teams/SharePoint Power BI Pro license (per user) OR Premium capacity + report access.
Configure Gateway Power BI Pro (for installer), dedicated server, local admin rights, outbound internet access, and valid data source credentials (SQL Login recommended).
Embed in Custom App (App Owns Data) Power BI Embedded (A SKU) or Premium capacity + Azure AD App Registration + Service Principal/Master Account.
Schedule refresh for on-prem data On-Premises Data Gateway installed and configured + Valid credentials (SQL login) for the data source.

Raushan Ranjan

Microsoft Certified Trainer

.NET | Azure | Power Platform | WPF | Qt/QML Developer

Power BI Developer | Data Analyst

📞 +91 82858 62455
🌐 raushanranjan.azurewebsites.net
🔗 linkedin.com/in/raushanranjan

Comments

Post a Comment

Popular posts from this blog

Module 1 - Lesson 1: Getting Started with Power BI

Image
Unlocking Insights: Your Journey into Data Analysis with Power BI Lesson 1: Getting Started with Power BI Learn with Raushan Data Analysis with Power BI Hey data enthusiasts! Ever wondered how raw numbers transform into compelling stories and drive impactful decisions? Welcome to the world of data analysis, and your trusty companion on this journey is none other than Power BI! In this first lesson, we'll lay the groundwork, understanding why data analysis is crucial, the different flavors of analysis, the vital role of a Data Analyst, and how Power BI fits into their workflow. Why Data Analysis? Unearthing the 'Why' Behind the Numbers Imagine a vast ocean of data generated every second – from sales figures and website clicks to sensor readings and customer feedback. Without analysis, this data is like a treasure chest with...
Read more

Power BI Advanced learning

RR Education: Power BI Advanced Power BI Advanced Learning Learn with Raushan Welcome to the new series of blogs on Power BI Advanced! In this series, we'll delve into more powerful tools and techniques that will take your data analysis and reporting skills to the next level. Explore the Modules below to learn more about each area. Module 1: Begin with Power BI This module covers the fundamentals of using Power BI. You'll learn why data analysis is key, how Data Analysts use Power BI, and the essentials of connecting to diverse data sources via different methods (Import, DirectQuery, Live Connection). We'll also address common data import errors. Lesson 1       Lesson 2      ...
Read more

Module 1 - Lesson 2: Getting Data from Multiple Sources

Image
Module 1 - Lesson 2: Mastering Data Acquisition in Power BI Lesson 2: Getting Data from Multiple Sources Learn with Raushan Getting Data in Power BI Welcome back, aspiring data analysts! In our previous lesson, we explored the fundamentals of data analysis and the role of Power BI. Now, let's get our hands dirty with the crucial first step: bringing data into Power BI from various sources. Think of Power BI as your central hub, ready to ingest data from all corners of your business or domain. Understanding Data Sources: Where Does Our Information Live? Data can reside in a multitude of places. Understanding these sources is the first step towards connecting with them. Common data sources include: Databases: Structured collections of data organized for easy access and management (e.g., SQL Server, Oracle, MySQL)...
Read more

Module 1 - Lesson 3: Resolve Data Import Errors in Power BI

Image
Module 1 - Lesson 3: Navigating and Resolving Data Import Errors in Power BI Lesson 3: Resolve Data Import Errors Learn with Raushan Navigating and Resolving Data Import Errors in Power BI Welcome back! You've learned about connecting to various data sources in Power BI. However, the journey of data integration isn't always smooth. Sometimes, you might encounter errors during the data import process. Fear not! This lesson will equip you with the knowledge and techniques to identify and resolve common data import errors in Power BI. Web Authentication and Loading Tables: The Web Connection Hurdle Connecting to data from the web can sometimes present authentication challenges. Websites often require logins or specific authentication methods to access their data. Web Authentication Technical Definition: Web authentication is the process of verifying the i...
Read more

Module 2 - Lesson 1: Introduction to Power Query Editor

Image
Module 2 - Lesson 1: Introduction to Power Query Editor Lesson 1: Introduction to Power Query Editor Power Query Editor in Power BI Welcome back, data wranglers! We've successfully connected to our data sources and navigated potential import errors in module 1. Now, it's time to delve into the heart of data preparation in Power BI: the Power Query Editor. Think of this as your data laboratory, where you can clean, shape, and transform raw data into a polished format ready for insightful analysis and stunning visualizations. What is the Power Query Editor? Your Data Transformation Hub The Power Query Editor is a powerful tool built into Power BI Desktop that allows you to perform Extract, Transform, Load (ETL) processes on your data. It provides a user-friendly interface with a wide array of functions to manipulate data without needing to ...
Read more