Microsoft Azure - Send Assets to Microsoft Power BI

  • Updated on Nov 21, 2024
  • Published on Feb 6, 2022
  • 4 minute(s) read
Prev Next

Microsoft Azure - Send Assets to Microsoft Power BI (Send Data to Microsoft Power BI) inserts the assets returned by the selected query or assets selected on the relevant asset page into the Microsoft Power BI table.

When used with a query, only the fields configured in the query are inserted to the table.

See Creating Enforcement Sets to learn more about adding Enforcement Actions to Enforcement Sets.

Note:

Required Fields

These fields must be configured to run the Enforcement Set.

  • Action name - The name of this Enforcement Action. The system sets a default name. You can change the name.
  • Configure Dynamic Values - Toggle on to enter a Dynamic Value statement. See Creating Enforcement Action Dynamic Value Statements to learn more about Dynamic Value statement syntax.

  • Authentication Method - Select the authentication method to use and fill out the fields for the selected method.

    • Application Authentication
    • Username and Password
    • OAuth and Redirect URI

  • Azure Client ID - The Application ID of the Axonius application, as detailed in the Required Permissions section.

  • Azure Client Secret - A user created key for the Axonius application, as detailed in the Required Permissions section.

  • Azure Tenant ID - Microsoft Azure Active Directory ID.

  • Microsoft Username and Microsoft Password - Microsoft Account credentials.

  • OAuth Code - The authorization code to connect to Microsoft Intune. For more information see Generate the OAuth Authorization Code.

  • OAuth Redirect URI - The location where the authorization server sends the user once the Azure has been successfully authorized and granted an authorization code or an access token. See Microsoft Power BI for more information.

  • Workspace ID - Workspace ID in PowerBI. You can copy the Workspace ID from the URL of a report or dashboard when viewed from within Power BI.

  • Dataset Name (default: AxoniusDataset) - the dataset name in PowerBI. In Power BI, click Datasets in the left pane.
    PowerBIDatasets_2

  • Table Name (default: AxoniusTable) - the table name in PowerBI. Select a dataset and the tables in that dataset are listed below in Explore related reports.
    PowerBITables

    Notes:
    • If no table with the supplied name exists in the dataset, it will be created.
    • When a change is made to a table, the table is recreated with the new data (if any). Power BI does not have an Update Table function.

  • API Type (default: Commercial) - Select the API type. When a government entity is selected, sends the data to app.powerbigov.us for government use instead of app.powerbi.com.

Additional Fields

These fields are optional.

  • Include Fields from Saved Query - If enabled, the fields specified in the saved query will be sent to Power BI.
  • Split by field values - Splits the field values by the selected adapter and field.
  • Create record for each (default: N/A) - Select the type of assets for which records will be created: N/A, Vulnerable Software, Installed Software.
  • Map Axonius fields to Power BI fields - Use the Field Mapping Wizard to map Axonius fields to fields in Power BI. In this way you can transfer data found in Axonius into Power BI. The wizard shows you which fields exist on the Axonius system, allowing you to map them easily.
    NOTE

    For details, see Axonius to External Field Mapping.

  • Verify URL - Verify the SSL certificate offered by Power BI. For more details, see SSL Trust & CA Settings.
  • HTTPS Proxy (optional) - Connect the adapter to a proxy instead of directly connecting it to the domain.

APIs

Axonius uses the Microsoft Power BI Rest API Push Dataset.

Required Permissions

Preferred Methodology for Creating Permissions

  1. Create an application in the Microsoft Azure Portal. For details, see Creating an application in the Microsoft Azure Portal.

  2. This application requires the Power BI Service → Tenant.ReadWrite.All Application access.

Note:

If you already have an Azure client configured for the Azure adapter, you can add this permission to the existing application.

PowerBIPermission1

  1. In Power BI, Go to Settings → Admin portal → Tenant Settings → Developer settings → Enable Allow service principals to use Power BI APIs.

  2. Either apply this change to the entire organization or include a specific security group and include your new Service Principal (the application we just created) into the group. In this example, the Service Principal is a member of the axonius-powerbi security group.

    PowerBIPermission2

  3. Within the specific workspace → access, include the Service Principal or security group as a contributor.
    powerbipermission3

  4. When using this method, the Tenant ID is required for the Service Principal.

Creating Permissions Using a Master User

You can also use Delegated permissions and a user account to send data to Power BI.

Note:

Common Microsoft security practices, such as Conditional Access, may block this approach.

  • To connect with delegated permissions, you must register an Azure AD application with Power BI.
  • The application needs to have Power BI Service → Dataset.ReadWrite.All Delegated access.
  • When using this method, the Username and Password of the Master user account is needed.

For more details about other Enforcement Actions available, see Action Library.