- 07 Sep 2023
- 4 Minutes to read
- Print
- DarkLight
- PDF
Microsoft Azure - Send Assets to Microsoft Power BI
- Updated on 07 Sep 2023
- 4 Minutes to read
- Print
- DarkLight
- PDF
Microsoft Azure - Send Assets to Microsoft Power BI (Send Data to Microsoft Power BI) inserts the assets retrieved from the saved query supplied as a trigger (or entities selected in the asset table) to the Microsoft Power BI table supplied.
When used with a saved query as a trigger, only the fields configured in the saved query are inserted to the supplied table.
See Creating Enforcement Sets to learn more about adding Enforcement Actions to Enforcement Sets.
General Settings
- Enforcement Set name (required) - The name of the Enforcement Set. A default value is added by Axonius. You can change the name according to your needs.
- Add description - Click to add a description of the Enforcement Set. It is recommended to describe what the Enforcement Set does.
- Run action on assets matching following query (required) - Select an asset category and a query. The Enforcement Action will be run on the assets that match the query parameters.
- A query only returns results for the asset type it was created for.
- Not all asset categories are supported for all Enforcement Actions.
- See Actions supported for Activity Logs, Adapter Fetch History and Asset Investigation Modules
- See Actions supported for Vulnerabilities.
- See Actions supported for Software.
- Action name (required) - The name of the Main action. A default value is added by Axonius. You can change the name according to your needs.
- Configure Dynamic Values - Toggle on to enter a Dynamic Value statement. See Creating Enforcement Action Dynamic Value Statements to learn more about Dynamic Value statement syntax.
Required Fields
These fields must be configured to run the Enforcement Set.
Azure Client ID - The Application ID of the Axonius application, as detailed in the Required Permissions section.
Azure Client Secret - A user created key for the Axonius application, as detailed in the Required Permissions section.
Workspace ID - Workspace ID in PowerBI.
Dataset Name (required, default: AxoniusDataset) - the dataset name in PowerBI. In Power BI, click Datasets in the left pane.
Table Name (required, default: AxoniusTable) - the table name in PowerBI. Select a dataset and the tables in that dataset are listed below in Explore related reports.
Notes:- If no table with the supplied name exists in the dataset, it will be created.
- When a change is made to a table, the table is recreated with the new data (if any). Power BI does not have an Update Table function.
Additional Fields
These fields are optional.
Azure Tenant ID - Microsoft Azure Active Directory ID.
Microsoft Username and Microsoft Password (required) - Microsoft Account credentials.
Include Fields from Saved Query - If enabled, the fields specified in the saved query will be sent to Power BI.
Map Axonius fields to Power BI fields - Use the Field Mapping Wizard to map Axonius fields to fields in Power BI. In this way you can transfer data found in Axonius into Power BI. The wizard shows you which fields exist on the Axonius system, allowing you to map them easily.
NOTEFor details, see Axonius to External Field Mapping.
Set GOV URL - When selected, sends the data to app.powerbigov.us for government use instead of app.powerbi.com.
Verify URL - Verify the SSL certificate offered by Power BI. For more details, see SSL Trust & CA Settings.
HTTPS proxy (optional, default: empty) - A proxy to use when connecting to the server.
Tunnel Name - For Axonius-hosted (SaaS) deployments. Select the tunnel through which to connect to perform the action.
Scheduling
Use the scheduling options to execute Enforcement Actions on specific dates and times. You can also configure repeat schedules.
For more details, see Scheduling Enforcement Set Runs.
APIs
Axonius uses the Microsoft Power BI Rest API Push Dataset.
Required Permissions
Preferred Methodology for Creating Permissions
Create an application in the Microsoft Azure Portal. For details, see Creating an application in the Microsoft Azure Portal.
This application requires the Power BI Service → Tenant.ReadWrite.All Application access.
If you already have an Azure client configured for the Azure adapter, you can add this permission to the existing application.
In Power BI, Go to Settings → Admin portal → Tenant Settings → Developer settings → Enable Allow service principals to use Power BI APIs.
Either apply this change to the entire organization or include a specific security group and include your new Service Principal (the application we just created) into the group. In this example, the Service Principal is a member of the axonius-powerbi security group.
Within the specific workspace → access, include the Service Principal or security group as a contributor.
When using this method, the Tenant ID is required for the Service Principal.
Creating Permissions Using a Master User
You can also use Delegated permissions and a user account to send data to Power BI.
Common Microsoft security practices, such as Conditional Access, may block this approach.
- To connect with delegated permissions, you must register an Azure AD application with Power BI.
- The application needs to have Power BI Service → Dataset.ReadWrite.All Delegated access.
- When using this method, the Username and Password of the Master user account is needed.
For more details about other Enforcement Actions available, see Action Library.