Microsoft Azure - Send Assets to Microsoft Power BI

Microsoft Azure - Send Assets to Microsoft Power BI (Send Data to Microsoft Power BI) inserts the assets retrieved from the saved query supplied as a trigger (or entities selected in the asset table) to the Microsoft Power BI table supplied.
When used with a saved query as a trigger, only the fields configured in the saved query are inserted to the supplied table.

General Settings

Required Fields

These fields must be configured to run the Enforcement Set.

1. Azure Client ID - The Application ID of the Axonius application, as detailed in the Required Permissions section.

2. Azure Client Secret - A user created key for the Axonius application, as detailed in the Required Permissions section.

3. Workspace ID - Workspace ID in PowerBI.

4. Dataset Name (required, default: AxoniusDataset) - the dataset name in PowerBI. In Power BI, click Datasets in the left pane.
   

5. Table Name (required, default: AxoniusTable) - the table name in PowerBI. Select a dataset and the tables in that dataset are listed below in Explore related reports.
   

   Notes:

   • If no table with the supplied name exists in the dataset, it will be created.
   • When a change is made to a table, the table is recreated with the new data (if any). Power BI does not have an Update Table function.

Additional Fields

These fields are optional.

• Azure Tenant ID - Microsoft Azure Active Directory ID.

• Microsoft Username and Microsoft Password (required) - Microsoft Account credentials.

• Include Fields from Saved Query - If enabled, the fields specified in the saved query will be sent to Power BI.

• Map Axonius fields to Power BI fields - Use the Field Mapping Wizard to map Axonius fields to fields in Power BI. In this way you can transfer data found in Axonius into Power BI. The wizard shows you which fields exist on the Axonius system, allowing you to map them easily.

  NOTE

  For details, see Axonius to External Field Mapping.

• Set GOV URL - When selected, sends the data to app.powerbigov.us for government use instead of app.powerbi.com.

• Verify URL - Verify the SSL certificate offered by Power BI. For more details, see SSL Trust & CA Settings.

• HTTPS proxy (optional, default: empty) - A proxy to use when connecting to the server.

• Tunnel Name - For Axonius-hosted (SaaS) deployments. Select the tunnel through which to connect to perform the action.

Scheduling

APIs

Axonius uses the Microsoft Power BI Rest API Push Dataset.

Required Permissions

Preferred Methodology for Creating Permissions

1. Create an application in the Microsoft Azure Portal. For details, see Creating an application in the Microsoft Azure Portal.

2. This application requires the Power BI Service → Tenant.ReadWrite.All Application access.

3. In Power BI, Go to Settings → Admin portal → Tenant Settings → Developer settings → Enable Allow service principals to use Power BI APIs.

4. Either apply this change to the entire organization or include a specific security group and include your new Service Principal (the application we just created) into the group. In this example, the Service Principal is a member of the axonius-powerbi security group.

   

5. Within the specific workspace → access, include the Service Principal or security group as a contributor.
   

6. When using this method, the Tenant ID is required for the Service Principal.

Creating Permissions Using a Master User

You can also use Delegated permissions and a user account to send data to Power BI.

• To connect with delegated permissions, you must register an Azure AD application with Power BI.
• The application needs to have Power BI Service → Dataset.ReadWrite.All Delegated access.
• When using this method, the Username and Password of the Master user account is needed.