Rights and Authorizations - Microsoft Power BI

Tenant ID

Go to Microsoft Azure and choose Microsoft Entra ID > Overview

Step by step guide

Azure Portal

App registration

1. Access “Microsoft Entra ID” in Azure Portal

   

2. Add a new “App registration”

   

3. Name it e.g. “Metadata API - Power BI”, set it to “Accounts in any organizational directory (Any Microsoft Entra ID tentant - Multitenant)” and register

   

4. On the next page the Application (client) ID is what is needed for as Client ID in the Power BI connection in Metadata API.

   

5. Create Secret

   1. Go to “Certificates & secrets”

   2. Choose “Client secrets”

   3. Select “New client secret”

   4. Enter a Description (e.g. “Metadata API - Power BI Secret”)

   5. Enter Expires value (e.g. 24 months)

   6. Click “Add”

      

6. Copy Value of the next page as Client Secret

   

7. Assign User.Read Permission of Microsoft Graph by going to API permissions and pressing “Grant admin consent for <your company>”

   

Create Group in Entra ID

1. Go to Microsoft Entra ID

   

2. Go to groups

   

3. Add a new group

   

4. Insert a group name (e.g. “Metadata API - Power BI Group”)

   

5. Go to All groups

   

6. Search the group and select it

   

7. Select Members

   

8. Select Add members

   

9. Select the App you created above in step 3 (e.g. Metadata API - Power BI)

   

Power BI

1. Open the Power BI Admin Settings https://app.powerbi.com/admin-portal/tenantSettings?experience=power-bi

2. Find the category Admin API settings and maintain it

   1. Enable the “Service principals can access read-only admin APIs”

   2. Insert the created security group

   3. Apply it

      

3. Enable the following settings too

   1. “Enhance admin APIs responses with detailed metadata”

   2. “Enhance admin APIs responses with DAX and mashup expressions”

      

Configuration in appsettings.json of Metadata API