Sync Analyze Dashboards and Dataset to Customer PowerBI

  • 3 minute(s) read
Prev Next

This document describes the necessary steps to synchronize the eShare Analytics Dashboard and the underlying Power BI dataset from eShare infrastructure to a dedicated Power BI Workspace created in the Customer’s Azure tenant. At a high level, the steps involved are:

REQUIREMENT:

The Person performing these steps must have an administrator role assignment of Application Administator, Cloud Application Administator, Fabric Administrator, or Global Administator in the destination M365 tenant.

Why Should We Do This?

  • Having the eShare dataset synced to your PowerBI allows BI developers to enhance it with additional data sources and create custom reports.

  • It facilitates sharing reports with custom filters with other internal users.

  • Synchronization is one-way so there is no impact to the original dataset and visualizations provided by eShare.

  • Ability to integrate the dataset with other automation triggers and workflows (ex. Power Automate)

  • Allows your users to subscribe to reports.

Authorize “eShare PowerBI Automation” Service Principal (Consent URL)

The ‘eShare PowerBI Automation’ application is owned by eShare, published and verified by Microsoft Partner Network.

  1. Login to the Entra Identity Portal as an Administrative user (For Commercial Customers: https://entra.microsoft.com | For Government Customers: https://entra.microsoft.us).

  2. Under the ‘Entra ID‘ dropdown in the left Navigation pane, on the ‘Overview’ page, find and copy the Tenant ID.

  1. Open a new browser Tab/Window in the same session, enter the following URL while replacing the ‘{tenant_id}‘ section with your Organization’s Tenant ID.

Azure Commercial Customer URL
https://login.microsoftonline.com/{tenant_id}/adminconsent?client_id= 3d81e65d-fc33-4a36-94a4-b690d4c3dc03

Azure Government Customer URL
https://login.microsoftonline.us/{tenant_id}/adminconsent?client_id=4ff15db4-4168-4d1d-9e92-f7434abb96ec

  1. When prompted, sign in to the M365 admin account, an App called ‘eShare PowerBI Automation‘.

  2. Review the requested permissions and select ‘Accept‘ to add the application.

NOTE:

The ‘PowerBI Automation’ application does not require any MS GRAPH permissions, only the service principal entity needs to be created which will then be given access through PowerBI RBAC. The delegated MS GRAPH permission of ‘user.read’ is only requested due to a minimum requirement of having 1 permission for consent.

  1. After the app has been approved, the page will be redirected eshare.com which indicates the application has been successfully Installed. Navigate back to the ‘Enterprise Applications‘ section in Entra ID

Authorize “eShare PowerBI Automation” Service Principal (PowerShell)

An alternative means to consenting for the ‘eShare PowerBI Automation’ Service Principal is utlizing PowerShell. Running the below commands will create the Service Principal in your tenant without having to consent for MS GRAPH permissions.

NOTE:

The ‘Application.ReadWrite.All’ permission is a delegated permission needed for the M365 administrator to run the PowerShell Command. Running this command does not consent this permission for the Service Principal. The ‘New-MgServicePrincipal‘ command creates the application in your Azure Tenant (Official Microsoft Documentation):

Commercial Cloud PowerShell Commands (https://graph.microsoft.com)

connect-MgGraph -Scopes "Application.ReadWrite.All"
New-MgServicePrincipal -AppId 3d81e65d-fc33-4a36-94a4-b690d4c3dc03

Government PowerShell Commands (https://graph.microsoft.us)

connect-MgGraph -Environment USGov -Scopes "Application.ReadWrite.All" 
New-MgServicePrincipal -AppId 4ff15db4-4168-4d1d-9e92-f7434abb96ec

Allow Service Principal to Access the PowerBI REST API

  1. Go to the ‘PowerBI Admin Portal‘ (For Commercial Customers: https://app.powerbi.com/admin-portal | For Government Customers: https://app.high.powerbigov.us/admin-portal).

  2. In the left navigation bar, select the ‘Tenant Settings’ tab (should be default landing page.

  3. Navigate down the page and locate the ‘Developer settings’ section.

  4. Enable the ‘Allow service principals to use PowerBI APIs’ toggle.

  5. Select an option under ‘Apply to‘ and then ‘Apply’ the changes.

NOTE:

It is recommended to add the ‘eShare PowerBI Automation’ Service Principal to a M365 Security group, then add this group the PowerBI APIs allow list. Avoid opening the PowerBI APIs to the entire organization.

Provide Service Principal Access to the Workspace

  1. Create or idenitify a Workspace where the Dataset and Dashboards should be synced to.

  2. Within the Workspace select ‘Manage access’ in the top right corner of the page.

  1. On the ‘Manage access’ pop out window, select the ‘+ Add people or groups’ button, search for the Service Prinicpal ‘eShare PowerBI Automation’ and add it as a member of the workspace.

  1. Lastly, gather the following information and provide it to your eShare Customer Success Manager so they can complete the connection:

    1. M365 Tenant ID

    2. Name of the PowerBI Workspace

    3. Desired name of the Dashboard

Related articles