Even though we have a security group controlled and locked down to allow for PowerBI Graph API, one of the gaps we see is that we don't get SPN data flowing from PowerBI into Microsoft Defender for Cloud Apps. This means that you can add an SPN to allow for PowerBI graph api and then you can add that SPN to any workspace access and allow for graph API ingestion without any oversight or logging.
We were told it's an architecture design, but this means we can't get alerted when one of these SPNs all of a sudden get added to a sensitive workspace.
akatesmith
on:
Fabric SQL database has to support fully Power BI
on:
Get rid of Microsoft sidebar in Power BI new works...