Power BI Ideas Admin on 20 Jun 2020 06:38:54
Use Service Principal instead of full user accounts to authenticate and connect to power bi cmdlets while pulling activity logs.
- Comments (3)
RE: Service principal to pull Activity logs
Even after three years, this remains a pressing concern. While I fully support the use of Service Principals for pulling activity logs, I'd also like to highlight the urgency for more granular API permissions. Accessing Power BI activity logs for the entire tenant currently demands sweeping permissions across multiple Microsoft 365 APIs. A role-based granularity specific to each API would not only enhance security but also align with best practices. It's high time we pivot towards a safer and more efficient system.
RE: Service principal to pull Activity logs
Agreed and this should have hundreds of votes! https://ideas.powerbi.com/forums/265200-power-bi-ideas/suggestions/39641572-need-service-principle-support-for-admin-api
RE: Service principal to pull Activity logs
I would like to see this implemented so that I can implement Microsoft security best practices of using applications with a dedicated purpose only intended for one use of collecting the data.Today this runs under a personal account of an administrator that has access to significantly more than otherwise the scope of the developed solution to collect the activity logs should need.
One possible alternative is to a dummy human account for this purpose, but this feel like it defeats the purpose that is intended to be solved by registering an App.