Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Information protection tenant settings help you to protect sensitive information in your Power BI tenant. Allowing and applying sensitivity labels to content ensures that information is only seen and accessed by the appropriate users. These settings are configured in the tenant settings section of the Admin portal. For information about how to get to and use tenant settings, see About tenant settings.
Allow users to apply sensitivity labels for content
With this setting enabled, specified users can apply sensitivity labels from Microsoft Purview Information Protection.
All prerequisite steps must be completed before enabling this setting.
Sensitivity label settings, such as encryption and content marking for files and emails, aren't applied to content. Sensitivity labels and protection are only applied to files exported to Excel, PowerPoint, or PDF files that are controlled by Export to Excel and Export reports as PowerPoint presentation or PDF documents settings. All other export and sharing options don't support the application of sensitivity labels and protection.
To learn more, see Sensitivity labels in Power BI.
To view sensitivity label settings for your organization, visit the Microsoft Purview portal.
Apply sensitivity labels from data sources to their data in Power BI
When this setting is enabled, Power BI semantic models that connect to sensitivity-labeled data in supported data sources can inherit those labels, so that the data remains classified and secure when brought into Power BI.
To learn more about sensitivity label inheritance from data sources, see Sensitivity label inheritance from data sources.
Automatically apply sensitivity labels to downstream content
When a sensitivity label is applied to a semantic model or report in the Power BI service, it's possible to have the label trickle down and be applied to content that's built from that semantic model or report.
To learn more, see Sensitivity label downstream inheritance.
Allow workspace admins to override automatically applied sensitivity labels
Fabric admins can enable the Allow workspace admins to override automatically applied sensitivity labels tenant setting. This makes it possible for workspace admins to override automatically applied sensitivity labels without regard to label change enforcement rules.
To learn more, see Relaxations to accommodate automatic labeling scenarios.
Restrict content with protected labels from being shared via link with everyone in your organization
When this setting is enabled, users can't generate a sharing link for People in your organization for content with protection settings in the sensitivity label.
Note
This setting is disabled if you haven't enabled both the Allow users to apply sensitivity labels for Power BI content setting and the Allow shareable links to grant access to everyone in your organization setting. Additionally, this setting only applies to sharing via People in your organization links; it does not apply to sharing of Apps to the entire organization.
Sensitivity labels with protection settings include encryption or content markings. For example, your organization might have a Highly Confidential label that includes encryption and applies a Highly Confidential watermark to content with this label. Therefore, when this tenant setting is enabled and a report has a sensitivity label with protection settings, then users can't create sharing links for People in your organization:
To learn more about protection settings for sensitivity labels, see Restrict access to content by using sensitivity labels to apply encryption.
Domain admins can set default sensitivity labels for their domains (preview)
Domain admins can set a default sensitivity label for their domains. The label they set overrides your organization's default labels in Microsoft Purview as long as it has a higher priority than the existing default labels set for your tenant.
A domain's default label automatically applies to new Fabric items created within the domain. Reports, semantic models, dataflows, dashboards, scorecards, and some additional item types aren't currently supported.
For more information, see Domain default sensitivity labels.
Allow Microsoft Purview to secure AI interactions
Turn on this setting to allow Microsoft Purview to access, process, and store prompts and responses, including metadata, for data security and compliance scenarios such as sensitive info type classification, reporting in Microsoft Purview Data Security Posture Management for AI, Audit, Insider Risk Management, Communication Compliance, and eDiscovery.
This capability is part of Microsoft Purview and isn't included in Copilot in Fabric pricing.
For more information, see Microsoft Purview for AI interactions.