Secure Embed Power BI into D365
Updated: Feb 19, 2019
A very common need I see more and more of these days, is to easily and securely be able to embed Power BI into Enterprise Business Processes and Apps. Luckily you actually have the option to do so in a very simple and secure way now. See end result below:
Secure Embed in Power BI
Very recently (09.01.19) the Power BI Team released a great new functionality within the Power BI Service, called secure embed. What this enables us to do, is with very little code to securely embed Power BI content into internal sites or portals. The two options we previously had, was basically publish to web, which is not a secure option, but very similar to secure embed and Power BI Embedded- User owns data which require development skills and infrastructure.
How do we do this?
First of all, you need to have some Power BI Content that you would like to embed into D365. In my case I have uploaded the Contoso Sales Sample PBIX into my demo workspace in the PBI Service:
Then I chose the Embed- Secure option for internal websites or portals to generate the embed code:
As we see from the URL it says autoAuth=true in the end, which gives us an indication that this requires authenthication.
I copy the embed link and head over to my D365 for Sales Tenant where I would like to embed the report, in my case I would like to display the content on an Account Form:
When I get to Edit Form I move over to the insert tab, and choose iFrame:
I then have to enter some properties for my iFrame, where the Power BI Secure embed URL is one of them. Another thing worth mentioning, is that you have to untick the restrict cross-frame scripting option:
And Voila, we have our Power BI report embedded into the Account form.
Will the users be able to see this now?
That depends, as we consultants tend to say.. The report has to be shared with the users in Power BI as well, this can be done for security groups for instance. And the consumer of the Power BI content needs a Pro License or the report has to reside in a Premium capacity. If the user does not have access to the report, he/she will see a request access to report in the iFrame.
There are some limitations to this approach. First of all it doesn't look that visually nice by default. However, you can fix some of these to make it look at little bit better than this:
First of all, hide the report page and second of all, enable the new filter pane experience in Power BI Desktop (preview, you have to enable it):
What I would really love, is if we can secure embed tiles in the future, and if we can send in &filterPaneEnabled=False like we are able to do in Power BI embedded. I did also test a bit around using query parameters on the secure embed URL, that did not seem to work at the time when I wrote this blogpost. However it did work two weeks later, and I see that CRMChartGuy has written a blogpost similar to mine, where he also explains how to pass in parameters from a web resource in D365 (https://crmchartguy.com/2019/02/18/embed-power-bi-visuals-in-dynamics-365-with-secure-embed/). I will add this to my demo as well.
?filter=Product/Manufacturer eq 'A. Datum Corporation'
However, Secure embed does work with Row Level Security, so that will be my add-on to test and write about in a continued blog post. And note that Power BI will be integrated more closely with PowerApps in the coming release (April'19). So hopefully there will be better options to embed tiles and reports in the future without development.
Have a good Sunday!