Microsoft Viva: Create and customize PBI reports

🚨 The Signal: Viva Insights now allows users to create and customize Power BI reports directly. This increases the potential for sensitive organizational data to be exposed or misused if not properly governed.

The Impact

Data analysts and leaders are affected, increasing the risk of sensitive data exposure if access controls are not reviewed.

  • Data Analysts: Risk of over-sharing sensitive insights if reports are broadly distributed.
  • Organizational Leaders: Risk of misinterpreting data if custom reports are poorly configured.
  • Security Teams: Increased scope for data loss prevention (DLP) monitoring and policy enforcement.
  • Compliance Officers: New considerations for data retention and access auditing for custom reports.

The Action

  1. Review existing Viva Insights access policies in the Microsoft 365 admin center.
  2. Implement or update Power BI data loss prevention (DLP) policies for Viva Insights datasets.
  3. Audit existing Power BI sharing settings for Viva Insights reports and dashboards.
  4. Communicate best practices for sensitive data handling when customizing and sharing reports.
  5. Ensure data classification labels are applied to Viva Insights data sources and reports.

Domain: Purview · Impact: high · Workload: Microsoft Purview