Graphed LogoGraphed
Login

How to Enable Tenant Settings in Power BI

Cody Schneider

Power BI tenant settings are the central control panel for managing how your entire organization interacts with its data. Correctly configuring these settings lets you balance powerful features with necessary security and governance, and this guide will walk you through exactly how to enable and manage them effectively.

First Things First: Finding the Power BI Admin Portal

Before you can change any settings, you need to know where to find them. All tenant-level administration happens within the Power BI Admin portal. Think of it as the backstage area of your company's Power BI environment, where you control what your users can and can't do.

There's a catch, though: not everyone can get in. Access to the Admin portal is restricted. Roles like Power BI Administrator, Power Platform Administrator, and Microsoft 365 Global Administrator typically get a key to the door. If you don't see the option described below, you'll need to talk to your IT team about getting the right permissions.

Here's how to access the portal:

  1. Log into your Power BI Service account at app.powerbi.com.

  2. In the top right corner of the screen, click the Settings gear icon (⚙️).

  3. From the dropdown menu, select "Admin portal."

Once you click it, you'll be taken to the management dashboard. On the left menu, you'll see a long list of options, but for our purposes, we're focusing on "Tenant settings." Let's dive in.

Navigating the Main Tenant Settings You Need to Know

The "Tenant settings" section is where all the action happens. It's a comprehensive list of every global feature you can turn on or off. Microsoft breaks these settings down into logical groups to make them easier to navigate. Knowing which section does what is half the battle.

Here are the key setting categories you’ll be working with most often and what they control:

  • Workspace settings: Controls who can create modern workspaces for collaboration. Workspaces are the primary containers for publishing reports, dashboards, and datasets.

  • Export and sharing settings: Manages how data and reports can leave the Power BI ecosystem. This section is all about data governance — think exporting to Excel or PDF, publishing to the public web, and inviting guest users.

  • Information protection: Lets you apply sensitivity labels to your data, aligning with your company's broader data security policies to classify content as "Confidential," "Internal," etc.

  • Discovery settings: Helps users find data. Specifically, it controls whether users can make their polished datasets "discoverable" so others in the organization can easily build new reports from them.

  • Integration settings: Dictates whether Power BI can communicate with other services like ArcGIS for mapping, XMLA endpoints for advanced data modeling, and Snowflake or Azure services.

  • Custom visuals settings: Controls the use of third-party visuals from AppSource. While these can add rich functionality, they also come with potential security risks.

  • Audit and usage settings: Governs logging and metrics. This includes creating audit logs for compliance reviews and providing content creators with metrics on how their reports are being used.

When you modify a setting, you'll typically see three main options for enabling it:

  1. The entire organization: As it sounds, the feature is enabled for every licensed Power BI user in your tenant. Use this sparingly.

  2. Specific security groups: This is the recommended approach for most settings. It lets you enable a feature for a pre-defined group of users (e.g., "Marketing Team" or "Power BI Super Users"). This gives you granular control.

  3. Except specific security groups: In this case, you enable a feature for everyone except the groups you specify.

How to Configure Critical Tenant Settings: A Practical Guide

Now that you know your way around, let's configure a few of the most frequently-managed settings with step-by-step instructions. These are the settings that have the biggest day-to-day impact on your users.

1. Controlling How Data is Exported and Shared

This is arguably the most important section for data security. If your data is sensitive, you need to be very intentional about who can take it out of Power BI.

Enable Publish to web

The "Publish to web" feature generates a public link and an embed code for a Power BI report. Anyone on the internet with this link can view the report. This is fantastic for sharing public data (like municipal dashboards or public health statistics) but a massive security risk if used with confidential company data.

To configure this setting:

  1. In the Admin portal, navigate to Tenant settings and scroll to Export and sharing settings.

  2. Locate Publish to web and expand it.

  3. Flick the switch to Enabled.

  4. You’ll be presented with a choice: allow existing codes only or allow the creation of new codes. Choose how granular you need to be.

  5. For the "Apply to" setting, it's highly recommended you choose Specific security groups. Create a security group in Azure Active Directory (e.g., "Public_Data_Publishers") and add only the trusted users who need this capability. Never enable this for "The entire organization" unless you have a clear, company-wide use case for it.

Enable Export to Excel and Export as Image/PDF

Users often want to pull data or visuals into presentations and spreadsheets. By default, this is usually enabled, but you may want to restrict it to prevent sensitive data from ending up in unprotected files on local machines.

To configure this setting:

  1. Find the setting Export reports as PowerPoint presentations or PDF documents (and the related Export to .csv & Export to Excel settings).

  2. Toggle them to Enabled.

  3. Again, use the Specific security groups option to control who can do this. You might allow everyone to export to PDF but perhaps only allow your finance team to export raw data into Excel.

This same logic applies to Allow external guest users to edit and manage content — turn it on, but always limit it to a security group that contains only the guests who need these elevated permissions.

2. Managing Workspace Creation

By default, any licensed user might be able to create a workspace. In larger organizations, this can quickly lead to hundreds of unused, duplicate, or poorly named workspaces, creating a messy environment. You can control this to maintain order.

To configure this setting:

  1. Find the Workspace settings section.

  2. Expand the Create workspaces (new workspace experience) setting.

  3. Enable it and apply it to a Specific security group. Consider creating a group named "Workspace_Creators" and have people request access to it. This ensures that only users who have been informed about your organization’s governance rules and naming conventions are creating new collaborative areas.

3. Allowing or Blocking Custom Visuals

The AppSource marketplace is full of useful custom visuals, but not all are created equal. Power BI has a “certification” process that checks visuals for security and performance. Uncertified visuals haven’t gone through this review and could, in theory, send your data to external services. Admins can decide the level of risk the organization is willing to take on.

To configure this setting:

  1. Navigate to the Custom visuals settings section.

  2. You have a few options. The setting Add and use custom visuals can be turned on or off entirely.

  3. A safer approach is to leave that enabled but check the box for "Only allow use of certified visuals." This blocks any visuals that haven't been vetted by Microsoft while still giving your users access to a rich library of approved ones.

  4. Click Apply to save the changes.

Best Practices: Managing Tenant Settings Safely

Adjusting these settings can feel intimidating because your changes affect the entire organization. Follow these simple best practices to stay out of trouble:

  • Principle of Least Privilege: The golden rule. Start with most features turned off or restricted. Only enable what is truly needed, and only for the smallest group of people necessary to get the job done.

  • Use Security Groups Religiously: Avoid enabling features for "The entire organization." Take the time to create specific Azure AD security groups for different user personas (e.g., Report Viewers, Content Creators, Data Analysts). It's more work upfront but gives you a scalable and secure framework.

  • Document Your Changes: When you change a tenant setting, make a note of it. Why did you change it? Who requested the change? Which security group is it applied to? This simple documentation is a lifesaver when you need to audit your security posture or troubleshoot an issue months later.

  • Review, Review, Review: Your data governance needs will evolve. Set a reminder to review your Power BI tenant settings once every quarter or twice a year. Is that old rule still relevant? Does this still align with our company's security policies? Staying proactive prevents small issues from becoming big problems.

Final Thoughts

Properly configuring Power BI's tenant settings is central to building a sustainable and secure analytics culture. By moving beyond the default options and thoughtfully enabling features, you can empower your users to create amazing things with data while preventing the platform from becoming an unmanageable mess. Taking the time to lock in these rules transforms Power BI from just a tool into a true governed asset for your entire company.

The layers of administration and detailed configuration in tools like Power BI are powerful, but also highlight why many teams feel a gap between their data and the direct answers they need. To close this gap, we built Graphed. It lets you skip the administrative overhead by connecting data sources in a few clicks and using natural language to build dashboards, reports, and get real-time insights instantly. Instead of navigating endless settings menus, you just ask for what you need to see, and the platform delivers the answers.