Power Platform Extranets with AAD B2B Users: Using LastPass to Publish with Power BI Desktop; Dataflow & XMLA Access; And More!

No More Copying/Pasting Passwords in Power BI Desktop

Unlike Office Microsoft 365 desktop applications, Power BI Desktop doesn’t keep track of more than one account at a time, which is quite annoying for people like myself who work across several tenants. Like many people I use a password manager, and for years I had to copy and paste from Lastpass to the authentication modal box opened by Power BI Desktop.

Not anymore! Go to Options > Security > Authentication Browser > Use my default web browser. Now your authentication window is a regular browser tab which Lastpass (and I assume its competitors) will know how to fill in. This has also helped people who for some reason couldn’t otherwise authenticate from Power BI Desktop.

I’ve started doing this at the end of 2021 though I’m not sure which version of Power BI Desktop introduced that option. The “Learn More” link in the Options window just links to the Power BI documentation portal and I couldn’t find the actual page describing this functionality. In any case, yay for convenience! This also works to switch tenants for dataflow sources.

Interlude – A Rant!

Over the years people have filed several ideas related to multi-tenant access in the Ideas forum, a website that’s so bad I’m forcing myself to ignore it otherwise I get angry. Microsoft’s is hyping AI to sort through huge volumes of unstructured text, yet to solve problems of their own making, they ask end users to manually send deduplication requests. “Muh but it only affects a few consultants”, to which I’d answer, do you even understand how consulting works? Improving the productivity of a single consultant affects positively dozens of end-using organizations over time, I thought Microsoft for one understood leverage.

Bonus Notes for Consultants and AAD B2B Guest Users, Using Power BI and Friends

First, if you’re an AAD B2B guest user in someone else’s tenant, you can publish to their tenant from Power BI Desktop despite the official documentation saying otherwise, thanks to the workaround demonstrated in the following video via “Sign-in Options”. This same technique also works to access dataflows as a B2B guest.

Second, you can use the XMLA endpoint as an AAD B2B guest, make sure to substitute the organization’s domain name to the myorg default string, as explained in the docs.

Third, at the end of 2022 Microsoft added the ability to access Power BI entities across tenants. So we have three main options as consultants:

  1. Get clients to create an account in their tenant for you. This is still my preferred way to work on long term project, but in my experience it’s harder or even nigh impossible to obtain from Fortune 500 companies.
  2. Have clients invite your own Microsoft 365 account as an AAD B2B guest and allow edit/manage from guests. You have to have your own domain name, there’s no Azure AAD B2C support in Power BI, and you’ll have to determine whether you bring your own Pro/PPU license or have the client provision one for you (unless they have Premium capacity).
  3. Have clients share assets cross tenant. This may be useful if they already have a promoted dataset you want to use as a source for a Live Connection report, but I haven’t really explored that pattern and its limitations yet.

Support for AAD B2B Guests Across the Microsoft Stack

I still run into random limitations as a guest user across the Microsoft ecosystem, for instance I haven’t been able to launch PowerPoint or Whiteboard sharing from Teams, but things have been getting better over time. Besides Power BI, I’ve tested extranet scenarios to good effect with Power Apps and Power Pages. With my friends at Lumel we have built a proof of concept combining their writeback functionality in a Power BI embedded report within a Power Pages site shared with B2B guests while using RLS. Wow, that was a mouthful!

Conclusion: the ability to create low-code data extranets with the Power platform is real.

Leave a Reply

Your email address will not be published. Required fields are marked *