separation of internal and external users in azure ad but allow all to use power BI

Question

urrently my team and I have a client that is using Power BI Premium.

We need to have Row Level Security enabled for both internal and external users.

We gave a recommendation to have Azure AD groups handle user management, but the client does not want to have all of there internal and external users be shown in their Azure AD. They believe it will be unmanageable for them. They want us to recommend another way to be able to manage internal users in Azure AD and have all external users managed in Azure AD, but completely separated from internal users, or by some other user management service that Azure provides. All the while, remaining in the same tenant since it seems the Power Bi Premium license can only be associated to one tenant and being able to have Row Level Security implemented for both internal and external users.

Is this possible? If so, how can we do it?

Answer 1

The sharing of power Bi to external users is done through azureB2B, and the external users exist as a guest member in azure.

So let’s see how to implement the separation

The only way is to use Power BI embedded to transfer the power bi reports in a different separate web app that should be created by you, and implement access management on it after the above process you are able not to see the external user on power bi but you have to deal with all user-level management.

Want to earn a certificate in Power BI? here is the Power BI Course that will make you industry ready!