Power BI now blocks access to reports by applying sensitivity labels to semantic models
Reviewed by Helen Jones
Microsoft made protection policies generally available. A sensitivity label such as 'Highly Confidential' placed on a semantic model now restricts access at runtime to only the users or groups named in the linked Purview policy. Reports and dashboards receive no direct protection. Blocking the model prevents the underlying data from appearing in any connected report or dashboard. Labels can be set manually, by default, by mandatory rules, or inherited from upstream Fabric items such as Lakehouses or Warehouses.
Before this change, access depended on workspace roles, item permissions, and row-level security that had to be managed separately for each report and workspace. Moving a report or sharing a model often required new permission grants and created gaps when data crossed boundaries. Now the restriction travels with the label on the model itself. One policy decision made in Purview can cut off access across dozens of reports and hundreds of users without touching each workspace. The practical effect is that report owners lose direct control over who sees their numbers while compliance teams gain the ability to enforce rules they may not fully understand.
Analysis
Audit every semantic model you publish this week and note which labels are already applied or inherited; assume any mismatch will break downstream reports before the next scheduled refresh.
Pulse published by Collab365 Spaces, reviewed by Helen Jones on . Cite as "Power BI now blocks access to reports by applying sensitivity labels to semantic models", Collab365 Spaces. 1 source referenced.