Skip to content
LeadAfrik
Module 12 of 1245 min readMixed

Governance — endorsement, sensitivity, audit, COE

Certified vs promoted datasets, sensitivity labels, audit logs, the Centre of Excellence pattern. What separates a few power-users from an enterprise capability.

100%

Listen along

Read “Governance — endorsement, sensitivity, audit, COE” aloud

Plays in your browser using on-device text-to-speech — nothing leaves the page.

Learning objectives

By the end of this module, you should be able to:

  • 01Apply Microsoft Purview sensitivity labels to datasets and reports
  • 02Recognise the role of certified vs promoted datasets in dataset sprawl
  • 03Build a Centre of Excellence (COE) model for governing Power BI at scale

Two years into a Power BI deployment, every organisation hits the same wall: hundreds of datasets, dozens of duplicate 'sales total' definitions, no clear data ownership, security policies inconsistently applied. The governance layer — labels, certification, the COE pattern — is what separates a tool deployment from an enterprise data capability.

Sensitivity labels (Microsoft Purview)

Sensitivity labels (Public, Internal, Confidential, Restricted) attach to datasets and reports. The label travels: if a user exports to Excel, the Excel file is labelled and encrypted; if to PDF, the PDF carries the label. Combined with Data Loss Prevention policies, this is how regulated industries (banks, healthcare) actually deploy Power BI without leaking data.

Endorsement: Certified vs Promoted

  • Promoted: any author can promote their own dataset. Signals 'this is intended for reuse'. Low bar.
  • Certified: only specific authorised users can certify. Signals 'this is the authoritative source for X'. High bar; requires review.
  • Both surface in the data hub with a badge — users searching for 'Revenue' see certified datasets first.

Why certification matters

Without certification, every analyst builds their own 'Revenue' measure from raw data. By month 6, the executive team has seen five different revenue numbers from five different reports. Certification creates one trusted Revenue dataset that every report should reference. Certification is more cultural change than feature — but the feature gives the cultural change something to attach to.

The Centre of Excellence pattern

A COE is a small team (usually 3-10 people) responsible for: setting up workspaces, certifying datasets, training analysts, defining themes and design standards, running tenant-level admin (audit logs, capacity monitoring, security policies). Microsoft publishes a COE starter kit on the powerbi.microsoft.com site — a Power BI App that gives you tenant-wide visibility into dataset sprawl, refresh failures, and unused content. Adopting it is free; running it is the cost.

Audit logs and adoption

Tenant audit logs (Microsoft 365 Security & Compliance Center) record every Power BI action: who viewed which report, who exported, who shared. Pull these into a Power BI report (irony intentional) for adoption monitoring. The most-viewed reports get more investment; unviewed reports get retired in the quarterly audit.

Exercise

If you have Power BI tenant access, look at the dataset list in your tenant (or your workspace). Are any datasets certified? Promoted? What fraction have sensitivity labels? What does the distribution tell you about the maturity of governance in your organisation?

Key takeaways

  • Sensitivity labels travel with the data — to PDF exports, downloaded .pbix, even Excel pivots.
  • Certified datasets are the trusted single source; certification is a stamp, not just a feature.
  • A COE is how organisations move from a few champions to enterprise capability.
Loading progress…

← Previous

Module 11

Power BI Service — workspaces, apps, deployment pipelines

LeadAfrikPublic Economics Hub
Editorial standardsSuggest a correctionCourse index