Developer tenant settings

These settings are configured in the tenant settings section of the Admin portal. For information about how to get to and use tenant settings, see About tenant settings.

To manage Power BI developer settings, you must be a Fabric administrator. For more information about the Fabric administrator role, see Understand Microsoft Fabric admin roles.

Note

The developer settings in the Admin portal are different from and not related to the developer mode setting for debugging visuals.

Embed content in apps

Users in the organization can embed Power BI dashboards and reports in software as a service (SaaS) applications. Disabling this setting prevents users from being able to use the REST APIs to embed Power BI content within their application.

To learn more, see What is Power BI embedded analytics?.

Learn about the Embed for your customers method to build an app that uses non-interactive authentication against Power BI.

Service principals can use Fabric APIs

Web apps registered in Microsoft Entra ID use an assigned service principal to access Power BI APIs without a signed-in user. To allow an app to use service principal authentication, its service principal must be included in an allowed security group.

You can control who can access service principals by creating dedicated security groups and using these groups in any Power BI tenant level-settings.

To learn more, see Embed Power BI content with service principal and an application secret.

Allow service principals to create and use profiles

An app owner with many customers can use service principal profiles as part of a multitenancy solution to enable better customer data isolation and establish tighter security boundaries between customers.

To learn more, see Service principal profiles for multitenancy apps.

Block ResourceKey Authentication

For extra security, you can block the use of resource key-based authentication. The Block ResourceKey Authentication setting applies to streaming and PUSH datasets. If disabled, users will not be allowed send data to streaming and PUSH datasets using the API with a resource key.

This setting applies to the entire organization. You can't apply it only to a select security group.