Power BI Embedded Analytics: Enterprise Guide
Expert Insight from Errin O'Connor
29 years Microsoft consulting | 4x Microsoft Press bestselling author | Power BI Embedded implementations for Fortune 500 companies across healthcare, finance, and government
Quick Answer
Power BI Embedded enables organizations to embed interactive analytics directly into custom applications, portals, and SaaS products—without requiring end users to hold Power BI licenses. In 2026, Microsoft Fabric F-SKUs have replaced the legacy A-SKU and P-SKU models, with F64 being the minimum capacity that includes Power BI content viewing rights for unlimited users. Enterprise implementations require careful architecture decisions around embedding patterns (App Owns Data vs. User Owns Data), row-level security for multi-tenant data isolation, JavaScript SDK integration, capacity planning, and autoscaling. Based on 29 years of Microsoft consulting experience implementing embedded analytics for Fortune 500 companies, the most successful deployments combine service principal authentication, dynamic RLS with tenant-specific embed tokens, and proactive capacity monitoring—typically achieving sub-3-second report load times at scale.
Power BI Embedded Analytics: Enterprise Guide
Power BI Embedded lets ISVs and enterprises embed interactive dashboards and reports inside custom applications without requiring end users to hold Power BI licenses. This guide covers architecture, pricing, security, and implementation steps.
Last updated: May 2025 · Read time: 18 min
Key facts
- Power BI Embedded uses Azure capacity (A-SKUs) billed by the hour, not per user.
- Embed tokens authenticate report access for users who do not hold Power BI licenses.
- Row-level security in Embedded scenarios must be passed via embed token — not UPN.
- The "Embed for your customers" pattern is for ISVs. "Embed for your organization" uses AAD auth.
- Power BI Embedded costs range from $735/month (A1) to $23,000+/month (A8) for Azure capacity.
Overview and Context
29 years Microsoft consulting | 4x Microsoft Press bestselling author | Power BI Embedded implementations for Fortune 500 companies across healthcare, finance, and government
This guide covers everything an enterprise architect or technical decision-maker needs to know in 2026: the Fabric SKU consolidation, embedding patterns, the JavaScript SDK, multi-tenant row-level security, capacity planning, and real-world architecture patterns drawn from hundreds of production deployments.
- Best for: ISV SaaS products, customer-facing portals, third-party integrations, external analytics
- Authentication: Service principal with client secret or certificate—no user interaction required
- Licensing: Requires Fabric F-SKU (or legacy A-SKU) capacity. End users need zero Power BI licenses
Technical Architecture
Microsoft's licensing landscape has undergone significant consolidation. Power BI Premium P-SKUs were fully retired in late 2025, and customers on P-SKUs have been transitioned to Fabric capacity.
Power BI Embedded A-SKUs remain available—Microsoft reversed its original plan to force A-SKU retirement—but the strategic direction is clearly toward Fabric F-SKUs as the unified capacity model.
Here's the critical pricing detail that catches many enterprises off guard: only F64 and higher SKUs include Power BI content viewing rights without per-user licensing. If you deploy on F32 or below, every person viewing an embedded report must hold a Power BI Pro license ($10/user/month)—which defeats the purpose of embed-for-customers scenarios.
- Branding: Full white-label control—remove all Power BI branding, apply custom themes, control the toolbar
- Security: Row-level security enforced via effective identity in the embed token; your app controls all access
- Best for: Internal portals, employee dashboards, SharePoint embedding, Teams tabs
Implementation Steps
Row-level security (RLS) is the cornerstone of multi-tenant Power BI Embedded architecture. It ensures that each tenant—whether a customer, department, or partner organization—sees only their data, even though all tenants share the same reports and datasets.
Getting RLS wrong in a multi-tenant environment means a data breach. Getting it right means scalable, cost-efficient analytics.
For App Owns Data scenarios, your application passes an effective identity when generating the embed token. This identity includes the username (typically a tenant ID or customer identifier) and the RLS role to apply.
The Power BI dataset contains DAX filter expressions that reference the USERNAME() function, which resolves to the username from the effective identity.
- Authentication: Microsoft Entra ID interactive sign-in with OAuth 2.0 token flow
- Licensing: Each viewer needs a Power BI Pro license (or the capacity must be F64+ which includes viewing rights)
- Branding: Limited customization—Power BI UI elements remain visible
Enterprise Considerations
Microsoft reversed its original plan to retire A-SKUs by absorbing them into Fabric, so existing A-SKU deployments continue to function. However, the strategic direction is unmistakably toward Fabric as the unified analytics platform. Here's how to evaluate whether to migrate now or stay on A-SKUs.
The following architecture pattern is drawn from an EPC Group implementation for a healthcare SaaS platform serving 500+ hospital clients with embedded analytics. This pattern scales to thousands of tenants while maintaining HIPAA compliance, sub-3-second report rendering, and complete data isolation.
- Security: Standard Power BI RLS applies based on the signed-in user's identity
- Backend: Authenticate with service principal – Your server authenticates to Azure AD using a service principal with client credentials (secret or certificate). This returns an Azure AD access token.
- Backend: Generate embed token – Call the Power BI REST API GenerateToken endpoint, passing the report ID, dataset ID, and an effective identity (for RLS). This returns a short-lived embed token.
Frequently Asked Questions
What does EPC Group specialize in?
EPC Group specializes in enterprise Microsoft consulting — Power BI, Microsoft Fabric, Azure, SharePoint, and Copilot. We have completed 10,000+ enterprise engagements for Fortune 500 and regulated-industry clients.
How do I get started with EPC Group?
Call (888) 381-9725 or email contact@epcgroup.net. Every engagement starts with a 30-minute discovery call with the architect who will lead your project.
How much does EPC Group consulting cost?
Hourly rates run $150–$500 by specialization. Fixed-fee accelerators start at $25,000. See the pricing page for full ranges by service type.
Are you a Microsoft Solutions Partner?
Yes. EPC Group holds core Microsoft Solutions Partner designations including Data & AI, Modern Work, and Security.
Do you work with regulated industries?
Yes. Compliance is core to every EPC Group engagement. We architect for HIPAA, SOC 2, FedRAMP, CMMC, FERPA, and GDPR from day one.
Work with EPC Group
EPC Group has completed 1,500+ Power BI deployments for Fortune 500 and regulated-industry clients. Our architects wrote the book on Power BI — literally. Founder Errin O'Connor is a Microsoft MVP (Errin O'Connor, first awarded 2003) and original Power BI Beta Team member.
Frequently Asked Questions
What is the difference between Power BI Embedded and Power BI Premium?
Power BI Embedded (historically A-SKUs, now Fabric F-SKUs) is designed for ISVs and organizations embedding analytics into external-facing applications where end users do not need Power BI licenses. Power BI Premium (P-SKUs, now deprecated in favor of Fabric capacity) was designed for internal organizational use with per-capacity licensing. As of 2026, Microsoft has retired P-SKUs and consolidated on Fabric F-SKUs. F64 and above include Power BI content viewing rights without per-user licenses, while F32 and below require each viewer to hold a Power BI Pro license.
How much does Power BI Embedded cost in 2026 with Fabric F-SKUs?
Fabric F-SKU pricing starts at approximately $262/month for F2 (pay-as-you-go) and scales up through F4, F8, F16, F32, F64, F128, F256, F512, and F1024. Reserved instances offer roughly 40% savings over pay-as-you-go rates. Each CU costs approximately $0.18/hour, varying by Azure region. For embedding scenarios where you want to avoid per-user licensing, F64 ($8,403/month pay-as-you-go) is the minimum SKU that includes Power BI content viewing rights for unlimited users. EPC Group helps enterprises right-size their capacity to avoid overspending.
What is the difference between App Owns Data and User Owns Data embedding?
App Owns Data (embed for customers) means your application authenticates to Power BI via a service principal, and end users never sign into Power BI directly. This pattern is ideal for ISVs, customer portals, and external-facing applications where users may not have Microsoft accounts. User Owns Data (embed for your organization) requires each user to sign in with their Microsoft Entra ID credentials and hold a Power BI license. This pattern is suited for internal employee portals, intranets, and SharePoint-embedded scenarios. EPC Group recommends App Owns Data for multi-tenant SaaS products and User Owns Data for internal enterprise dashboards.
How do I implement row-level security for multi-tenant Power BI Embedded?
Multi-tenant row-level security (RLS) in Power BI Embedded uses dynamic RLS with DAX filters that compare a TenantID column against an effective identity passed via the JavaScript SDK embed token. The application generates embed tokens with EffectiveIdentity specifying the tenant context, and DAX filters like [TenantID] = USERNAME() restrict data to that tenant. For production, use service principal profiles (one per tenant workspace) for isolation at scale. EPC Group has implemented RLS for multi-tenant environments serving 5,000+ tenant organizations with complete data isolation verified by third-party security audits.
Can I use Copilot in Power BI Embedded reports?
As of early 2026, Microsoft Copilot support in Power BI Embedded is limited. Copilot is fully available in the Power BI service for reports hosted on Fabric F64+ capacity, and it works in SharePoint Online embedded scenarios. However, for App Owns Data (embed for customers) scenarios using the JavaScript SDK, Copilot is not yet supported. Microsoft has indicated this is on the roadmap. For organizations needing AI-powered natural language querying in embedded reports, EPC Group implements custom Q&A experiences using the Power BI REST API and Azure OpenAI as an interim solution.
What capacity should I choose for Power BI Embedded with 1,000 concurrent users?
For 1,000 concurrent users, EPC Group typically recommends starting with an F64 or F128 SKU, depending on report complexity, dataset sizes, and query patterns. Simple dashboards with cached data may work on F64, while complex reports with DirectQuery or large datasets require F128 or higher. Key factors include: number of visuals per page (aim for 8 or fewer), dataset size in memory, refresh frequency, and query complexity. We recommend running a proof-of-concept with the Power BI Capacity Load Assessment Tool, then implementing autoscaling to handle peak loads. Our capacity planning engagement typically saves enterprises 30-40% on Fabric spend.
Should I migrate from A-SKUs to Fabric F-SKUs for Power BI Embedded?
Microsoft reversed its original plan to force A-SKU retirement, so existing A-SKU deployments continue to function. However, EPC Group recommends planning a migration to Fabric F-SKUs for several reasons: Fabric capacity provides access to the full Fabric platform (Data Engineering, Data Science, Real-Time Analytics) beyond just Power BI Embedded, F-SKUs support new features like Direct Lake mode for dramatically faster query performance, and long-term Microsoft investment is focused on Fabric. A-SKUs map directly to F-SKUs in performance and cost (A1 equals F8, A2 equals F16, etc.), making migration straightforward. The critical consideration is that F32 and below require Power BI Pro licenses for viewers, which could increase costs for embed-for-customers scenarios.
How does EPC Group approach enterprise Power BI Embedded implementations?
EPC Group follows a proven four-phase methodology for Power BI Embedded: (1) Architecture Assessment (2 weeks) covering multi-tenant strategy, capacity planning, security design, and SDK integration patterns; (2) Core Implementation (4-8 weeks) including workspace provisioning, RLS configuration, embed token service development, and JavaScript SDK integration; (3) Performance Optimization (2-4 weeks) with load testing, autoscaling configuration, caching strategies, and DAX tuning; (4) Production Hardening (2 weeks) covering monitoring dashboards, alerting, disaster recovery, and documentation. With 29 years of Microsoft ecosystem expertise and implementations for 200+ Fortune 500 companies, we deliver production-ready embedded analytics that scale. Call (888) 381-9725 for a free assessment.
Ready to Embed Power BI in Your Application?
EPC Group has implemented Power BI Embedded analytics for Fortune 500 companies across healthcare, finance, and government—delivering sub-3-second render times, HIPAA-compliant multi-tenant security, and 30–40% capacity cost optimization.
Call (888) 381-9725 or schedule a free architecture assessment.
Schedule a Free ConsultationAbout Errin O'Connor
Founder & Chief AI Architect, EPC Group
Errin O'Connor is the founder and Chief AI Architect of EPC Group, bringing over 29 years of Microsoft ecosystem expertise. As a 4x Microsoft Press bestselling author (including “Power BI Dashboards Step by Step”) and recognized enterprise technology leader, Errin has architected Power BI Embedded solutions for Fortune 500 companies across healthcare, finance, and government sectors. His implementations achieve sub-3-second report rendering at scale with 100% compliance audit pass rates in regulated industries.
Learn more about ErrinRelated Resources
Continue exploring microsoft consulting insights and services