Tracking User and Admin Activities in Power BI Using the Activity Log
Tracking user and admin activities in Power BI is essential for security, compliance, and governance in enterprise environments. The Power BI activity log captures every significant action, from report views and data exports to workspace permission changes and dataset refresh operations. For organizations subject to HIPAA, SOC 2, FedRAMP, or GDPR requirements, this audit trail is not optional. EPC Group has implemented comprehensive Power BI activity monitoring solutions for healthcare systems, financial institutions, and government agencies.
What the Power BI Activity Log Captures
The activity log records a wide range of user and admin operations across the Power BI Service. Understanding what is captured helps you design effective monitoring and alerting strategies.
- Report activities: ViewReport, ExportReport, PrintReport, ShareReport, CreateReport, DeleteReport
- Dashboard activities: ViewDashboard, CreateDashboard, DeleteDashboard, ShareDashboard
- Dataset activities: RefreshDataset, CreateDataset, DeleteDataset, TakeOverDataset, SetScheduledRefresh
- Workspace activities: CreateWorkspace, UpdateWorkspace, DeleteWorkspace, AddWorkspaceUser, RemoveWorkspaceUser
- Admin activities: UpdateTenantSetting, AddDataGateway, UpdateCapacity, CreateApp, UpdateApp
- Data export activities: ExportTile, ExportDataflow, ExportVisualData, AnalyzeInExcel
- Sharing and permissions: ShareReport, UpdateRoleMembers, CreateOrgApp, GenerateEmbedToken
Accessing Activity Logs via PowerShell
The most flexible way to extract Power BI activity logs is through the Power BI Management PowerShell module. This approach supports automation and integration with your SIEM or compliance platform.
- Install the module:
Install-Module -Name MicrosoftPowerBIMgmt - Authenticate:
Connect-PowerBIServiceAccount(use service principal for automated scripts) - Retrieve logs:
Get-PowerBIActivityEvent -StartDateTime '2025-12-01T00:00:00' -EndDateTime '2025-12-01T23:59:59' - The API returns JSON with user identity, activity type, timestamp, workspace, dataset, and report details
- Activity logs are available for the last 30 days; schedule daily extractions to preserve long-term history
- Store extracted logs in Azure SQL Database, Azure Data Explorer, or a data lake for historical analysis
Accessing Activity Logs via REST API
For programmatic access from custom applications, the Power BI REST API provides activity event endpoints that return the same data as the PowerShell cmdlets.
- Endpoint:
GET https://api.powerbi.com/v1.0/myorg/admin/activityevents - Authenticate using Azure AD service principal with the Power BI Service admin role
- Pagination: The API returns a continuation token for large result sets; iterate until no token is returned
- Filter by date range (required) and optionally by activity type or user ID
- Build automated data pipelines using Azure Functions, Azure Data Factory, or Power Automate
Using the Microsoft 365 Unified Audit Log
Power BI activity events are also available in the Microsoft 365 Unified Audit Log, which provides a centralized view of activity across all Microsoft 365 services.
- Access via the Microsoft Purview compliance portal > Audit
- Search for Power BI activities using the "Power BI activities" category filter
- Correlate Power BI activities with Exchange, SharePoint, and Teams activities for the same users
- Unified audit logs retain data for 90 days (E3) or 365 days (E5) by default
- Export to Azure Sentinel or a third-party SIEM for advanced threat detection and correlation
Building a Power BI Usage Analytics Dashboard
The most effective way to operationalize activity log data is to build a Power BI dashboard that monitors Power BI usage. Yes, Power BI monitoring Power BI.
- Create a data pipeline that extracts daily activity logs and loads them into a SQL database or data lake
- Build a data model with dimensions for users, workspaces, reports, datasets, and activity types
- Design dashboard pages: usage overview, top users, most-viewed reports, export activity, permission changes
- Add anomaly detection measures that flag unusual patterns (e.g., bulk exports, off-hours access, new admin actions)
- Include a security alerts page that highlights potential data exfiltration or unauthorized access patterns
- Schedule the dashboard to refresh daily and configure email subscriptions for security team stakeholders
Compliance and Governance Use Cases
Activity log monitoring serves specific compliance requirements in regulated industries.
- HIPAA: Track who accessed reports containing PHI and when data was exported or shared
- SOC 2: Document access controls, demonstrate least-privilege enforcement, and produce audit evidence
- GDPR: Monitor data subject access requests and verify that personal data is not exported without authorization
- FedRAMP: Maintain continuous monitoring logs and respond to security incidents with full audit trails
- Internal governance: Identify inactive workspaces, orphaned datasets, and unused licenses for cost optimization
Why EPC Group for Power BI Governance and Compliance
EPC Group specializes in building Power BI governance frameworks for compliance-heavy organizations. Our team has implemented activity monitoring, automated alerting, and compliance reporting solutions for healthcare systems, financial institutions, and federal agencies.
- Automated activity log extraction and long-term retention pipelines
- Power BI usage analytics dashboard design and deployment
- SIEM integration (Azure Sentinel, Splunk, QRadar) for security event correlation
- Compliance reporting templates for HIPAA, SOC 2, GDPR, and FedRAMP audits
- Anomaly detection and automated security alerting via Power Automate
Need Help with Power BI Activity Monitoring?
Contact EPC Group to implement a comprehensive Power BI governance and activity monitoring solution.
Frequently Asked Questions
How far back can I retrieve Power BI activity logs?
The Power BI Activity Events API retains data for 30 days. The Microsoft 365 Unified Audit Log retains data for 90 days (E3) or 365 days (E5). For long-term retention, you must extract logs daily and store them in your own database or data lake. EPC Group sets up automated daily extraction pipelines that preserve activity logs indefinitely for compliance requirements.
Do I need to be a Power BI admin to access activity logs?
Yes. The Get-PowerBIActivityEvent cmdlet and the admin API endpoints require Power BI Service Administrator, Global Administrator, or Fabric Administrator role. For automated pipelines, use an Azure AD service principal with the Power BI Service admin role assigned. This ensures the pipeline runs without requiring a user account.
Can activity logs detect unauthorized data exports?
Yes. Activity log events like ExportReport, ExportTile, ExportVisualData, and AnalyzeInExcel capture every data export action with the user identity, timestamp, and the specific report or dataset involved. EPC Group builds automated alerting rules that flag exports of sensitive datasets, exports during non-business hours, and bulk export patterns that may indicate data exfiltration.
How do I integrate Power BI activity logs with Azure Sentinel?
Power BI activity events flow to the Microsoft 365 Unified Audit Log, which has a native connector in Azure Sentinel. Enable the Office 365 data connector in Sentinel, select the Power BI activity type, and activity events will appear in the OfficeActivity table. You can then create Sentinel analytics rules, workbooks, and automated playbooks for Power BI security monitoring.
What is the difference between activity logs and usage metrics?
Usage metrics (available per-report in Power BI Service) provide aggregated view counts and user counts for individual reports. Activity logs provide granular, event-level data for every action across the entire tenant. For compliance and security, activity logs are essential. For understanding report adoption and popularity, usage metrics provide a simpler, report-level view. EPC Group typically implements both for comprehensive governance.