Home · Accelerators · Power BI Governance Pack
Governance accelerator
Power BI Governance Pack
The opinions you wish your previous BI program had started with. Tenant settings baseline, workspace taxonomy, deployment pipelines, custom Best Practice Analyzer ruleset, and a usage-monitoring semantic model — all packaged and ready to deploy.
Power BI estates die of two things: tenant settings nobody reviewed, and workspaces nobody owns. This pack fixes both. The settings baseline is the policy you wish you'd written before users started oversharing. The taxonomy is the structure you wish workspaces had before there were 200 of them.
Who this is for
- Power BI / Fabric tenant admins inheriting an estate they didn't build.
- Center-of-Excellence teams trying to roll out governance without slowing down builders.
- Consultancies who need a defensible governance baseline to give clients on Day 1.
- Anyone who has ever opened the Power BI Admin portal and thought "wait, who turned that on?"
What's in the box
| File | Type | What it does |
|---|---|---|
tenant/baseline_settings.json | JSON | Documented, opinionated values for ~120 tenant settings. The defensible defaults. |
tenant/audit_tenant.ps1 | PS | PowerShell + Fabric REST: compares your live tenant against the baseline; outputs a delta report. |
taxonomy/workspace_naming.md | MD | The naming convention: {domain}-{tier}-{purpose}. Includes worked examples. |
taxonomy/workspace_contract.md | MD | The Workspace Contract template every workspace owner fills in. SLA, owner, classification, retention. |
pipelines/dev-test-prod.json | JSON | Deployment pipeline definition. Parameterized for source/target workspaces. |
pipelines/promote.ps1 | PS | One-click promotion script with safety checks (BPA pass, RLS test, dependency review). |
bpa/custom_rules.json | JSON | 50+ custom Best Practice Analyzer rules: implicit measures off, no hidden surrogate keys, RLS-tested, calc columns flagged. |
bpa/run_in_ci.yml | YAML | GitHub Actions workflow that fails the build on any custom-rule violation. |
monitoring/usage_model.bim | TMDL | Usage-monitoring semantic model: who's using which reports, refresh failures, slow models. |
monitoring/usage_report.pbix | PBIX | Live dashboard: top reports, abandoned content, top contributors, capacity hot spots. |
capacity/metrics_extended.pbix | PBIX | Extension of Microsoft's Capacity Metrics report with chargeback by domain and historical trend. |
docs/ROLLOUT_PLAYBOOK.md | MD | 4-week rollout plan: communications, training, audit, enforcement. |
The opinions baked in
"Best practices" is too vague. The pack ships specific, defensible choices:
- Default share scope. "Specific people," not "everyone in your organization." Yes, this annoys some users. It also prevents incidents.
- Export to file controls. Disabled for sensitive workspaces; allowed for "operational" workspaces with audit logging.
- Tenant-wide Copilot. Opt-in by workspace, not enabled by default for everyone.
- Workspace ownership. Every workspace has a named human owner, not a group inbox.
- Direct Lake as the default storage mode. Import requires a documented exception.
- BPA in CI, not just in dev. If it doesn't pass BPA, it doesn't reach production.
Every opinion is editable. The point is to start from a defensible position, not from blank defaults.
Pricing
Frequently asked questions
How disruptive is the rollout?
The pack ships a 4-week rollout playbook that minimizes user disruption. Week 1: audit. Week 2: communicate. Week 3: tighten settings. Week 4: enforce in CI. You can compress or stretch this.
Will this break existing reports?
The settings changes are at the tenant level — they don't modify reports. The BPA ruleset flags issues but doesn't auto-fix. You stay in control of remediation.
Can I customize the BPA rules?
Yes — they're a JSON file. Add, remove, or modify. We provide our defaults; you adapt.
How does the chargeback model work?
The extended Capacity Metrics report aggregates CU usage by workspace, then maps workspaces to domains via a config table. Output is a monthly $ chargeback per domain.
Refund policy?
Full refund within 14 days.
Govern the estate without becoming the bottleneck
This pack is the policy + tooling that lets you say yes more often, with confidence.