Is it possible to restrict the access to a user from opening a report on the server and clicking "Edit in Power BI Desktop" or removing the download option from the ellipsis menu?
I looked at the security settings at the report level and at the site level but nothing popped out at me. We have a handful of users that are set to read only access but I would hate for one of them to download and open a local copy of a report, manipulate the data and have someone run off with it claiming the data is skewed.
You can restrict this with permissions... Select manage on the folder/report, select Security, then alter the permissions. The "Content Manager", "My Reports" and "Publisher" roles all give the ability to download the PBIX. If the user/group only has the "Browser" role, then they cannot download the PBIX.