Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Register now to learn Fabric in free live sessions led by the best Microsoft experts. From Apr 16 to May 9, in English and Spanish.

Reply
joshuatoon
New Member

Azure PIM Breaks Scheduled Refresh

‎07-31-2017 03:53 AM

I'm using the O365 Adoption Content Pack as well as Azure PIM. The scheduled refresh of data fails if you aren't always in the global admin role. Using Azure PIM my account is removed from that role after a timeout period. 

Labels:
Message 1 of 5
1,399 Views
0
4 REPLIES 4
v-haibl-msft
Employee
Employee

‎08-01-2017 01:39 AM

@joshuatoon

 

To instantiate the O365 Adoption content pack, you have to be either a global administrator, Exchange administrator, Skype for Business administrator, or SharePoint administrator.

 

Using Azure PIM your account is removed from that role after a timeout period. This is as expected, right? If this is the case, I do not think it is an issue, and you should grant permanent permission to the account.

 

Best Regards,
Herbert

Message 2 of 5
1,386 Views
0
joshuatoon
New Member
In response to v-haibl-msft

‎08-01-2017 03:53 AM

Yes it removes you from a role after a time. That's the whole point. I elevate my permissions long enough to do something then I go back to being a normal user. 

 

 

For the schedudled refresh to work you would have to have a role assigned permanently. We don't want out administrators to have permissions on a permanent basis. In fact, Microsoft says that using Azure PIM is a best practice. If the adoption content pack doesn't work with Azure PIM, that's a problem. 

Message 3 of 5
1,378 Views
0
v-haibl-msft
Employee
Employee
In response to joshuatoon

‎08-08-2017 01:32 AM

@joshuatoon

 

This should be a limiation in such scenario. The O365 Adoption content pack needs admin permission, but Azure PIM will remove the permission after a timeout period. Then the refresh will be failed because of not enough permission.

Both products are working as expected in their way. If Power BI schedule refresh can trigger the role activation in Azure PIM, that would be perfect.

 

Best Regards,
Herbert

Message 4 of 5
1,358 Views
0
joshuatoon
New Member
In response to v-haibl-msft

‎08-08-2017 04:09 AM

Why does the content pack need to refresh as the user? Why can't it be registered as an application in the directory that has permissions directly assigned?  In that scenario, the user doesn't need admin permissions all the time, they only need to be able to consent to giving the application permission one time. That's how everything else works with the Graph API. 

 

Message 5 of 5
1,355 Views
0

Helpful resources

Announcements
Microsoft Fabric Learn Together

Microsoft Fabric Learn Together

Covering the world! 9:00-10:30 AM Sydney, 4:00-5:30 PM CET (Paris/Berlin), 7:00-8:30 PM Mexico City

PBI_APRIL_CAROUSEL1

Power BI Monthly Update - April 2024

Check out the April 2024 Power BI update to learn about new features.

April Fabric Community Update

Fabric Community Update - April 2024

Find out what's new and trending in the Fabric Community.

View All
Top Solution Authors
View All
Top Kudoed Authors
View All