Skip to main content
cancel
Showing results for 
Search instead for 
Did you mean: 

Earn the coveted Fabric Analytics Engineer certification. 100% off your exam for a limited time only!

Reply
pdbenbow
Resolver II
Resolver II

Issues with Active Directory/MFA in Power BI Service

Service version: 13.0.11032.204
Client version: 1910.1.020

 

In the last couple of days we've started seeing odd behavior in the Power BI Service that would seem to indicate issues communicating with our Active Directory tenant.

 

  • Can no longer access the Admin Portal... the "loading" message just spins forever.
  • Cannot add users to workspaces or apps... the service tells us the email addresses could not be validated.
  • Cannot configure row-level security... an error message pops up for a half-second, then vanishes and the user is taken back to the workspace. Chrome console shows a 400 error being returned when the service tries to execute a GET against this endpoint: https://wabi-us-east2-redirect.analysis.windows.net/metadata/model/{id}/rlsmembership/

Nothing has changed in our Active Directory tenant lately. We use Multi-Factor Auth. Could this be an issue with the service, or perhaps our MFA provider?

 

Any help would be appreciated. Until this gets remedied, the Power BI Service is all but useless for our team.

6 REPLIES 6
v-xuding-msft
Community Support
Community Support

Hi @pdbenbow ,

After researching, I think it is caused by using MFA authentication based on this idea. It seems that MFA is still not supported currently. Maybe you need to change another authentication to connect and check if it works fine.  And the thread may help you a little bit.

 

Best Regards,

Xue Ding

If this post helps, then please consider Accept it as the solution to help the other members find it more quickly. Kudos are nice too.

Best Regards,
Xue Ding
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

UPDATE: we disabled MFA for the Power BI Service temporarily to see if it would have any effect on the issue.  It did not.  Even with MFA turned off, we are still unable to validate any email addresses, configure RLS, or access the Admin Portal.

 

FURTHER UPDATE: It appears to be an ancillary service that is causing the issue.  Turning off MFA for Power BI Service accomplished nothing, but briefly turning off MFA for all of our cloud apps resolved it.  This would seem to indicate that there is a service that Power BI uses for communicating with Azure AD that ran afoul of our MFA policies.  However, I'll note again that this problem did not begin occurring until two days ago -- everything was working perfectly fine before then.

 

We're going to look into Azure Traffic Manager and Azure CDN to see if they could be what's blocking us.

Hi!

Did you ever find out what did this? We're experiencing the same issues in PowerBI Service.

- Admin Portal is spinning

- Can't manage gateways

- Can't check settings for datasets

- failed to load resource with server responding with status 400

 

This all worked fine untill some time after implementing MFA (a few months back).

Weird thing is that it works some times, but often not (and obviously never works when you really need it to..)

 

Would be great to hear if you found anything!

@Vegard1985 , I suggest talking to your cybersecurity colleagues and analyzing any conditional access policies your organization might have in place through your identity provider (which I assume is Azure AD). Without getting into the gory details, Microsoft does not play nicely with some of our policies. We were forced to tweak our security so that the Power BI application is now covered by not just one, but TWO conditional access policies. This means our Power BI users get two MFA prompts when they login, but it at least restores all application functionality.

@pdbenbow , Ok, it sure does baffle me how this can be such a pain to set up - but thanks, I'll check in with our guys on this. Just for anyone's information, MFA was disabled entirely for my user (all apps) earlier today and everything in PBI Service is working as it should now. 

@v-xuding-msft, thanks for your reply.  However, it does not make sense for MFA to be the cause of this issue.  Our organization has been using the Power BI Service since 2017, and we've had MFA enabled on all employee accounts since 2018, but this issue only started occurring this week.  Our MFA worked fine with the Power BI Service until two days ago.  I would appreciate a technical explanation from Microsoft that elaborates on why we suddenly can't access the Admin Portal, configure RLS, or do anything that involves Azure Active Directory.

 

Only once we have a better understanding of the underlying cause can I recommend changes for how we authenticate our users.

Helpful resources

Announcements
April AMA free

Microsoft Fabric AMA Livestream

Join us Tuesday, April 09, 9:00 – 10:00 AM PST for a live, expert-led Q&A session on all things Microsoft Fabric!

March Fabric Community Update

Fabric Community Update - March 2024

Find out what's new and trending in the Fabric Community.

Top Solution Authors