19 Embedding Reports & Dashboards

Taking Power BI Beyond the Service

The Power BI Service is an excellent platform for internal reporting, but many organizations need their data visualizations to appear somewhere other than app.powerbi.com. A software company may want to show analytics inside its own product. A consulting firm may want to deliver interactive dashboards through a branded client portal. A government agency may want to publish public data on its website. A business may want analytics embedded directly inside its customer-facing application.

Embedding is the capability that makes all of this possible. It allows Power BI reports and dashboards to be rendered inside external applications, websites, and portals, maintaining full interactivity, without the end user needing to navigate to the Power BI Service directly.

This chapter covers the embedding landscape: what embedding is, how it works conceptually, the specific approach for embedding in applications your customers use, how to generate embed codes and iframes, and how Publish to web handles fully public embedding.

flowchart TD
    A[Power BI Report <br> or Dashboard] --> B{Embedding Scenario}
    B --> C[Embed for <br> Your Organization <br> Internal users <br> Power BI accounts required]
    B --> D[Embed for <br> Your Customers <br> External users <br> No Power BI account needed]
    B --> E[Publish to Web <br> Fully public <br> No authentication]
    C --> F[Teams, SharePoint <br> Internal portals]
    D --> G[Customer-facing apps <br> ISV products <br> Client portals]
    E --> H[Public websites <br> Open data portals]
    classDef default fill:#2e4057,color:#ffffff,stroke:#ff9933,stroke-width:3px,rx:10px,ry:10px;

19.1 Embedding Overview

19.1.1 Embedding Overview

What Is Embedding?

Embedding means rendering a Power BI report or dashboard inside a host application, rather than inside the Power BI Service itself. From the end user’s perspective, the report appears as a native part of the application they are using. They may not even know that Power BI is powering the visuals behind the scenes. From the developer’s perspective, embedding involves placing a Power BI report inside an HTML iframe or using the Power BI JavaScript SDK to render it programmatically within the application’s interface.

The embedded report retains all its interactivity: slicers respond to clicks, visuals cross-filter, drill-down works, and tooltips appear on hover. The data is live, refreshing from the same source as the original report. The embedding container (the host application) wraps the report in its own navigation, branding, and user experience.

The Three Embedding Models

Power BI supports three distinct embedding models, each suited to a different audience and authentication approach.

Embed for your organization is designed for internal users who have Power BI accounts. The embedded report requires the viewer to sign in with their organizational Microsoft account. Access is controlled by the same workspace roles and sharing permissions as in the Power BI Service. This model is used for embedding reports in internal portals, intranets, and productivity tools like Teams and SharePoint.

Embed for your customers is designed for external users who do not have Power BI accounts. Authentication is handled by your application, and a service account or service principal generates the embed token on behalf of your users. Your customers see the Power BI report without ever signing in to Power BI or even knowing that Power BI is involved. This model requires a Power BI Embedded Azure resource or a Premium capacity.

Publish to web is the simplest and most open embedding model. It requires no authentication whatsoever. Anyone with the embed link or who visits the page where the report is embedded can view it. This model is appropriate only for fully public data.

[Insert screenshot showing the three embedding model options presented in the Power BI Service’s File or Export menu: Embed report submenu with options for SharePoint Online, Website or portal, and Publish to web, illustrating the entry points for each model]

Why Embed Rather Than Share a Link?

Sharing a link to a Power BI report is convenient but requires the recipient to have a Power BI account, navigate to an unfamiliar platform, and understand the Power BI Service interface. Embedding removes all of these barriers. The report lives inside the application or website the user already trusts and uses. There is no platform context switch, no sign-in friction for external users, and no requirement for recipients to have any familiarity with Power BI as a product. The data experience is seamlessly integrated into the surrounding application.

19.2 Embed for Your Customers

19.2.1 Embed for Your Customers

What “Embed for Your Customers” Means

Embed for your customers (sometimes called “app-owns-data” embedding) is the model used when you want to deliver Power BI analytics inside an application to people who are not members of your organization and do not have Power BI accounts. The authentication burden is carried entirely by your application, not by the end user. Your application authenticates with Power BI using a service principal or master user account, obtains an embed token, and passes that token to the Power BI JavaScript SDK, which renders the report in the user’s browser.

This model is the foundation of commercial analytics products: a SaaS platform that shows each customer a dashboard of their own usage data, a financial analytics tool that embeds portfolio visualizations for each client, or a logistics platform that shows shippers their delivery performance in an embedded report. The end users are your customers, and they experience Power BI as a seamless part of your product.

[Insert screenshot showing a hypothetical customer-facing web application interface with a Power BI report embedded inside it, the report displaying the customer’s own data with the application’s navigation and branding visible around it, illustrating how the report appears as part of the app rather than as a separate Power BI Service page]

The Technical Components of Customer Embedding

Embedding for your customers involves three main components working together:

Azure Active Directory App Registration: Your application must be registered in Azure Active Directory (Azure AD) as a service principal. This registration gives your application an identity that Power BI can authenticate and authorize to access content programmatically. The app registration produces an Application ID and a client secret that your application uses to obtain access tokens.

Power BI Capacity: Customer embedding requires either a Power BI Embedded Azure resource (an A-SKU capacity purchased through Azure) or a Power BI Premium workspace (a P-SKU purchased through Microsoft 365 licensing). Standard Power BI Pro licences are not sufficient for customer-facing embedding. The capacity provides the computational resources for rendering reports for your users.

Embed Token: For each user session, your application’s backend calls the Power BI REST API to generate an embed token. This short-lived token grants permission to render a specific report for the current session. The embed token is passed to the Power BI JavaScript client library in the browser, which uses it to render the report without requiring the end user to sign in to Power BI.

[Insert diagram or screenshot showing the embed flow: the end user’s browser on the left, the customer application server in the middle generating the embed token via the Power BI REST API, and the Power BI service on the right providing the report content, with arrows showing the token and content flow]

The Power BI JavaScript SDK

The Power BI JavaScript SDK (also called the powerbi-client library) is the front-end library that handles the actual rendering of the report in the browser. The application adds the SDK to its web page, creates a configuration object containing the embed token, the report URL, and optional settings (such as which page to show, whether the navigation pane is visible, and which filters to pre-apply), and calls the SDK’s embed function, which renders the report in a specified HTML container element.

Code

// Example: Basic embed configuration using the Power BI JavaScript SDK
var config = {
    type: 'report',
    id: '<report-id>',
    embedUrl: '<embed-url>',
    accessToken: '<embed-token>',
    tokenType: models.TokenType.Embed,
    settings: {
        navContentPaneEnabled: false,
        filterPaneEnabled: false
    }
};

var reportContainer = document.getElementById('reportContainer');
var report = powerbi.embed(reportContainer, config);

The SDK also exposes a JavaScript API for interacting with the report programmatically after it is rendered: setting filters, switching pages, listening for events (such as when a user clicks a data point), and extracting data from visuals.

[Insert screenshot of a browser developer tools view showing the powerbi-client JavaScript library loaded on a page, alongside the rendered Power BI report in the main browser window inside a web application container]

Row-Level Security in Customer Embedding

When embedding for customers, each user typically should see only their own data. A customer of a SaaS platform should see only their own account’s analytics, not another customer’s data. Row-Level Security (RLS) enforces this in the embedded context by passing the current user’s identity as part of the embed token request.

When generating the embed token via the Power BI REST API, your application includes the effective identity: a username and an RLS role name. Power BI uses this identity to apply the appropriate RLS filter when rendering the report, restricting the data to only what the specified user is permitted to see.

Code

// Embed token request including effective identity for RLS
{
  "accessLevel": "View",
  "identities": [
    {
      "username": "customer@clientcompany.com",
      "roles": ["CustomerRole"],
      "datasets": ["<dataset-id>"]
    }
  ]
}

This approach means a single embedded report and a single Power BI dataset can serve thousands of different customers, each seeing only their own data, without creating separate reports or datasets per customer.

[Insert screenshot of the Power BI REST API documentation page for the GenerateToken endpoint, showing the request body structure with the identities array containing username and roles fields]

Use a Service Principal, Not a Master User Account

When setting up customer embedding, use an Azure AD service principal (an app registration with a client secret or certificate) to authenticate with Power BI rather than a “master user account” (a dedicated Power BI Pro user account). Service principals are more secure because they do not depend on a human user’s credentials, do not expire when a password is changed, do not require a Power BI Pro licence, and can be given precisely scoped permissions through Azure AD. Master user accounts are simpler to set up but are not suitable for production embedding scenarios.

19.3 Publish to Web

19.3.1 Publish to Web

What Is Publish to Web?

Publish to web is Power BI’s simplest embedding feature. It generates a publicly accessible embed code for a report, allowing anyone on the internet to view it without signing in, without a Power BI account, and without any form of authentication. The report is rendered in a browser using an iframe, and the embed code can be placed on any public webpage.

This feature is designed for open data scenarios: government agencies publishing public statistics, news organizations illustrating stories with interactive charts, researchers sharing datasets with the academic community, or any organization making genuinely public information available in a visual, explorable format.

[Insert screenshot of the Publish to web dialog in the Power BI Service showing the public accessibility warning message at the top, the Create embed code button, and after generation, the iframe embed code and the direct link displayed in two separate text boxes]

How to Publish a Report to the Web

Open the report in the Power BI Service
Click File in the top toolbar and select Embed report → Publish to web (public)
Power BI displays a prominent warning explaining that the report will be visible to anyone on the internet, including all the data it contains. Read this warning carefully before proceeding
Click Create embed code to confirm and generate the public embed
Two outputs are provided:
- A link — a direct URL that opens the report in a standalone browser window. This can be shared in emails, social media posts, or documentation
- An iframe embed code — an HTML snippet that can be pasted into any webpage to render the report inline within the page content
Copy whichever output you need and click Close

[Insert screenshot showing the two-step process: first the warning dialog with the Create embed code button, then the results dialog showing the Link and the Embed code (iframe) in separate labelled text boxes with copy buttons next to each]

Managing Publish to Web Embed Codes

All embed codes generated by Publish to web can be managed from a central location in the Power BI Service. To view and manage your organization’s active public embed codes:

Go to the Settings gear icon in the top navigation bar of the Power BI Service
Select Manage embed codes
A list of all currently active Publish to web embed codes appears, showing the report name, the workspace it belongs to, the date it was created, and the status (active or paused)
From this list you can Delete an embed code to immediately revoke public access to that report’s public link
Power BI administrators can also manage all embed codes across the entire organization from the Admin portal

[Insert screenshot of the Manage embed codes page in the Power BI Service settings, showing a table of active embed codes with columns for Report name, Workspace, Created date, and Status, and a Delete option accessible from the row’s action menu]

19.4 Embed Codes and Iframes

19.4.1 Embed Codes and Iframes

Understanding the Iframe

An iframe (inline frame) is an HTML element that embeds another webpage or web content inside the current webpage. When Power BI generates an embed code, it produces an iframe HTML snippet that points to a Power BI-hosted URL. When a browser renders the webpage containing the iframe, it loads the Power BI report inside the iframe container as if it were a section of the host page.

The iframe embed code that Power BI generates looks like this:

Code

<iframe title="Report Title"
        width="800"
        height="600"
        src="https://app.powerbi.com/reportEmbed?reportId=<report-id>&autoAuth=true&ctid=<tenant-id>"
        frameborder="0"
        allowFullScreen="true">
</iframe>

The src attribute contains the report embed URL. The width and height attributes control the dimensions of the iframe container on the host page. The allowFullScreen attribute enables the full-screen button within the embedded report.

[Insert screenshot of a webpage’s HTML source code in a browser developer tools view, showing the Power BI iframe element highlighted within the page’s HTML structure, alongside the webpage itself with the rendered Power BI report visible inside the iframe container]

Customizing the Iframe Dimensions

The default dimensions generated by Power BI (typically 800×600 pixels) are a starting point. For a professional integration, adjust the width and height to match the space available in your host page layout.

For a fully responsive embed that fills its container width:

Code

<div style="position: relative; padding-bottom: 56.25%; height: 0; overflow: hidden;">
    <iframe style="position: absolute; top: 0; left: 0; width: 100%; height: 100%;"
            src="https://app.powerbi.com/reportEmbed?reportId=<report-id>&autoAuth=true&ctid=<tenant-id>"
            frameborder="0"
            allowFullScreen="true">
    </iframe>
</div>

This wrapper uses a padding-bottom trick (56.25% = 16:9 aspect ratio) to make the iframe scale proportionally with the page width, preventing the report from appearing in a fixed-size box that looks awkward on different screen sizes or device types.

[Insert screenshot showing the same Power BI report embedded on a webpage at two different browser window widths, demonstrating how the responsive iframe wrapper causes the report to scale proportionally rather than being cut off or leaving large empty margins]

URL Parameters for Embed Customization

The embed URL in the iframe src attribute supports several query string parameters that customize how the report appears when embedded:

Parameter	Effect	Example
`reportId`	Specifies which report to embed	`reportId=abc123`
`pageName`	Opens a specific report page by its internal name	`pageName=ReportSection1`
`filterPaneEnabled`	Shows or hides the Filters pane	`filterPaneEnabled=false`
`navContentPaneEnabled`	Shows or hides the page navigation pane	`navContentPaneEnabled=false`
`autoAuth`	Enables automatic authentication for internal embedding	`autoAuth=true`
`ctid`	Specifies the Azure AD tenant ID for authentication	`ctid=<tenant-id>`

Example: An embed URL that opens a specific page with both panes hidden, for a clean, full-report appearance without Power BI chrome:

Code

https://app.powerbi.com/reportEmbed
    ?reportId=<report-id>
    &pageName=ReportSectionSales
    &filterPaneEnabled=false
    &navContentPaneEnabled=false
    &autoAuth=true
    &ctid=<tenant-id>

[Insert screenshot showing a Power BI report embedded in an iframe on a webpage, first with both navigation and filter panes visible, then with both hidden using the URL parameters, illustrating how the parameters change the embedded report’s appearance]

Hide the Power BI Navigation for a Cleaner Embedded Experience

When embedding a report on a branded webpage or inside an application, hiding the Power BI navigation pane and filter pane using URL parameters (or the JavaScript SDK settings) produces a much cleaner result. The report visuals fill the available space without the surrounding Power BI chrome, and the host application’s own navigation and controls serve as the user interface wrapper. This gives the embedded report a more native, integrated appearance that matches the surrounding application’s design.

19.5 Choosing the Right Embedding Approach

19.5.1 Choosing the Right Embedding Approach

A Summary of Embedding Options

The table below summarizes the four main embedding approaches covered in this chapter and Chapter 17 (Teams and SharePoint), helping you identify which approach fits each scenario.

Scenario	Approach	Authentication	Licence Required
Internal users in Teams or SharePoint	Embed for organization (Teams tab, SharePoint web part)	Power BI account (Azure AD)	Power BI Pro or Premium
External customers in your application	Embed for customers (app-owns-data)	Your app handles it (service principal)	Power BI Embedded (Azure) or Premium
Public data on a website	Publish to web	None (fully public)	Power BI Pro (to publish)
Custom developer integration (any audience)	Power BI JavaScript SDK with embed token	Your app handles it	Power BI Embedded or Premium

Embedding Comes with Data Responsibility

Every embedding decision is a data exposure decision. When you embed a report using Publish to web, you are exposing all data in that report to the entire internet with no access controls whatsoever. When you embed for customers using service-principal authentication, the security of your application and the correctness of your RLS implementation are the only things preventing one customer from seeing another’s data. Embedding is a powerful capability and a significant responsibility. Always verify that the data exposed through an embedded report is appropriate for the audience that can reach it, and never use Publish to web for any report containing personal, financial, commercial, or otherwise sensitive information.

Summary

Concept	Description
Embed Scenarios
Embed Options	Choosing the right embedding strategy for each audience
Embed in Microsoft 365	Native embed in Teams and PowerPoint presentations
Embed in SharePoint	Embedded web parts that surface reports in SharePoint sites
Publish to Web	Anonymous public embed disabled in most enterprise tenants
Embed for Customers	Customer-facing apps that authenticate users via service principals
Embed for Organisation	Internal apps that authenticate users with their tenant identity
API and Security
API and Embed Tokens	REST APIs and embed tokens that govern programmatic access
Security Considerations	Avoid leaking row-level security via misconfigured tokens