5Dec
Publish, import, or update assets in a workspace – Deploy and maintain assets

Publish, import, or update assets in a workspace

You can publish a report to the Power BI service from Power BI Desktop by selecting Publish on the Home ribbon. To publish a report from Power BI Desktop, you must be signed in. By default, your report will be published to your personal workspace, unless you already published to another workspace in the same session. If you are a contributor in other workspaces, you can select a workspace to publish to.

If the workspace you are publishing to already contains a dataset with the same name, you will be asked if you want to replace it, and you’ll see how many workspace items it affects, as shown in Figure 4-15. This feature can be particularly useful when you’re updating a dataset that has other reports built from it.

FIGURE 4-15 Dataset impact.

An alternative to publishing from Power BI Desktop is to publish from the Power BI service by going to a workspace and selecting New > Upload a file. You’ll be given a choice to publish a local file, a file from OneDrive, or a file from SharePoint, as shown in Figure 4-16.

FIGURE 4-16 Creating new content from files.

Selecting Local File will prompt you to select a file from your computer to publish, whereas OneDrive and SharePoint options allow you to publish from the cloud. Publishing from OneDrive can be beneficial because you can edit a report locally in Power BI Desktop in a folder that’s synced to OneDrive, and it will be published automatically upon saving and closing the file because Power BI can sync published files from OneDrive.

Apply sensitivity labels to workspace content

Within an organization, different data may have different security levels. For example, some data must not leave a specific department, and other data may be shared publicly. To help users understand the sensitivity level of workspace content, you can apply sensitivity labels.

Note Enabling Sensitivity Labels

For users to be able to apply sensitivity labels, they must be enabled in Power BI admin portal tenant settings, typically by the central IT department in the organization. The admin portal is out of the scope of the exam. For more information, see “Enable sensitivity labels in Power BI” at https://docs.microsoft.com/en-us/power-bi/admin/service-security-enable-data-sensitivity-labels.

When information protection is enabled in your Power BI tenant, you can set a sensitivity label for a workspace item in the following way:

Go to the settings of a workspace item.

Select a sensitivity label from the dropdown list under Sensitivity label.

Optionally, check Apply this label to the dataset’s downstream content or similar.

Select Apply or Save.

After you set a sensitivity label, it will be displayed when anyone views the item, as well as in the list of workspace contents, as shown in Figure 4-17.

FIGURE 4-17 Sensitivity labels.

Note how two reports have sensitivity labels shown in the Sensitivity column. If you hover over a sensitivity label, you’ll see its description.
5Nov
Configure row-level security group membership – Deploy and maintain assets

Configure row-level security group membership

Configuring row-level security (RLS) is a two-step process. In Skill 2.2: Develop a data model, we reviewed the first step—implementing RLS roles in Power BI Desktop. In this section, we review the steps needed to complete the RLS setup for a dataset; we assign and test roles in the Power BI service.

Assigning roles in the Power BI service

Once you’ve configured row-level security roles in Power BI Desktop, you need to publish your report to the Power BI service and add members to each role. To do so, go to the dataset security settings by hovering over a dataset in the list of workspace items and selecting More options > Security. If you don’t have any roles defined in the dataset, you’ll see the message in Figure 4-2.

FIGURE 4-2 The RLS has moved to Power BI Desktop message.

If you’ve created RLS roles defined in the dataset, you’ll see a page like the one shown in Figure 4-3.

FIGURE 4-3 Row-level security role membership.

On the left side of the Row-Level Security page, you can see a list of all roles in the dataset. The numbers in brackets show how many members each role has. On the right, you can view, add, and remove members for a selected role.

To add a member to a role, first select a role on the left, and then enter email addresses or security groups in the People or groups who belong to this role field. After you enter new members, select Add > Save. The changes will be applied immediately.

To remove a member from a role, select the cross next to the member and then select Save.

When you use row-level security in Power BI, you can use an email address for each user. Although this solution works, it can be hard to maintain. For example, consider that you have several datasets that use RLS based on the same rules and it’s viewed mostly by the same users. If a new user joins your company and you need to give them access to those datasets, you will have to update the row-level security settings for each dataset.

In cases like this, you can assign security groups as members of row-level security roles. When a new user joins the company, you will have to add them to the security group only once. The same principles apply to sharing content in Power BI, which we cover later in this chapter.

Need More Review? Creating Security Groups

Instructions on how to create security groups are outside the scope of this book. For more details, see “Create a group in the Microsoft 365 admin center” at https://docs.microsoft.com/en-us/microsoft-365/admin/create-groups/create-groups.
5Oct
Configure subscriptions and data alerts – Deploy and maintain assets

Configure subscriptions and data alerts

In the Power BI service, you can subscribe yourself and others to individual report pages, dashboards, and paginated reports, which will make Power BI send snapshots of content to your email. When subscribing, you can select the frequency and specific times when you want to receive subscription emails.

Subscribing to content

The process of subscribing to a dashboard, report page, or a paginated report is similar:

Navigate to the content item of interest and select Subscribe.

In the Subscribe to emails menu, select Add new subscription.

Enter the subscription name, addressees, email subject, frequency, time, start and end dates, and other options as needed.

Select Save and close.

You can create several subscriptions to the same content item. Figure 4-18 shows options available when subscribing to a dashboard as an example.

FIGURE 4-18 Subscription options.

When creating a subscription, you can select Run now to receive an email immediately. To disable a subscription without deleting it, switch the toggle next to Run now to Off. To delete a subscription, select Delete in the upper-right corner of the subscription settings. The Manage all subscriptions link takes you to a list of all subscriptions you created in the current workspace. Viewing all subscriptions you created is covered in the next section.

Need More Review? Subscriptions In the Power BI Service

For more details on subscriptions, including considerations and limitations, see “Email subscriptions for Power BI reports and dashboards” at https://docs.microsoft.com/en-us/power-bi/consumer/end-user-subscribe.

Managing your subscriptions

In addition to viewing workspace-specific subscriptions, you can see all subscriptions you created in the following way:

Go to My workspace.

Select Settings in the upper-right corner.

Select Settings > Settings > Subscriptions.

Figure 4-19 shows a sample list of subscriptions to manage.

FIGURE 4-19 List of subscriptions.

While the page says My workspace, it shows subscriptions created across all workspaces. To edit subscriptions, select Edit under Actions. The Overview column shows how many subscriptions to a content item you have.
5Aug
Promote or certify Power BI content – Deploy and maintain assets

Promote or certify Power BI content

When you create Power BI content and share it, you can increase its visibility for other users by endorsing it. For example, other users can search for an endorsed dataset and build reports from it. When many datasets are available in the organization, it’s useful to know how reliable each dataset is—some may be created for test purposes only, whereas others may be considered a single source of truth in the company. By default, all datasets look the same when you search for datasets, be it from Power BI Desktop or the Power BI service. In this case, it may be a good idea to endorse datasets—let the reports creators know which datasets are high quality and reliable.

You can endorse datasets, dataflows, reports, and apps. There are two ways to endorse Power BI content:

  • Promote Promoted content has a badge that signifies that the content is ready to be used by others. Any contributing member of the workspace where the content resides can promote it. Content promotion facilitates the content being reused across the organization.
  • Certify Content can be certified to show that it’s recommended for use, meaning it is highly reliable and curated. Only people selected by the Power BI tenant admins can certify Power BI content.

Note Endorsing Different Types of Power BI Content

The process of endorsing all content types is the same. For ilustration purposes, next we review how to endorse a dataset.

A dataset can be promoted or certified in the Endorsement and discovery section of the dataset settings in Power BI service, as shown in Figure 4-20.

FIGURE 4-20 Endorsement.

Once you select Promoted or Certified, select Apply to save the changes.

Note Dataset Description

To help users understand what they can use a dataset for, you can add a description in the Endorsement section as well.

If the Certified option is inactive, it means you cannot certify datasets yourself. In this case, you should request dataset certification from those who were selected by your Power BI tenant admins to certify datasets. Those who can certify datasets may not always be members of the workspace that contains the dataset. If that’s the case, the person who can certify a dataset will need to become a contributing member of the workspace.

You can see the Certified and Promoted badges in Figure 4-21.

FIGURE 4-21 Promoted and Certified badges.
5Jun
Plan a Windows 10 deployment – Deploy and upgrade operating systems

Skill 1.1: Plan a Windows 10 deployment

Windows 10 offers organizations new and exciting methods for deploying the operating system to users. However, traditional on-premises image creation-based deployment methods continue to be supported and are widely used. You can expect that the adoption of the new dynamic deployment methods will gain traction in the modern workplace and will be featured in the MD-101 exam. You must understand when these methods should be implemented over more traditional methods.

This skill covers how to:

Assess infrastructure readiness

Embarking on any new project should be carefully planned so that the delivery can be given every chance of success. This is especially applicable when deploying Windows 10 within an enterprise environment.

There are several tools and services available to help you evaluate, learn, and implement Windows 10. By following best practices and avoiding making deployment mistakes, you can ensure that your users are productive and that the project is delivered on schedule.

Windows 10 is released using a continuous delivery model known as Windows as a Service, with a new version of Windows 10 available every six months. Therefore, the skills you learn in deploying Windows 10 to your users will be reused again, and often.

It is recommended that you choose a group of users and deploy Windows 10 into focused pilot projects. This enables you to test each version of Windows 10 within your organization before rolling out the operating system to larger cohorts of users.

Plan pilot deployments

Each organization is different, and therefore, you must determine which deployment method (or methods) you will use. For example, you may choose to deploy new devices to your remote salesforce using Windows Autopilot and perform an in-place upgrade of your head office computers using the in-place upgrade method, perhaps.

To make effective decisions relating to the deployment method, you should perform testing in a non-production environment, and if you are successful, you should proceed to roll out Windows 10 to a small group of users.

By breaking down your Windows 10 deployment project into multiple stages, you can identify any possible issues and determine solutions where available. This will involve documenting and obtaining feedback from stakeholders at each stage. The first stage of deploying the operating system will be with a pilot deployment.

As part of the pilot, it’s important to determine the following:

  • Production hardware, including PCs, laptops, and tablets, meets the minimum hardware requirements for Windows 10.
  • Peripherals, such as printers, scanners, projectors, and other devices, are compatible with Windows 10.
  • All required device drivers are available.
  • All apps required following the deployment will work on Windows 10.
  • Any existing third-party disk encryption will work with Windows 10 (alternatively replaced with BitLocker Drive Encryption).
  • Your IT support staff has the necessary skills to support Windows 10.

The pilot is essential because it can be useful to ensure compatibility with existing hardware, apps, and infrastructure, and it provides you with an insight to the gains and potential pitfalls that you are likely to encounter during the later stages of the roll-out program. By reviewing and implementing feedback gained during the pilot phase, you can seek to minimize the future impact of any problems encountered.

If you find that your existing IT support staff doesn’t have the necessary skills to support Windows 10, you may use the pilot deployment phase to identify any training needs; doing so gives you time to implement the recommendations before a larger roll-out. You should also consider your non-technical users, who may require information relating to the new operating system so that their day-to-day productivity is not affected by the adoption of the new operating system.

You can also use the pilot to help to determine user readiness for Windows 10 and to identify any training needs—for both users and IT support staff.
5Apr
Identify hardware requirements for Windows 10 – Deploy and upgrade operating systems
Identify hardware requirements for Windows 10

As part of your planning considerations, you should review the system requirements for installing Windows 10. Windows 10 can run adequately on hardware of a similar specification that supports Windows 8.1. Consequently, most of the computers in use within organizations today are Windows 10–capable. However, to get the best from Windows 10, you might consider installing the operating system on the computers and devices that exceed the minimum specifications described in Table 1-1. A good working specification is an Intel i5 processor or equivalent, 8 GB of memory, and an SSD of sufficient capacity for your users’ needs.

TABLE 1-1 Minimum hardware requirements for Windows 10

ComponentRequirement
ProcessorA 1 GHz or faster processor or System on a Chip (SoC).
Memory1 GB RAM on 32-bit versions and 2 GB for 64-bit versions.
Hard disk space16 GB for 32-bit versions and 32 GB for 64-bit versions.
Graphics cardDirectX 9 or later with a Windows Display Driver Model (WDDM) 1.0 driver.
Display resolution800×600 pixels.
Internet connectionInternet connectivity is required to perform updates and to take advantage of some features.

Note Evaluate Windows 10 Enterprise

You can access a 90-day evaluation of Windows 10 Enterprise through the Microsoft Evaluation Center. The evaluation is available in the latest released version, in 64-bit and 32-bit versions, and in multiple languages. The Evaluation Center and Windows 10 Enterprise can be downloaded from https://www.microsoft.com/evalcenter/evaluate-windows-10-enterprise.

Determine hardware compatibility for Windows 10

After you’ve verified that any new or existing computers on which you intend to install Windows 10 meet the minimum hardware requirements, you must verify that the operating system also supports any existing hardware devices and peripherals.

If you are purchasing new computers preinstalled with Windows 10, take no further action. But if you’re using existing computers, or you want to attach existing hardware peripherals to your new computers, you must verify compatibility of these older computers and peripherals.

If you have only one or two computers and a few peripheral devices to check, the easiest—and probably quickest—solution is to visit the hardware vendor’s website and check for compatibility of these devices and peripherals. You can then download any required drivers for the version of Windows 10 (32-bit or 64-bit) that you may need to install.
5Mar
Verify Hardware Compatibility for Multiple Devices – Deploy and upgrade operating systems
Verify Hardware Compatibility for Multiple Devices

When you have many computers to install or upgrade to Windows 10, it is not feasible to visit each computer and verify device and peripheral compatibility. In this situation, consider using a tool to help determine compatibility.

If you have a traditional on-premises infrastructure, you can use the Microsoft Assessment and Planning Toolkit (MAP) to assess the computer devices attached to your network. You can use MAP to:

  • Determine feasibility to upgrade scanned devices to Windows 10
  • Determine your organization’s readiness to move to Microsoft Azure, Office 365, or Azure AD
  • Plan for virtualizing workloads to Hyper-V

Note Download Microsoft Assessment and Planning Toolkit

You can download the Microsoft Assessment and Planning Toolkit from the Microsoft website at https://www.microsoft.com/download/confirmation.aspx?id=7826.

Implement Desktop Analytics

Desktop Analytics is a cloud-based service that integrates Configuration Manager with Intune. By using Desktop Analytics, you can:

  • Create inventory
  • Evaluate app compatibility
  • Create pilot groups for deployment
  • Deploy Windows 10

Consider using Desktop Analytics as part of your overall assessment strategy. But first, you must verify that you meet the requirements for Desktop Analytics. To enable and configure Desktop Analytics, you’ll need:

  • An Azure subscription
  • Global admin permissions
  • Configuration Manager version 1902 or later
  • Full administrator role in Configuration Manager
  • Devices running Windows 7 or later
  • Windows Diagnostics data
  • Internet connectivity
  • Licensing considerations:
    • Devices enrolled in Desktop Analytics must have a valid Configuration Manager license.
    • Users of devices require licenses for one of the following: Windows 10 Enterprise E3 or E5, Windows 10 Education A3 or A5, or Windows Virtual Desktop Access E3 or E5.

After ensuring you have all you need to deploy Desktop Analytics, use the following high-level steps to set it up:

  1. Run the on-boarding wizard.
  2. Grant user access.
  3. Set up your workspace.
  4. Confirm the settings.
  5. Connect Configuration Manager.
  6. Enroll devices in Desktop Analytics.

Need More Review? How to Set up Desktop Analytics

To review further details about enabling Desktop Analytics, refer to the Microsoft website at https://docs.microsoft.com/mem/configmgr/desktop-analytics/set-up.

After you’ve set up Desktop Analytics and enrolled your devices in the service, you’re ready to create a deployment plan. A deployment plan enables you to:

  • Determine which devices you should include in pilot deployments
  • Identify compatibility issues
  • Suggest mitigations for detected issues
  • Track your deployment progress

When you create your deployment plan, you must:

  • Specify the Windows 10 versions you want to deploy
  • Specify to which groups of devices you want to deploy Windows 10
  • Define readiness rules
  • Define app importance

Based on Desktop Analytics recommendations, you must:

  • Select pilot devices
  • Determine how to fix issues with apps

Need More Review? How to Create Deployment Plans in Desktop Analytics

To review further details about deployment plans in Desktop Analytics, refer to the Microsoft website at https://docs.microsoft.com/mem/configmgr/desktop-analytics/create-deployment-plans.
5Jan
Evaluate and select an appropriate deployment option – Deploy and upgrade operating systems

Evaluate and select an appropriate deployment option

Dynamic provisioning of Windows 10 using modern tools including mobile device management solutions offers organizations new deployment choices. Many of these options were not available when deploying previous versions of Windows using traditional deployment methods. Table 1-2 provides a summary comparison between modern dynamic provisioning and traditional deployment methods, which can also incorporate image creation.

TABLE 1-2 Provisioning methods

Dynamic provisioning methodsTraditional deployment methods
Enrollment into Azure Active Directory and Mobile Device Management (such as Microsoft Intune)On-premises deployment tools using Windows ADK, Windows Deployment Services, Microsoft Deployment Toolkit, or Configuration Manager
Provisioning packages using Windows Configuration DesignerBare-metal install
Subscription ActivationIn-place upgrade
Windows AutopilotWipe-and-load upgrade

The deployment choices available to an organization may be skewed by the existing investment it has made in traditional deployment methods and infrastructure. This may include reliance upon on-premises tools and procedures, such as using Microsoft Deployment Toolkit (MDT) and Endpoint Configuration Manager for Windows 7 and newer versions. These tools continue to be supported and can be used to support on-premises deployment methods, such as bare-metal, refresh, and replace scenarios. You should understand the modern alternatives to the traditional on-premises methods.

Deploying Windows 10 using modern cloud-based deployment and dynamic provisioning methods includes using subscription activation, Windows Autopilot, and Azure Active Directory (Azure AD) join. Ongoing management of Windows 10 is then undertaken using Mobile Device Management (MDM), such as Microsoft Intune.

Dynamic provisioning

You should see a theme throughout this book, which is to recommend an alternative method of provisioning client devices to the traditional approach, which would typically include the following stages:

  • Purchase or re-provision a device.
  • Wipe the device.
  • Replace the preinstalled operating system with a customized image.
  • Join an on-premises Active Directory.
  • Apply Group Policy settings.
  • Manage apps using Configuration Manager or MDT.

With a cloud-based deployment approach, the stages are simplified to the following:

  • Purchase or re-provision a device.
  • Apply a transformation to the preinstalled operating system.
  • Join Azure AD and enroll in MDM.
  • Use MDM to configure the device, enforce compliance with corporate policies, and to add, remove, and configure apps.

There is a significant difference between the two approaches. Dynamic provisioning seeks to avoid the need for on-premises infrastructure and resource intensive reimaging procedures.

Because Windows 10 is updated twice a year to a newer version—with each new version supported for a maximum of 18 months (30 months for Enterprise and Education editions)—maintaining customized deployment images can become a costly process and burdensome for the IT department.

The types of transformations that are currently available using dynamic provisioning include the following:

  • Provisioning packages A provisioning package is created using the Windows Configuration Designer and can be used to send one or more configurations to apps and settings on a device.
  • Subscription Activation Windows 10 Subscription Activation allows you to automatically upgrade devices with Windows 10 Pro to Windows 10 Enterprise without needing to enter a product key or perform a restart.
  • Azure AD join with automatic MDM enrollment A device can be joined to Azure AD and automatically enrolled into the organizational MDM solution by having users enter their work or school account details. Once enrolled, MDM will configure the device to the organization’s policies.
Copyright © 2025 Microsoft PL-300 Certification Exam Study Guide | Powered by tissotfun