hi folks welcome back uh in the series of setting up Microsoft Office 365 in this Ser uh section we're going to be talking about enable the service principle authentication for powerbi read only apis upgrading access application access to powerbi service content the apis by enabling the service principal authentication for powerbi read only the P powerbi service content and apis help optimize your Microsoft 365 subscriptions such as downgrading subscriptions from Office 365 E5 to Office 365 E3 important things to remember you're going to need to have the admin for the Azure ad admin uh Global admin as well as the power bi Global admin in order to do this step so let's go ahead and jump into the powerbi okay so I'm logged into the Azure portal using my Global administrator account so what do I do next Randy excellent we're going to need to create a security group for your service principal authentication okay so we're going to go ahead and navigate over to Azure active directory service so Azure active directory okay from there you want to go to manage groups and then click all groups groups and I'm going to go all groups I'm in all groups right now okay excellent then you want to select new group okay going to do security we're going to go ahead and name this group so we're going to put an email address in there an email address no I don't think an email address I think going description so don't need an email address here so okay and now what now what do we do here so roles can be assigned to the group no and then membership type so there's three different types here there's a assigned where the members must be added or removed manually there's Dynamic user where members are added and removed automatically based on the dynamic group rules that are defined that you define or dynamic device these are devices that are added or removed automatically based on the dynamic role uh that you define for them yeah I think we're just go ahead and do assigned right yeah I think we'll do assigned because I think I think Dynamic is going to be something that's individual for every organization right the Azure administrators are going to have ways within their own Azure instance on how they if they're using anything dynamic or not so for us we're just going to use a sign so we can do everything manually excellent from that you just go ahead and select uh create okay all right so next thing we need to do is we need to add the to the security group so let's navigate let's navigate over to manage members oh I think I got to find the security group again so it brought me back to the all groups page so I better take a look here for itam okay so here's the group that I created so when I hit create it put me back to the main page I had to go back in so now you're saying I go to manage right manage yep and then groups groups or group memberships sorry oh sorry members members gotcha members yep then add a member okay and then we are going to uh type in our group that we just created yeah so we've got this itam Ranger 365 integration group but we got to make sure we don't pick this Enterprise application right we want want to no we want to pick the application not the group right so this one the application yes yes so we're adding the application to the group so when we're we're selecting this we want to make sure it's this one here Enterprise application okay and select and probably okay it's added we probably just need to refresh it here for it to show up and there it is yeah there it is so now we're in the group and we have this as a member of the group okay and so now the application is added to your Security Group next thing we need to do is enable the security group to read only access the powerbi so let's go ahead and jump to the powerbi portal the powerbi portal okay so I'm going to open up a new tab here and I'm going to go to the powerbi link from the document and I'm going to log in with my again I'm not sure what permissions my admin permissions I guess it is in powerbi right not the global admin it's powerbi uh administrator uh credentials okay all right so once we get in there we're going to see the setting icon it's that little uh gear box you want to go ahead and click on that and then you want to select admin portal the powerbi admin portal should open up admin portal there it is there okay next we want to do tenant settings tenant settings oh right here okay I'm already in tenant settings yeah perect and we want to expand uh the allow service principles to users to use read only powerbi admin API setting and that's in the admin API section right so I have corre find that section again there's a lot of settings in here admin API settings okay so there's the admin API settings and I'm looking for service principles can access readon admin a okay okay we're going to expand that and toggle the button to enable the settings okay well in this instance yeah we already this is a test instance we're using so we we've done this a few times so this setting's already enabled for us but I think most people probably won't have this enabled so you're going to want to make sure this is enabled excellent and then we want to go down into that little box over there uh and start to type in the security group that we just created okay itam R yep okay so that's a security group we added in the last step okay next you just hit apply okay now we have tenant so it says the changes apply within the next 15 minutes so these aren't instantaneous changes so uh you might want to not jump to doing your integration for a little bit until this replic Ates through so excellent the one thing to remember is after you enable the setting through the powerbi admin portal any application permissions that you set from the Microsoft Azure portal are no longer effective all application permissions must subsequently be set and managed through the powerbi admin portal good know something to remember yeah definitely good to remember so okay great excellent and we're going to wrap this up this video up next we're going to come back with configuring updates on your Microsoft 365 admin Center