I've scanned a lot of tenants. Enterprise orgs with sophisticated data teams, mid-market companies just getting started with Fabric, and everything in between. And here's what I keep seeing: the governance problems are always worse than anyone thinks.
Not because anyone's negligent. Power BI was designed to let business users build and share analytics fast. The problem is that "fast" and "governed" rarely go together, and by the time you've got thousands of workspaces, the sprawl has already happened.
Here are five red flags that tell you it's time to look under the hood.
1. Nobody can tell you how many workspaces you have
This is the most basic question, and most organizations can't answer it confidently. In a recent scan we ran, we found 5,000 workspaces — and 100% of them had no designated admin. That means thousands of reports, semantic models, and dashboards with no clear owner, no accountability, and no one cleaning up when things go stale.
If your IT team has to manually check the admin portal to answer "how many workspaces do we have?" — that's a sign.
2. You've never audited Publish to Web
Publish to Web is one of the most dangerous features in Power BI, and most organizations have no idea how exposed they are. It creates a public URL for a report — no authentication required, no expiration, accessible to anyone on the internet.
In the same tenant scan, we found 125 reports published to the public internet. Some of those contained operational data that had no business being publicly accessible. One report had been published three years ago and forgotten entirely.
If you haven't specifically audited Publish to Web artifacts in the last 90 days, assume you have exposure.
3. Sensitivity labels are at 0%
Microsoft Information Protection labels are one of your strongest governance tools — they classify and protect data at the artifact level. But in our experience, the vast majority of enterprise tenants have zero sensitivity label coverage.
Zero. On thousands of datasets.
That means your DLP policies have nothing to enforce. Your compliance team is flying blind. And if you're subject to SOX, HIPAA, or GDPR, this is a gap that shows up in audits. The good news is that it's fixable — but you have to measure it first.
4. Row-Level Security exists on paper but not in practice
Most organizations know what RLS is. Many have it documented in their governance guidelines. But when we scan semantic models, the actual adoption rate is almost always near zero.
In the tenant we scanned, 1,169 semantic models had no Row-Level Security configured. That means every user with access sees every row of data. In organizations with sensitive financial, HR, or customer data, that's a compliance risk hiding in plain sight.
The fix isn't hard. But if you don't know which models have RLS and which don't, you can't prioritize.
5. You're moving to Fabric but haven't inventoried what you already have
Fabric is an incredible platform. But migrating without understanding your current state is like packing for a move without opening the closets first. You'll bring the mess with you.
A real tenant scan gives you visibility into everything: your 8,900+ Fabric items (notebooks, pipelines, lakehouses), your data source connections, your CI/CD maturity (Git adoption, deployment pipelines), your compliance posture, and a Fabric Readiness Score that tells you exactly where you stand on a 0-100 scale.
That score becomes your baseline. Run the scan again in six months and you can prove to leadership that governance actually improved.
What to do about it
If any of these resonated, the next step is straightforward: get a Tenant Scan. It's a read-only, non-invasive assessment that scans 70+ data points across your entire Power BI and Fabric environment. No agents to install. No data leaves your tenant.
You walk away with a Fabric Readiness Score, a complete inventory of every artifact in your tenant, a data exposure audit, compliance mapping, and a prioritized remediation plan your team can actually execute on.
The Starter tier starts at $2,500 and is delivered in 3–5 days. Professional ($5,000) includes a deeper architecture review and 90-day governance roadmap. Enterprise ($7,500) adds compliance mapping, ROI modeling, and migration waves. For AI-powered analysis with a live working session, the AI-Assisted tier is $12,500.