Azure IoT Stream Analytics Job | Power BI Workspace Access | PL-400 Exam Solution

Azure IoT Stream Analytics Job

Q: You need to analyze the real-time telemetry streams from the IoT devices in the Power BI dashboard.You create a new workspace.You also provision a Stream Analytics job under the name of “IoT stream job” in the Azure portal. Please select four steps you should take to give the “IoT stream job” access to the Power BI workspace?

Give a service principal access to the new workspaceAllow service principals to use Power BI APIs in the Power BI Admin portalCreate Power BI as new output for the job in the Azure portalCreate a service principal for the job in the Azure portal

Prev Question Next Question

Question

You need to analyze the real-time telemetry streams from the IoT devices in the Power BI dashboard.

You create a new workspace.

You also provision a Stream Analytics job under the name of “IoT stream job” in the Azure portal.

Please select four steps you should take to give the “IoT stream job” access to the Power BI workspace?

Answers

A. Give a service principal access to the new workspace

B. Add a new job as the user in Microsoft 365 Admin Center

C. Allow service principals to use Power BI APIs in the Power BI Admin portal

D. Give a service principal access to My workspace

E. Create Power BI as new output for the job in the Azure portal

F. Create a service principal for the job in the Azure portal

G. Sign in to Power BI as a new user.

Show Answer

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D. E. F. G.

Correct Answers: A, C, E and F

Microsoft Managed Identity service for Azure eliminates the need to use passwords or other credentials explicitly to access Azure-based services.

The Managed identity service manages credentials for you.

You can use the Managed identities to access any Azure service.

There are two types of managed identities: System assigned and User-assigned.

The System assigned managed identity is a part of every Azure resource that stays with the resource.

If the resource is removed, the identity is also removed.

Users can create the User-assigned identity for any standalone Azure resource.

It will survive resource after the resource deletion and can be assigned to another resource.

You can remove the user-assigned identity only by deleting it directly.

When you enable the System assigned identity for the Azure resource, Azure creates a service principal.

The service principal is a resource that connects to the Azure AD managed identity information.

The Power Platform products are based on Azure services, and you can use the service principal to access the Power BI.

Suppose you need to stream data to the Power BI dashboard.

In that case, you need to provision a Stream Analytics job in Azure and enable the “Use System-assigned Managed Identity” option (Number 2) in the “Managed Identity” section of the job's blade (Number 1)

The Azure Resource Manager generates the service principal ID (Number 3).

$Microsoft Azure 2 Search resources, services, and docs (G+/) “ Dashboard > StreamAnalyticsJob > loT_stream_job ++ Create a resource ? loT_stream_job | Managed Identity R Home Stream Analytics job Dashboard P Search (Cmd+/) « EE] save “ Discard 2 = All services F <2 Overvie' Quer Use System-assigned Managed Identity © ke FAVORITES = 5.8 Activity log Principal ID EEE All resources g Access control (IAM) 93ff7174-03a2-4194-b274-0 9) :83cf B © {/*) Resource groups @ Tags Job name ® App Services @ Diagnose and solve problems loT_stream_job a) <> Function App Settings SQL databases oe 22 Properties © Azure Cosmos DB 1 Locks © Virtual machines Job topol co4 Load balancers op ropology 2 Inputs } Storage accounts . Functions > Virtual networks <> (} ad Azure Active Directory Query > Outputs © Monitor ® Advisor Configure 0 Security Center ® Environment © Cost Management + Billing $93 Storage account settings ® Help + support Scale © subscriptions ® Locale 22 Event ordering @ Error policy {8% Compatibility level General oJ Tools$

Then you need to allow the service principal to use the Power BI APIs (Number 4)

You can find this option in the Power BI admin portal (Number 1) in the “Tenant settings” (Number 2) under the “Developer settings” (Number 3)

You can also limit the API access to the specific security group (Number 5).

$eXo)')\(=) al =) MN Laniiam efe)ae-)} fn} Home Admin portal @ W Favorites ? Usage metrics Oren . — Developer settings © ecen J Rees Premium Per User (preview) > Embed content in apps Audit logs Enabled for the entire organization 6 Datasets ; : — Tenant settings 4 Allow service principals to use Power BI APIs E- Apps Capacity settings Gaappilies caries Web apps registered in Azure Active Directory (Azure AD) will use an assigned service principal to access Power BI APIs without a signed in user. To allow an app to use service Embed codes principal authentication its service principal must be included in an allowed security group. Learn more Organizational visuals @® Enabied 4 | Refresh summary Shared with me Deployment pipelines (Learn Azure connections (preview) Workspaces © Service principals can use APIs to access tenant-level features controlled by Power Workspaces > Custom branding BI service admins and enabled for the entire organization or for security groups ; ; they're included in. You can control access of service principals by creating My workspace wy Protection metrics dedicated security groups for them and using these groups in any Power Bl tenant level-settings. Learn more Featured content Apply to: © The entire organization @ Specific security groups (Recommended) @ Enter security groups Except specific security groups Z”\ Get data Admin API settings$

After that, you need to create a new workspace with a dashboard.

You cannot use “My workspace.” Then, return to Azure and create an “IoT stream job” output by authorizing a connection to Power BI and supplying information about the Power BI workspace.

$Search resources, services, and docs (G+/) Dashboard > loT_stream_ job Power BI x + Create a resource y loT_stream Outputs a New output FE Home ‘—" Stream Analytics job ©) Dashboard P Search (nds) e Poa Currently authorized as, : All services Z ‘ “2 Overview Name Sink Output alias * oe FAVORITES Bl Activity log { dashboard v EEE All resources a Access control (/AM) Group workspace * (9) Resource groups @ Tags | loT stream job ® App Services e fe @ Diagnose and solve problems Authentication iiede > Functi i <> Function App Settings [ Managed Identity G sai databases Properties © Azure Cosmos DB - A Locks @® Managed Identity access only works with a Power BI Pro 1 Virtual machines subscription and an upgraded or V2 workspace. For more information on this feature, see the documentation 4, Job topolo & Load balancers pene, —_ = Inputs = Storage accounts Dataset name* © ©> Virtual networks mB Ector iotdataset ¥ <> Azure Active Directory Table name * © Monitor jottable re ® Advisor © Security Center Environment © Cost Management + Billing & Storage account settings B Help + support (7 Scale “© subscriptions ® Locale 3 Event ordering @5 Error policy 48 Compatibility level © Managed Identity General > Tools Saal$

And you need to enable the service principal access to the new Power BI workspace.

You can click on the Access button on the workspace screen and add the job name.

All other options are incorrect.

For more information about using the managed identity for Power BI dashboard access, please visit the below URLs:

To give the "IoT stream job" access to the Power BI workspace, the following steps should be taken:

Give a service principal access to the new workspace A service principal is an identity that is used to authenticate and authorize access to Azure resources. To give the "IoT stream job" access to the Power BI workspace, a service principal needs to be created and given access to the new workspace.
Allow service principals to use Power BI APIs in the Power BI Admin portal After creating the service principal, it needs to be authorized to use the Power BI APIs. This can be done by allowing service principals to use Power BI APIs in the Power BI Admin portal.
Create Power BI as new output for the job in the Azure portal Next, create Power BI as a new output for the "IoT stream job" in the Azure portal. This will allow the job to send data to the Power BI workspace.
Create a service principal for the job in the Azure portal Finally, create a service principal for the job in the Azure portal. This will enable the job to authenticate and authorize access to the Power BI workspace.

Therefore, the correct steps to give the "IoT stream job" access to the Power BI workspace are:

A. Give a service principal access to the new workspace C. Allow service principals to use Power BI APIs in the Power BI Admin portal E. Create Power BI as new output for the job in the Azure portal F. Create a service principal for the job in the Azure portal

Prev Question Next Question