Reporting Hub Architecture
Last updated
Last updated
The Reporting Hub is an Azure-based application that is installed and deployed within your Azure environment. It integrates with your existing Microsoft tenant and communicates with Power BI Embedded via Microsoft APIs. The following Azure services are required to run the Reporting Hub:
Power BI Embedded or Fabric Capacity
Azure App Service
Azure SQL Database
Below is a diagram highlighting the high level architecture.
The Reporting Hub communicates with Power BI Embedded via Microsoft APIs. The below list includes the key communication areas:
Connects to authorized Power BI Workspaces, Reports and Dashboards
Applies Row-level-security (RLS) based on authenticated user
Built-in capacity optimizer manages Power BI Embedded Capacity availability based on usage
Connections to data sources are established through Power BI
Works with all Power BI Embedded, Fabric and Power BI Premium Microsoft licenses
Important: Your data is NEVER accessed by, made available to, or, stored within the Reporting Hub web application.
Microsoft Entra ID (formerly called Azure Active Directory or AAD) is the default authentication method for the Reporting Hub. Entra ID B2B allows you to add guest users (outside of your tenant). Users and Groups are managed in Entra ID and are used to provide access to navigation options, reports and row-level security.
Power BI Embedded is the Microsoft license required to share Power BI content with un-licensed users. Your embedded capacity is applied to the Power BI workspaces you wish to make available to the Reporting Hub.
The Reporting Hub is a stand-alone application instance installed directly within your Azure environment. An Azure App Service is required to 'host' the application.
All the Reporting Hub application configuration data (logos, themes, navigation, report security, and audit logs) are stored in this Azure SQL Database.
The Reporting Hub license manager is a separate application that runs within the Reporting Hub Azure environment. Your locally deployed Reporting Hub application instance periodically communicates with the license manager to validate subscription.
For more information on the Azure services required please reference: