Inside Azure, am doing all authentication to my Azure SQL database over Managed identity.
However, by authenticating PowerBI on Azure SQL database, there are only "Organization Account" and "Basic Authentication". How can i make the authentication from PowerBI on AzureSQL over Azure AD in order to be safe against theft (e.g. Managed Identity...)?
When using an Organization Account Power BI never sees your password. Power BI gets and stores an Access Token and a Refresh Token from AAD.
Furthermore, if you are using a Gateway any credentials are encrypted with the Gateway's public key, and can only be decrypted by the Gateway, which is a server you control.
In the future Power BI may add managed identity auth, but the current options are not insecure, just sometimes inconvenient.
Also you can run a script to update the Access Token for a data source using an access token generated for a Service Prinicpal or Managed Identity, but you have to run the script on a schedule so the Access Token doesn't expire, which I think is like 55min.
And for Azure SQL you can force SSO so the end user's identity is used to access the database, not the identity configured in the data source.
