Skip to main content
cancel
Showing results for 
Search instead for 
Did you mean: 

Find everything you need to get certified on Fabric—skills challenges, live sessions, exam prep, role guidance, and more. Get started

Reply
Anonymous
Not applicable

Custom Visualization Data Security Issues

Hello,

 

In the description of every Custom visualization that is on the https://appsource.microsoft.com, it says that the visualization can send data through the Internet.

 

What data is being sent? Isn't it a severe breach of data confidentiality? 

If I make reports and dashboards inside my Organization, doesn't it leaks?

 

I would appreciate your answers,

 

Thanks,

Tamir

2 ACCEPTED SOLUTIONS
v-viig
Community Champion
Community Champion

Certified custom visuals and custom visuals developed by Microsoft don’t send any data over internet. Such custom visuals can be used for sensitive data.

However, we can’t be sure about other third party not-certified custom visuals.

 

Ignat Vilesov,

Software Engineer

 

Microsoft Power BI Custom Visuals

pbicvsupport@microsoft.com

View solution in original post

v-viig
Community Champion
Community Champion

Some custom Visuals might send data to third-party services for additional analytics.

We'd recommned to contact developers of custom visuals to ask what data their CVs send.

 

We'd also recommend to use certified CV. Tag certified means that we have not find any security issues and sending data to 3rd party services.

 

Ignat Vilesov,

Software Engineer

 

Microsoft Power BI Custom Visuals

pbicvsupport@microsoft.com

View solution in original post

12 REPLIES 12
v-shex-msft
Community Support
Community Support

Hi @Anonymous,

 

>>What data is being sent? Isn't it a severe breach of data confidentiality? 

For power bi data security, you can refer to following article:

POWER BI AND DATA SECURITY – COMPLIANCE AND ENCRYPTION

 

>>In the description of every Custom visualization that is on the https://appsource.microsoft.com, it says that the visualization can send data through the Internet.

Do you means the origination content pack? If this is a case, all receivers has the similar data access permission as owner.

You can also take a look at below link to know more about content pack:

Intro to organizational content packs in Power BI

 

Data security

All distribution group members have the same permissions to the data as the content pack creator. The one exception to this is SQL Server Analysis Services (SSAS) on-premises tabular datasets. Because the reports and dashboards are connecting live to the on-premises SSAS model, the credentials of each individual distribution group member are used to determine the data he or she can access.

 

BTW, you can add dynamic rls on your report to improve data security level:

RLS with UserName()

 

 

Regards,
Xiaoxin Sheng

Community Support Team _ Xiaoxin
If this post helps, please consider accept as solution to help other members find it more quickly.
Anonymous
Not applicable

Hi @v-shex-msft

 

Thank you for your detailed answer. I will go thoroughly over it.

However, I was referring to something a little bit different.

Please see a snapshot: (blue circle)

 

Thank you,

Tamir

Capture.JPG

Hi @Anonymous,

 

I'm also not clarity for this, maybe you can try to contact to power bi custom visual team for further support.

 

Regards,

Xiaoxin Sheng

Community Support Team _ Xiaoxin
If this post helps, please consider accept as solution to help other members find it more quickly.
Anonymous
Not applicable

Thank you.

Regards,

Tamir

v-viig
Community Champion
Community Champion

Certified custom visuals and custom visuals developed by Microsoft don’t send any data over internet. Such custom visuals can be used for sensitive data.

However, we can’t be sure about other third party not-certified custom visuals.

 

Ignat Vilesov,

Software Engineer

 

Microsoft Power BI Custom Visuals

pbicvsupport@microsoft.com

Hi, 

 

Is there a way to only enable certified/MS custom visuals in PBIRS? We need to make sure that the custom visuals does not send data over the Internet.

 

Also the list doesnt seem to get updated. For ex. Timeline Storyteller isnt on (which is published by Microsoft)

https://docs.microsoft.com/en-us/power-bi/power-bi-custom-visuals-certified

 

Regards Taico

There's no way at least for now. The organisation store for custom visuals is coming soon to cover this functionality.

 

Ignat Vilesov,

Software Engineer

 

Microsoft Power BI Custom Visuals

pbicvsupport@microsoft.com

Hi is there a why to avoid this exposure?

why is microsoft allowing the third party to: "read and make changes to your documents" and "Send data over the internet".

 

 

is there a why to find the information that was sent/changed by the add-in

 

 

 

 

Anonymous
Not applicable

I am not sure how to interpret your question...

 

However, the reason for concern regarding the privacy of my documents is that they are corporate and sensitive.

 

Tamir

v-viig
Community Champion
Community Champion

Some custom Visuals might send data to third-party services for additional analytics.

We'd recommned to contact developers of custom visuals to ask what data their CVs send.

 

We'd also recommend to use certified CV. Tag certified means that we have not find any security issues and sending data to 3rd party services.

 

Ignat Vilesov,

Software Engineer

 

Microsoft Power BI Custom Visuals

pbicvsupport@microsoft.com

Anonymous
Not applicable

 Hi @v-viig

 

Thank you 🙂

 

Tamir

Hi,

 

Thanks for the reply.

 

'Organisation store for custom visuals' sounds great and would solve the issue.

 

-Taico

Helpful resources

Announcements
July 2024 Power BI Update

Power BI Monthly Update - July 2024

Check out the July 2024 Power BI update to learn about new features.

PBI_Carousel_NL_June

Fabric Community Update - June 2024

Get the latest Fabric updates from Build 2024, key Skills Challenge voucher deadlines, top blogs, forum posts, and product ideas.

Top Solution Authors