Skip to main content
cancel
Showing results for 
Search instead for 
Did you mean: 

Earn the coveted Fabric Analytics Engineer certification. 100% off your exam for a limited time only!

Reply
Anonymous
Not applicable

Custom Visualization Data Security Issues

Hello,

 

In the description of every Custom visualization that is on the https://appsource.microsoft.com, it says that the visualization can send data through the Internet.

 

What data is being sent? Isn't it a severe breach of data confidentiality? 

If I make reports and dashboards inside my Organization, doesn't it leaks?

 

I would appreciate your answers,

 

Thanks,

Tamir

2 ACCEPTED SOLUTIONS
v-viig
Community Champion
Community Champion

Certified custom visuals and custom visuals developed by Microsoft don’t send any data over internet. Such custom visuals can be used for sensitive data.

However, we can’t be sure about other third party not-certified custom visuals.

 

Ignat Vilesov,

Software Engineer

 

Microsoft Power BI Custom Visuals

pbicvsupport@microsoft.com

View solution in original post

v-viig
Community Champion
Community Champion

Some custom Visuals might send data to third-party services for additional analytics.

We'd recommned to contact developers of custom visuals to ask what data their CVs send.

 

We'd also recommend to use certified CV. Tag certified means that we have not find any security issues and sending data to 3rd party services.

 

Ignat Vilesov,

Software Engineer

 

Microsoft Power BI Custom Visuals

pbicvsupport@microsoft.com

View solution in original post

12 REPLIES 12
v-shex-msft
Community Support
Community Support

Hi @Anonymous,

 

>>What data is being sent? Isn't it a severe breach of data confidentiality? 

For power bi data security, you can refer to following article:

POWER BI AND DATA SECURITY – COMPLIANCE AND ENCRYPTION

 

>>In the description of every Custom visualization that is on the https://appsource.microsoft.com, it says that the visualization can send data through the Internet.

Do you means the origination content pack? If this is a case, all receivers has the similar data access permission as owner.

You can also take a look at below link to know more about content pack:

Intro to organizational content packs in Power BI

 

Data security

All distribution group members have the same permissions to the data as the content pack creator. The one exception to this is SQL Server Analysis Services (SSAS) on-premises tabular datasets. Because the reports and dashboards are connecting live to the on-premises SSAS model, the credentials of each individual distribution group member are used to determine the data he or she can access.

 

BTW, you can add dynamic rls on your report to improve data security level:

RLS with UserName()

 

 

Regards,
Xiaoxin Sheng

Community Support Team _ Xiaoxin
If this post helps, please consider accept as solution to help other members find it more quickly.
Anonymous
Not applicable

Hi @v-shex-msft

 

Thank you for your detailed answer. I will go thoroughly over it.

However, I was referring to something a little bit different.

Please see a snapshot: (blue circle)

 

Thank you,

Tamir

Capture.JPG

Hi @Anonymous,

 

I'm also not clarity for this, maybe you can try to contact to power bi custom visual team for further support.

 

Regards,

Xiaoxin Sheng

Community Support Team _ Xiaoxin
If this post helps, please consider accept as solution to help other members find it more quickly.
Anonymous
Not applicable

Thank you.

Regards,

Tamir

v-viig
Community Champion
Community Champion

Certified custom visuals and custom visuals developed by Microsoft don’t send any data over internet. Such custom visuals can be used for sensitive data.

However, we can’t be sure about other third party not-certified custom visuals.

 

Ignat Vilesov,

Software Engineer

 

Microsoft Power BI Custom Visuals

pbicvsupport@microsoft.com

Hi, 

 

Is there a way to only enable certified/MS custom visuals in PBIRS? We need to make sure that the custom visuals does not send data over the Internet.

 

Also the list doesnt seem to get updated. For ex. Timeline Storyteller isnt on (which is published by Microsoft)

https://docs.microsoft.com/en-us/power-bi/power-bi-custom-visuals-certified

 

Regards Taico

There's no way at least for now. The organisation store for custom visuals is coming soon to cover this functionality.

 

Ignat Vilesov,

Software Engineer

 

Microsoft Power BI Custom Visuals

pbicvsupport@microsoft.com

Hi is there a why to avoid this exposure?

why is microsoft allowing the third party to: "read and make changes to your documents" and "Send data over the internet".

 

 

is there a why to find the information that was sent/changed by the add-in

 

 

 

 

Anonymous
Not applicable

I am not sure how to interpret your question...

 

However, the reason for concern regarding the privacy of my documents is that they are corporate and sensitive.

 

Tamir

v-viig
Community Champion
Community Champion

Some custom Visuals might send data to third-party services for additional analytics.

We'd recommned to contact developers of custom visuals to ask what data their CVs send.

 

We'd also recommend to use certified CV. Tag certified means that we have not find any security issues and sending data to 3rd party services.

 

Ignat Vilesov,

Software Engineer

 

Microsoft Power BI Custom Visuals

pbicvsupport@microsoft.com

Anonymous
Not applicable

 Hi @v-viig

 

Thank you 🙂

 

Tamir

Hi,

 

Thanks for the reply.

 

'Organisation store for custom visuals' sounds great and would solve the issue.

 

-Taico

Helpful resources

Announcements
April AMA free

Microsoft Fabric AMA Livestream

Join us Tuesday, April 09, 9:00 – 10:00 AM PST for a live, expert-led Q&A session on all things Microsoft Fabric!

March Fabric Community Update

Fabric Community Update - March 2024

Find out what's new and trending in the Fabric Community.