Starting December 3, join live sessions with database experts and the Microsoft product team to learn just how easy it is to get started
Learn moreGet certified in Microsoft Fabric—for free! For a limited time, get a free DP-600 exam voucher to use by the end of 2024. Register now
Hello,
In the description of every Custom visualization that is on the https://appsource.microsoft.com, it says that the visualization can send data through the Internet.
What data is being sent? Isn't it a severe breach of data confidentiality?
If I make reports and dashboards inside my Organization, doesn't it leaks?
I would appreciate your answers,
Thanks,
Tamir
Solved! Go to Solution.
Certified custom visuals and custom visuals developed by Microsoft don’t send any data over internet. Such custom visuals can be used for sensitive data.
However, we can’t be sure about other third party not-certified custom visuals.
Ignat Vilesov,
Software Engineer
Microsoft Power BI Custom Visuals
Some custom Visuals might send data to third-party services for additional analytics.
We'd recommned to contact developers of custom visuals to ask what data their CVs send.
We'd also recommend to use certified CV. Tag certified means that we have not find any security issues and sending data to 3rd party services.
Ignat Vilesov,
Software Engineer
Microsoft Power BI Custom Visuals
Hi @Anonymous,
>>What data is being sent? Isn't it a severe breach of data confidentiality?
For power bi data security, you can refer to following article:
POWER BI AND DATA SECURITY – COMPLIANCE AND ENCRYPTION
>>In the description of every Custom visualization that is on the https://appsource.microsoft.com, it says that the visualization can send data through the Internet.
Do you means the origination content pack? If this is a case, all receivers has the similar data access permission as owner.
You can also take a look at below link to know more about content pack:
Intro to organizational content packs in Power BI
All distribution group members have the same permissions to the data as the content pack creator. The one exception to this is SQL Server Analysis Services (SSAS) on-premises tabular datasets. Because the reports and dashboards are connecting live to the on-premises SSAS model, the credentials of each individual distribution group member are used to determine the data he or she can access.
BTW, you can add dynamic rls on your report to improve data security level:
Regards,
Xiaoxin Sheng
Hi @v-shex-msft
Thank you for your detailed answer. I will go thoroughly over it.
However, I was referring to something a little bit different.
Please see a snapshot: (blue circle)
Thank you,
Tamir
Hi @Anonymous,
I'm also not clarity for this, maybe you can try to contact to power bi custom visual team for further support.
Regards,
Xiaoxin Sheng
Thank you.
Regards,
Tamir
Certified custom visuals and custom visuals developed by Microsoft don’t send any data over internet. Such custom visuals can be used for sensitive data.
However, we can’t be sure about other third party not-certified custom visuals.
Ignat Vilesov,
Software Engineer
Microsoft Power BI Custom Visuals
Hi,
Is there a way to only enable certified/MS custom visuals in PBIRS? We need to make sure that the custom visuals does not send data over the Internet.
Also the list doesnt seem to get updated. For ex. Timeline Storyteller isnt on (which is published by Microsoft)
https://docs.microsoft.com/en-us/power-bi/power-bi-custom-visuals-certified
Regards Taico
There's no way at least for now. The organisation store for custom visuals is coming soon to cover this functionality.
Ignat Vilesov,
Software Engineer
Microsoft Power BI Custom Visuals
Hi is there a why to avoid this exposure?
why is microsoft allowing the third party to: "read and make changes to your documents" and "Send data over the internet".
is there a why to find the information that was sent/changed by the add-in
I am not sure how to interpret your question...
However, the reason for concern regarding the privacy of my documents is that they are corporate and sensitive.
Tamir
Some custom Visuals might send data to third-party services for additional analytics.
We'd recommned to contact developers of custom visuals to ask what data their CVs send.
We'd also recommend to use certified CV. Tag certified means that we have not find any security issues and sending data to 3rd party services.
Ignat Vilesov,
Software Engineer
Microsoft Power BI Custom Visuals
Hi,
Thanks for the reply.
'Organisation store for custom visuals' sounds great and would solve the issue.
-Taico
Starting December 3, join live sessions with database experts and the Fabric product team to learn just how easy it is to get started.
March 31 - April 2, 2025, in Las Vegas, Nevada. Use code MSCUST for a $150 discount! Early Bird pricing ends December 9th.
User | Count |
---|---|
89 | |
87 | |
81 | |
64 | |
49 |
User | Count |
---|---|
123 | |
109 | |
88 | |
68 | |
67 |