Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Get Fabric Certified for FREE during Fabric Data Days. Don't miss your chance! Learn more

Reply
ThePowerOfBI
Regular Visitor

How secure is the Power BI Desktop when using PBXI file

‎08-14-2025 03:07 AM

Hello community

I have a general question in regards of PBIX files in PowerBI Desktop:

I like to know if in the PBXI file are connection credentials are saved?

If not, is the location of connectors and PowerBI Service i the User.ZIP file who is saved in the following PATH:

"C:\Users\<user name>\AppData\Local\Microsoft\Power BI Desktop\User.zip" ??

I like to now if it would be possible for a hacker to modify or use that credentials?

For example taking the User.ZIP file and use it on another machine?

 

Thanks in advance for any response who is helpful... 

Kind regards

Michael Damaschke

 

Labels:
Message 1 of 7
361 Views
2 ACCEPTED SOLUTIONS
alish_b
Resolver III
Resolver III

‎08-14-2025 03:25 AM

Hi @ThePowerOfBI ,

 

Here is a related thread: https://community.fabric.microsoft.com/t5/Desktop/Where-the-Data-base-username-amp-credentials-get-s...

The thread refers a blog post: https://www.sqlgene.com/2018/03/22/are-local-credentials-or-passwords-stored-in-the-power-bi-desktop...

The blog post does not confirm anything though and it was written quite back in time.

The pbix files themselves do not store the credentials (they do have cached data but will prompt for credentials when trying to refresh) and even the zip file (stored in local machine) should have those encrypted (not really sure about the vulnerability when copying this over systems). It is better to use the Windows authentication or other secure authentication methods over basic authentication, but I can understand that sometimes you just can't help it.

I hope others can provide more confirming response to your copying zip file to another device concern.

View solution in original post

Message 2 of 7
342 Views
0
Shahid12523
Community Champion
Community Champion

‎08-26-2025 04:51 AM

PBIX/PBXI files: Do not store passwords in plaintext; safe to share. Users need to re-enter credentials.

User.zip: Stores cached credentials encrypted and tied to your Windows user/machine. Cannot be used on another PC.

Risk: Only if someone has full access to your Windows account.

 

Safe to share PBIX files; never share User.zip.

Shahed Shaikh

View solution in original post

Message 4 of 7
243 Views
0
6 REPLIES 6
v-priyankata
Community Support
Community Support

‎08-28-2025 10:17 PM

Hi @ThePowerOfBI 

Thank you for reaching out to the Microsoft Fabric Forum Community.

@Shahid12523 @alish_b Thanks for the inputs,

I hope the information provided by users was helpful. If you still have questions, please don't hesitate to reach out to the community.

 

Message 5 of 7
210 Views
0
v-priyankata
Community Support
Community Support
In response to v-priyankata

‎09-02-2025 02:46 AM

Hi @ThePowerOfBI 

I wanted to check if you had the opportunity to review the information provided by users. Please feel free to contact us if you have any further questions.

Message 6 of 7
170 Views
0
v-priyankata
Community Support
Community Support
In response to v-priyankata

‎09-04-2025 11:30 PM

Hi @ThePowerOfBI 

Hope everything’s going smoothly on your end. I wanted to check if the issue got sorted. if you have any other issues please reach community.

Message 7 of 7
148 Views
0
Shahid12523
Community Champion
Community Champion

‎08-26-2025 04:51 AM

PBIX/PBXI files: Do not store passwords in plaintext; safe to share. Users need to re-enter credentials.

User.zip: Stores cached credentials encrypted and tied to your Windows user/machine. Cannot be used on another PC.

Risk: Only if someone has full access to your Windows account.

 

Safe to share PBIX files; never share User.zip.

Shahed Shaikh
Message 4 of 7
244 Views
0
alish_b
Resolver III
Resolver III

‎08-14-2025 03:25 AM

Hi @ThePowerOfBI ,

 

Here is a related thread: https://community.fabric.microsoft.com/t5/Desktop/Where-the-Data-base-username-amp-credentials-get-s...

The thread refers a blog post: https://www.sqlgene.com/2018/03/22/are-local-credentials-or-passwords-stored-in-the-power-bi-desktop...

The blog post does not confirm anything though and it was written quite back in time.

The pbix files themselves do not store the credentials (they do have cached data but will prompt for credentials when trying to refresh) and even the zip file (stored in local machine) should have those encrypted (not really sure about the vulnerability when copying this over systems). It is better to use the Windows authentication or other secure authentication methods over basic authentication, but I can understand that sometimes you just can't help it.

I hope others can provide more confirming response to your copying zip file to another device concern.

Message 2 of 7
343 Views
0
ThePowerOfBI
Regular Visitor
In response to alish_b

‎08-14-2025 05:41 AM

Hello alish_b

Thanks for the reply.

Well I found some very old information from 2017 and 2018 but thought Microsoft hopefully did increase the security over time.

Important for me is, that if somebody has access to the PBXI file, it is not possible to use existing connections.

We are using 2FA with YUBIKEY so it is a lot more secure as using only credentials.

The problem is still creating an sematic model who makes possible to access data sources like SQL or SharePoint lists is only possible via PowerBI Desktop or via PowerBI Premium in a Premium Workspace on Web (PowerBI Services).

I like to use the Web as otherwise with big data I need to download or using paging which can cause problems. Datamart is super but still Premium... And the equivalent DataFlow works only with tables ;(

But our user are using E5 license with free PowerBI Pro license.

But thanks a lot for your response...

Kind regards

Michael Damaschke

Message 3 of 7
311 Views
0

Helpful resources

Announcements
Fabric Data Days Carousel

Fabric Data Days

Advance your Data & AI career with 50 days of live learning, contests, hands-on challenges, study groups & certifications and more!

October Power BI Update Carousel

Power BI Monthly Update - October 2025

Check out the October 2025 Power BI update to learn about new features.

FabCon Atlanta 2026 carousel

FabCon Atlanta 2026

Join us at FabCon Atlanta, March 16-20, for the ultimate Fabric, Power BI, AI and SQL community-led event. Save $200 with code FABCOMM.

View All
Top Solution Authors
View All