Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

The Power BI Data Visualization World Championships is back! Get ahead of the game and start preparing now! Learn more

Reply
ovetteabejuela
Impactful Individual
Impactful Individual

Security Risks involving Visuals from app.powerbi.com/visuals

‎01-19-2017 12:14 AM

I have done some research in the forum and found a relevant topic however this topic was not so specific onset altough one of the response were. I would like to repost/rephrase and so my question goes:

 

I am not going to download custom visuals from anywhere else but only from app.powerbi.com/visuals. My understanding is that these visuals has undergone some sort of inspection before it's posted. I don't do custom visual (I'm not capable) so I don't know what's the process of submitting one and would like to ask:

  1. Does it get posted right away (most probably not)
  2. It is submitted first to PowerBI team and will undergo review (security risk check)
  3. How about revisions, does it undergo a similar process (if that process exists)

I was actually hoping that there is a Microsoft/PowerBI verification confirmation/indicator somewhere.

Labels:
Message 1 of 4
5,976 Views
0
1 ACCEPTED SOLUTION
MattAllington
Community Champion
Community Champion

‎01-19-2017 12:27 AM

My understanding from presentations I have sat through is

 

1. No

2. Yes

3. Yes


* Matt is an 8 times Microsoft MVP (Power BI) and author of the Power BI Book Supercharge Power BI.
I will not give you bad advice, even if you unknowingly ask for it.

View solution in original post

Message 2 of 4
6,467 Views
3 REPLIES 3
MattAllington
Community Champion
Community Champion

‎01-19-2017 12:27 AM

My understanding from presentations I have sat through is

 

1. No

2. Yes

3. Yes


* Matt is an 8 times Microsoft MVP (Power BI) and author of the Power BI Book Supercharge Power BI.
I will not give you bad advice, even if you unknowingly ask for it.
Message 2 of 4
6,468 Views
PatrickNealis
Advocate II
Advocate II
In response to MattAllington

‎08-04-2017 09:35 AM

I want to use these custom visuals as well, however seeing the error "Caution: A custom visual could contain code with security or privacy risks" makes this an absolute no-go. I can't afford the potential risk that data could be leaked and I don't have an IT department to scan these visuals for security concerns.

 

Has Microsoft every posted an official response acknowledging that custom visuals on app.powerbi.com/visuals are certified as secure? I dont plan to download any custom visuals from any alternate sources, just that portal.

Message 3 of 4
5,848 Views
0
KenSkinner
Helper I
Helper I
In response to PatrickNealis

‎10-23-2018 07:34 AM

Just checking to see if your question had been answered.  I've found the perfect custom visual in the Power BI Visuals MarketPlace that will save me a tremendous amount of time, but just as I'm about to load it into my Power BI I see the following generic warning:

 

When this add-in is used, it

 

  • Can read and make changes to your document
  • Can send data over the internet

 

From what I've seen, this is a common warning for add-ins in the MarketPlace, but some have the "This visual is certified by Power BI".  Just looking for answers to the following:

 

  1. When it states "can read and make changes", I'm guessing they're referring to the actual functionality of the custom visual.  I wanted to add a custom visual that can create dynamic text entries based on filter choices.  Of course it would need to read my data and then change the document.  But is that all it's referring to?
  2. The "Can send data over the internet" is a much bigger concern as I wouldn't want confidential data being piped out to the web in the background.  Is this also referring to just the functionality of the visual or could it theoretically send all my data to a third party without my knowledge?
  3. In Microsoft's "Custom visuals in Power BI" page they state that all custom visuals published in the AppSource (MarketPlace) have been tested and approved by Microsoft for functionality and quality.  For the non-certified visuals, do these test include security threats or privacy violations?
  4. Microsoft's certification requirements include "Does not access external services or resources".  I take it that means it won't funnel my data to a third party without my knowledge?

 

In Microsoft's "Power BI Support" page they discuss reviewing custom visuals for security and privacy:

 

https://pbiwebprod-docs.azurewebsites.net/hr-hr/documentation/powerbi-custom-visuals-review-for-secu...

 

The article shows the warning message Patrick mentioned above and has "considerations before you enable a custom visual".  Are they only referring to custom visuals not downloaded from the MarketPlace?

 

Answers to any of the above would be appreciated.  Thanks.

 

 

Message 4 of 4
5,466 Views
0

Helpful resources

Announcements
Power BI DataViz World Championships

Power BI Dataviz World Championships

The Power BI Data Visualization World Championships is back! Get ahead of the game and start preparing now!

December 2025 Power BI Update Carousel

Power BI Monthly Update - December 2025

Check out the December 2025 Power BI Holiday Recap!

FabCon Atlanta 2026 carousel

FabCon Atlanta 2026

Join us at FabCon Atlanta, March 16-20, for the ultimate Fabric, Power BI, AI and SQL community-led event. Save $200 with code FABCOMM.

View All