Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Join the FabCon + SQLCon recap series. Up next: Power BI, Real-Time Intelligence, IQ and AI, and Data Factory take center stage. All sessions are available on-demand after the live show. Register now

Reply
ZiyadSyauqi
Frequent Visitor

Best Practices for Data Encryption and Decryption in Power BI

‎07-17-2024 12:31 AM

Hello Everyone,

I have a few questions regarding best practices for data encryption and decryption in Power BI:

  1. Best Practices for Encrypt-Decrypt in Power BI:

    • Are there any recommended best practices for handling encryption and decryption within Power BI to ensure data security and integrity?

  2. Decrypting Encrypted Data from Azure SQL in Power BI:

    • I have a dataset stored in Azure SQL with encrypted data in the following format:

    • Name

      		Values
      Zcsa1u28y22ucn0cqn3225v100
      xny7q85tv9rnq2umr0yj2qic200
      cqnhc3cq985t3v3v305qmc2300
    • Is it possible to decrypt this data directly within Power BI using an encryption key or similar method?
  3. Auto-Encrypt Data Based on User Access in Power BI:
    • Is it feasible to decrypt data in Azure SQL and then have it automatically re-encrypt when displayed in Power BI, depending on user access levels? For example, can Row-Level Security (RLS) be used to manage this kind of encryption and decryption dynamically?

I appreciate any insights or guidance you can provide on these topics.

 

Thank you!

Message 1 of 3
3,691 Views
0
1 ACCEPTED SOLUTION
Anonymous
Not applicable

‎07-17-2024 11:18 PM

Hi  @ZiyadSyauqi ,

 

According to a statement in the Power BI security white paper:

https://learn.microsoft.com/en-us/power-bi/guidance/whitepaper-powerbi-security

By default, all data retained by Power BI is encrypted using Microsoft-managed keys. Customer data stored in Azure SQL databases is fully encrypted using Azure SQL's Transparent Data Encryption (TDE) technology. Customer data stored in Azure Blob Storage is encrypted using Azure Storage Encryption.

In addition, organizations can use Power BI Premium to encrypt static data imported into the semantic model using their own keys. This method is often described as Bring Your Own Key (BYOK). Utilizing BYOK helps ensure that customer data is not exposed even in the event of a service operator error-something that cannot be easily achieved using transparent server-side encryption. For more information, see Bring Your Own Encryption Key for Power BI.

 

Best Regards,

Liu Yang

If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

View solution in original post

Message 2 of 3
3,634 Views
2 REPLIES 2
Anonymous
Not applicable

‎07-17-2024 11:18 PM

Hi  @ZiyadSyauqi ,

 

According to a statement in the Power BI security white paper:

https://learn.microsoft.com/en-us/power-bi/guidance/whitepaper-powerbi-security

By default, all data retained by Power BI is encrypted using Microsoft-managed keys. Customer data stored in Azure SQL databases is fully encrypted using Azure SQL's Transparent Data Encryption (TDE) technology. Customer data stored in Azure Blob Storage is encrypted using Azure Storage Encryption.

In addition, organizations can use Power BI Premium to encrypt static data imported into the semantic model using their own keys. This method is often described as Bring Your Own Key (BYOK). Utilizing BYOK helps ensure that customer data is not exposed even in the event of a service operator error-something that cannot be easily achieved using transparent server-side encryption. For more information, see Bring Your Own Encryption Key for Power BI.

 

Best Regards,

Liu Yang

If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

Message 2 of 3
3,635 Views
MallikarjunaBan
Helper III
Helper III
In response to Anonymous

‎09-29-2024 11:20 AM

i have encrypted data in snowflake can i decrypt in power bi service on the fly while i use direct query or can i achive by having udf at report server level .as of now i use cognos bi and snowflake encrypted data where i am creating udf to decrypt on the fly in cognos while using direct query .need same functionality in power bi can we do it with byok pls confirm

Message 3 of 3
3,154 Views
0

Helpful resources

Announcements
April Power BI Update Carousel

Power BI Monthly Update - April 2026

Check out the April 2026 Power BI update to learn about new features.

New to Fabric survey Carousel

New to Fabric Survey

If you have recently started exploring Fabric, we'd love to hear how it's going. Your feedback can help with product improvements.

Power BI DataViz World Championships carousel

Power BI DataViz World Championships - June 2026

A new Power BI DataViz World Championship is coming this June! Don't miss out on submitting your entry.

FabCon and SQLCon Highlights Carousel

FabCon & SQLCon Highlights

Experience the highlights from FabCon & SQLCon, available live and on-demand starting April 14th.

View All