Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Enhance your career with this limited time 50% discount on Fabric and Power BI exams. Ends August 31st. Request your voucher.

Reply
ZiyadSyauqi
Frequent Visitor

Best Practices for Data Encryption and Decryption in Power BI

‎07-17-2024 12:31 AM

Hello Everyone,

I have a few questions regarding best practices for data encryption and decryption in Power BI:

  1. Best Practices for Encrypt-Decrypt in Power BI:

    • Are there any recommended best practices for handling encryption and decryption within Power BI to ensure data security and integrity?

  2. Decrypting Encrypted Data from Azure SQL in Power BI:

    • I have a dataset stored in Azure SQL with encrypted data in the following format:

    • Name

      		Values
      Zcsa1u28y22ucn0cqn3225v100
      xny7q85tv9rnq2umr0yj2qic200
      cqnhc3cq985t3v3v305qmc2300
    • Is it possible to decrypt this data directly within Power BI using an encryption key or similar method?
  3. Auto-Encrypt Data Based on User Access in Power BI:
    • Is it feasible to decrypt data in Azure SQL and then have it automatically re-encrypt when displayed in Power BI, depending on user access levels? For example, can Row-Level Security (RLS) be used to manage this kind of encryption and decryption dynamically?

I appreciate any insights or guidance you can provide on these topics.

 

Thank you!

Message 1 of 3
2,343 Views
0
1 ACCEPTED SOLUTION
Anonymous
Not applicable

‎07-17-2024 11:18 PM

Hi  @ZiyadSyauqi ,

 

According to a statement in the Power BI security white paper:

https://learn.microsoft.com/en-us/power-bi/guidance/whitepaper-powerbi-security

By default, all data retained by Power BI is encrypted using Microsoft-managed keys. Customer data stored in Azure SQL databases is fully encrypted using Azure SQL's Transparent Data Encryption (TDE) technology. Customer data stored in Azure Blob Storage is encrypted using Azure Storage Encryption.

In addition, organizations can use Power BI Premium to encrypt static data imported into the semantic model using their own keys. This method is often described as Bring Your Own Key (BYOK). Utilizing BYOK helps ensure that customer data is not exposed even in the event of a service operator error-something that cannot be easily achieved using transparent server-side encryption. For more information, see Bring Your Own Encryption Key for Power BI.

 

Best Regards,

Liu Yang

If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

View solution in original post

Message 2 of 3
2,286 Views
2 REPLIES 2
Anonymous
Not applicable

‎07-17-2024 11:18 PM

Hi  @ZiyadSyauqi ,

 

According to a statement in the Power BI security white paper:

https://learn.microsoft.com/en-us/power-bi/guidance/whitepaper-powerbi-security

By default, all data retained by Power BI is encrypted using Microsoft-managed keys. Customer data stored in Azure SQL databases is fully encrypted using Azure SQL's Transparent Data Encryption (TDE) technology. Customer data stored in Azure Blob Storage is encrypted using Azure Storage Encryption.

In addition, organizations can use Power BI Premium to encrypt static data imported into the semantic model using their own keys. This method is often described as Bring Your Own Key (BYOK). Utilizing BYOK helps ensure that customer data is not exposed even in the event of a service operator error-something that cannot be easily achieved using transparent server-side encryption. For more information, see Bring Your Own Encryption Key for Power BI.

 

Best Regards,

Liu Yang

If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

Message 2 of 3
2,287 Views
MallikarjunaBan
Helper III
Helper III
In response to Anonymous

‎09-29-2024 11:20 AM

i have encrypted data in snowflake can i decrypt in power bi service on the fly while i use direct query or can i achive by having udf at report server level .as of now i use cognos bi and snowflake encrypted data where i am creating udf to decrypt on the fly in cognos while using direct query .need same functionality in power bi can we do it with byok pls confirm

Message 3 of 3
1,806 Views
0

Helpful resources

Announcements
July 2025 community update carousel

Fabric Community Update - July 2025

Find out what's new and trending in the Fabric community.

July PBI25 Carousel

Power BI Monthly Update - July 2025

Check out the July 2025 Power BI update to learn about new features.

View All