Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Enhance your career with this limited time 50% discount on Fabric and Power BI exams. Ends August 31st. Request your voucher.

Reply
sunhallow
Frequent Visitor

PowerBI may 2024 Direct query security change.

‎01-28-2025 01:06 AM

Hi there Fabric community,

I'm fairly new to powerBI and PowerBI report server and have a question regarding a change that was made in powerbi may 2024 (it's been a while since that released so sorry if i have to unrust your minds for that). i do see solutions for this issue already but what we are trying to figure out is the root cause/origin of why this change is neccesary.

it's regarding the following change :

  1. A recent security change requires a privileged user to apply the "PBI_SQL_TRUSTED_SERVERS" environment variable on their Power BI Report Server machine for certain data types. Read more details in the article, SQL Server certificate isn't trusted on the client.

What we are trying to figure out is what the reasoning for this was the issue only came across for us once we implemented PBIRS on our production environments and did not appear in our test environments. Basicly we are wondering if there is an underlying security measure that enforces this.

we arrived on this realisation when the proposed solution that seems to fix it for everyone that encounters this issue with direct query's is this specific change. as seen in the following posts

https://community.fabric.microsoft.com/t5/Report-Server/Issues-regarding-power-bi-report-server/m-p/...
https://community.fabric.microsoft.com/t5/Report-Server/Power-BI-report-Server-issue-with-Direct-Que...
https://community.fabric.microsoft.com/t5/Report-Server/Issues-regarding-power-bi-report-server/m-p/...

and various other locations on the net. We have had trouble with a security plugin that was due to a non-related update in a .DLL for .NET security and that had delayed our release for this and we did not expect to run into this issue with our direct query reports after the upgrade since those functioned properly in all testing environments for reference we have 2 environments replicating a production scenario where SQL and PBIRS is seperated and cloud environments to quickly spin up that have the SQL servers and PBIRS servers on the same virtual machine. so if anyone in your community could enlighten me on this or give me some pointers to where i can find the appropriate information i would be very thankfull.

EDIT: As an update in-case someone stumbles on to this in the future.

The Release notes only talk about the Variable but it's a multifacted problem which is not very clear. From may 2024+ onwards you are required to implement this when you use direct query reports this needs 3 things to work

1. The system variable to be present on the relevant servers

2. .Net Framework 4.8 or higher due to security changes within .Net Framework

3. Forced encryption being on in the SQL servers and the certificates of these servers being configured correctly for this.

This was found out after constant investigation with a representative of the microsoft Power Platform Team. So hopefully it can help someone else if they run into this.

Labels:
Message 1 of 4
398 Views
0
3 REPLIES 3
lbendlin
Super User
Super User

‎01-28-2025 09:10 AM

The issue arises from the general inability of companies to keep their certificates up to date.  The change is a bail-out of sorts, and ideally you would not need that workaround.

Message 2 of 4
357 Views
0
sunhallow
Frequent Visitor
In response to lbendlin

‎01-28-2025 10:07 AM

So what part of the certificates would cause this because ours are fairly new. or is it due to the fact it usually expired and they implemented this for that?

Message 3 of 4
344 Views
0
lbendlin
Super User
Super User
In response to sunhallow

‎01-28-2025 10:38 AM

yes, certificates expire as part of the standard security measures, and a company needs to have processes in place to renew them if they are still required.

Message 4 of 4
338 Views
0

Helpful resources

Announcements
July 2025 community update carousel

Fabric Community Update - July 2025

Find out what's new and trending in the Fabric community.

July PBI25 Carousel

Power BI Monthly Update - July 2025

Check out the July 2025 Power BI update to learn about new features.

View All