Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Be one of the first to start using Fabric Databases. View on-demand sessions with database experts and the Microsoft product team to learn just how easy it is to get started. Watch now

Reply
Cado_one
Resolver III
Resolver III

Security risks related to publish to web (public mode)

‎12-03-2020 05:20 AM

Hi all,

 

I post this topic because I consider using Power BI embedded reports in an intranet website with the Pulbish to web (public) because not everyone in my company has a pro license.

The website access requires a login and password for the users and the reports would be accessible only if the user is connected to the VPN of the company.

Of course I saw many warning messages saying that reports published that way will be accessible by anyone on the internet.

 

My question : is it possible for an external person to access the reports without having the link only reachable in the source code of the website ? And if the answer is yes, could you tell me how ?

 

Thanks in advance.

Regards,

Cado

Message 1 of 3
1,212 Views
0
1 ACCEPTED SOLUTION
collinq
Super User
Super User

‎12-03-2020 11:51 AM

Hi @Cado_one ,

 

They key is the word "intranet".  When you embed to the WWW like this (Power BI Embedded Example : :: Welcome To EPM Strategy ::) then anybody in the world that can get to the internet can see it.  When you embed to the INTRAnet, then anybody that can get to that page can see it.  So, you are protected from the entire world, but, there may be people that can get to that page that you don't expect.  A real life example I encounted was a company that embedded to a specific subsection of their intranet - the Accounting "home page" area.  Anybody in Accounting department could see anything in that part of their internal website so anything embedded there was visible to accounting.  But, no other departments could see it since you have to have permissions to get to that section of intranet.

 

I would appreciate Kudos if my response was helpful. I would also appreciate it if you would Mark this As a Solution if it solved the problem. Thanks!




Did I answer your question? Mark my post as a solution!

Proud to be a Datanaut!
Private message me for consulting or training needs.




View solution in original post

Message 2 of 3
1,172 Views
2 REPLIES 2
collinq
Super User
Super User

‎12-03-2020 11:51 AM

Hi @Cado_one ,

 

They key is the word "intranet".  When you embed to the WWW like this (Power BI Embedded Example : :: Welcome To EPM Strategy ::) then anybody in the world that can get to the internet can see it.  When you embed to the INTRAnet, then anybody that can get to that page can see it.  So, you are protected from the entire world, but, there may be people that can get to that page that you don't expect.  A real life example I encounted was a company that embedded to a specific subsection of their intranet - the Accounting "home page" area.  Anybody in Accounting department could see anything in that part of their internal website so anything embedded there was visible to accounting.  But, no other departments could see it since you have to have permissions to get to that section of intranet.

 

I would appreciate Kudos if my response was helpful. I would also appreciate it if you would Mark this As a Solution if it solved the problem. Thanks!




Did I answer your question? Mark my post as a solution!

Proud to be a Datanaut!
Private message me for consulting or training needs.




Message 2 of 3
1,173 Views
Cado_one
Resolver III
Resolver III
In response to collinq

‎12-04-2020 12:59 AM

Hi @collinq 

 

Thank you for the answer and testimony it reassures me.

The website is accessible only by O&M department and restrictions will be added to get each reports only visible by the concerned persons.

To go further in security, we could change all embed codes every 3 months.

 

Have a nice day,

Cado

Message 3 of 3
1,152 Views
0

Helpful resources

Announcements
Las Vegas 2025

Join us at the Microsoft Fabric Community Conference

March 31 - April 2, 2025, in Las Vegas, Nevada. Use code MSCUST for a $150 discount!

ArunFabCon

Microsoft Fabric Community Conference 2025

Arun Ulag shares exciting details about the Microsoft Fabric Conference 2025, which will be held in Las Vegas, NV.

December 2024

A Year in Review - December 2024

Find out what content was popular in the Fabric community during 2024.

View All