Get certified in Microsoft Fabric—for free! For a limited time, the Microsoft Fabric Community team will be offering free DP-600 exam vouchers. Prepare now
How safe is custom visuals?
When I try to upload new custom visuals, some of them really great - there is such prompt:
Custom Visuals are not provided by Microsoft and could contain security or privacy risks. Only import this custom visual if you trust its author and source.
I would like to raise some questions:
Does Custom visuals be reason for data leakage?
Could microsoft allow such a loophole in Business Intelligence software for Enteprise?
If you would like to answer - no, what the point in this warning?
Looking for response in order to utilize Power BI at 100%.
Thank you.
Hello,
I work for an agency and we are considering using Power BI and the custom visuals **ONLY from the Power BI Custom Visuals Gallery** for our reporting needs. That said, we need an official Microsoft response to be able to move forward. We are mainly concerned with our data being able to be leaked by using/importing a custom visual from the gallery.
Thank you for your time and consideration of this question.
If you are worried about leaks in the Custom Visuals, you will first need to figure out what sort of leak you are concerned with.
Are you worred about:
I would suggest for each:
Can someone from the Power BI team provide a definitive response to the original question posted by @AlexNYExcel ?
I understand the reasons for the warning as any Mr Smith can create and upload malicious custom visuals into Power BI.
However, are the custom visuals in the official Power BI Visuals Gallery completely safe as they have been approved by Microsoft ? My company has 8000 staff and we are rolling out Power BI across most departments. If Power BI cannot confirm that the official POwer BI Visuals gallery is safe, then we have a problem as private data may be leaked or that it may contain a virus.
Again, I would just like clarification over the safety of using the approved custom visuals found on the official Microsoft Power BI Visuals Gallery.
Cheers,
Daniel
Daniel,
Did you ever get a response back on this? Are custom visuals on the official Power BI Visuals Gallery safe and approved by Microsoft?
This is an old topic but I am interested to know as well.
Can anybody tell ,is there any security risks for using custom visuals available in powerbi visuals gallery
The custom visuals in the Visuals Gallery are reviewed by Microsoft prior to being published. With Javascript, it is possible to do pretty much anything, so the warning and review process are there for good reason.
For example, it's possible to create malicious visuals that can alter other charts or send private data elsewhere. That's not unique to Power BI--it's possible in general for web development. Something like this "donut eater" that replaces the donuts from other charts would never be approved for the Gallery, but anyone could package something like this independently as a .pbiviz file and distribute it outside of the Gallery. Replacing an image is kind of a fun example, but what if it subtly changed *values* in those charts--or worse? I would heed the warning and, in my opinion, only use visuals from the Gallery or ones that have been otherwise verified to not contain dangerous code.
So, you say that Galley on web Powerbi.com has nice visualization that approved by microsoft and does not have security risks.
Any vis from any other source could be dangerous?
Yes. It's likely that any visual that is distributed outside of the Gallery will *not* be dangerous--but there is always that risk.
Check out the October 2024 Power BI update to learn about new features.
Learn from experts, get hands-on experience, and win awesome prizes.