Reply
Frequent Visitor
Posts: 4
Registered: ‎04-18-2017

Power BI Audit Logs agreement

With the new Audit logs feature in PowerBI now being open to non-US regions, can anyone advise as to the message that appears before enabling the feature, particularly with regards to EU personal data regulations, which says

 

"By enabling, you agree that data collected by this feature can be stored in Microsoft diagnotic systems in the United States or other countries where we maintain facilities, including data such as IP addresses, user IDs, dates, file or item names, and details about actions taken"

 

Does this mean that data will be moved across regions, irrespective of whether the tenant sits within a specific region. If so, is this due to the feature being in preview and does it contain data that would cause EU personal data regulation issues ?

Super Contributor
Posts: 4,874
Registered: ‎07-11-2015

Re: Power BI Audit Logs agreement

To the first question, yes. Second question, not sure if that is going to change necessarily. Third question, I am not a lawyer nor do I play one on TV, but with my understanding of the EU personal data regulations, no. 

Frequent Visitor
Posts: 4
Registered: ‎04-18-2017

Re: Power BI Audit Logs agreement

Thanks for the reply to the question. From the description it doesn't sound as if there is any personal infomation in the logs.

Super Contributor
Posts: 2,762
Registered: ‎08-14-2016

Re: Power BI Audit Logs agreement

Hi @AndrewR,

 

For the detail information about power bi audit logged, you can refer to below article:

Using auditing within your organization

 

Viewing search results

Once you hit the search button, the search results are loaded and after a few moments they are displayed under Results. When the search is finished, the number of results found is displayed.

 
Column Definition
Date The date and time (in UTC format) when the event occurred.
IP address The IP address of the device that was used when the activity was logged. The IP address is displayed in either an IPv4 or IPv6 address format.
User The user (or service account) who performed the action that triggered the event.
Activity The activity performed by the user. This value corresponds to the activities that you selected in the Activitiesdrop down list. For an event from the Exchange admin audit log, the value in this column is an Exchange cmdlet.
Item The object that was created or modified as a result of the corresponding activity. For example, the file that was viewed or modified or the user account that was updated. Not all activities have a value in this column.
Detail Additional detail about an activity. Again, not all activities will have a value.

 

View the details for an event

You can view more details about an event by selecting the event record in the list of search results. A details page is displayed that contains the detailed properties from the event record. The properties that are displayed depend on the Office 365 service in which the event occurs. To display additional details, select More information.

Here are some possible details that are displayed.

Parameter Description
Id Unique identifier of an audit record.
RecordType The type of operation indicated by the record. See the AuditLogRecordType table for details on the types of audit log records.
CreationTime The date and time in Coordinated Universal Time (UTC) when the user performed the activity.
Operation The name of the user or admin activity.
OrganizationId The GUID for your organization's Office 365 service where the event occurred.
UserType The type of user that performed the operation. See the User Type table for details on the types of users.
UserKey The Passport Unique ID of the user who performed the activity.
ResultStatus Indicates whether the action (specified in the Operation property) was successful or not. Possible values are Succeeded, PartiallySucceded, or Failed.
ObjectId For SharePoint and OneDrive for Business activity, the full path name of the file or folder accessed by the user.
UserId The UPN (User Principal Name) of the user who performed the action (specified in the Operation property) that resulted in the record being logged; for example, my_name@my_domain_name. Note that records for activity performed by system accounts (such as SHAREPOINT\system or NT AUTHORITY\SYSTEM) are also included.
ClientIp The IP address of the device that was used when the activity was logged. The IP address is displayed in either an IPv4 or IPv6 address format.

 

Based on document, it will log some common data, but it not mentioned to log the personal privacy data(e.g password,current computer informations,...), so I think you don't need to worry about privacy issue.

 

Regards,

Xiaoxin Sheng

 

Frequent Visitor
Posts: 4
Registered: ‎04-18-2017

Re: Power BI Audit Logs agreement

Hi Xiaoxin,

 

Thank you very much for the detailed response regarding the type of data within the logs. We have decided internally to trial logging and then assess what data is being presented.

 

Our concern, and it is something we are battling with internally, is with regard to the new EU General Data Protection Regulation and what is considered to be personal information. A line of thought is that an email address (if it can be used to identify an individual) can be considered personal data. As such will the user id also be considered, especially if it contains name,  company domain, etc ?. Data protection regulation states that aggregated data should be considered, so one piece of data may not in itself be relevant but several correlated pieces together may form personally identifiable information.

 

Anyway, we will take a look and make a judgement. I think region only logging should be something that Microsoft consider, as EU companies may not feel comfortable with enabling an option that exposes data outside of the EU (particularly considering the large fines that companies will face should personal data be exposed)

 

Andrew

 

Super Contributor
Posts: 2,762
Registered: ‎08-14-2016

Re: Power BI Audit Logs agreement

Hi @AndrewR,

 

>> I think region only logging should be something that Microsoft consider, as EU companies may not feel comfortable with enabling an option that exposes data outside of the EU (particularly considering the large fines that companies will face should personal data be exposed)

No very sure for this, I think you can contact to power bi team and told them this scenario.

 

Regards,

Xiaoxin Sheng

Moderator
Posts: 50
Registered: ‎08-04-2015

Re: Power BI Audit Logs agreement

We do have region specific logging in our backlog, but unfortunately, we do not have a timeline yet. I can update here once we know more.

Frequent Visitor
Posts: 4
Registered: ‎04-18-2017

Re: Power BI Audit Logs agreement

Hi Ajay,

 

Thanks for that reply, that's good to know. I did wonder whether this was due to the feature being in preview. If you could update when you hear more, that would be great

 

Andrew