cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
gopowerbi Frequent Visitor
Frequent Visitor

Powe BI Security Whitepaper

Hallo everyone,

 

I have a question regarding the document that Power BI published regarding its security.

In the document is mentioned that Power BI does store the data on "Azure BLOB" and the metadata on "Azure SQL Server".

 

In the "Data Storage and Movement" chapter it is written that the data is either stored "at rest" or "in process".

 

  1.  "in process" is referring to LiveQueries such as Azure SQL Server LiveQonnection.

  2. "at rest" is referred to "imported" data such as Excel files or Data Sources like SAP BW, OData etc.
     

BUT:

  - when we connect to CRM Dynamics Online, does Power BI extract the data, transform it and load it into Azre BLOB, or does it only make a reference to the data source on CRM Dynamics Onine?

 

  - is the below quoted text from the "Power BI Security Whitepaper" file true?

 

"Non-Direct Query queries do not include credentials for the underlying data, and the underlying data is loaded into the Power BI service unless it is on-premises data accessed through a Power BI Gateway, in which case the query only stores references to on-premises data."  ->  That would mean that if a company accesses to its SAP data via "Power BI Gateway on-premise", the MASTER DATA of SAP would NOT be stored in Azure BLOB?

 

Thank you in advance

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Super User
Super User

Re: Powe BI Security Whitepaper

@gopowerbi - Yes, that is my understanding as well (your summary at the end). I think that's why @Seth_C_Bauer and I were so certain that the second highlighted statement had to be incorrect. If it was indeed as stated, then @Seth_C_Bauer and I have spent the last couple years fundamentally not understanding how Power BI works!


I have book! Learn Power BI from Packt


Did I answer your question? Mark my post as a solution!

Proud to be a Datanaut!

View solution in original post

9 REPLIES 9
Super User
Super User

Re: Powe BI Security Whitepaper

For Desktop, I do not see any other way for CRM Online other than that it imports it into its data model. Otherwise, if it just stores a reference, what would be the purpose of a refresh?

 

The other part of the whitepaper you quote is very confusing and doesn't seem correct at all. Again, what would be the purpose of a refresh?


I have book! Learn Power BI from Packt


Did I answer your question? Mark my post as a solution!

Proud to be a Datanaut!

gopowerbi Frequent Visitor
Frequent Visitor

Re: Powe BI Security Whitepaper

The puprose of a refresh is to have your data as updated as you want (schedule daily/weekly/... refresh). Why would you need a refresh if you get the data instantly when you run the query/open a dashboard or refresh? Besides that, there is the possibility to create a LiveConnection between Azure SQL Server ( = cloud) and Power BI. I understood it in this way: by getting your data through a live connection, the data is stored into the cloud but temporary.

 

Regarding to "Power BI Security Whitepapre"  in the first sentence of this link you can download the word document. In the chapter "Data Storage and Movement" is written the text I quoted above, which is about the location of the data you work with.

 

My post is not about whether the data is refreshed or not but about the security of it. I do not have many doubts about power bi cloud security, but there may be some people in a company who are sceptical about all the cloud history and do not want to "publish" sensitive data onto the cloud.

 

 

Super User
Super User

Re: Powe BI Security Whitepaper

@gopowerbi@Greg_Deckler The highlighted portion that is causing confusion is wrong. I reached out to a contact at Microsoft and they will get the change implemented in the white paper soon. Taking that out, the rest of the white paper does a good job explaining all the "States" of data at rest or in transition.


Near SE WI? Join our PUG Milwaukee Brew City PUG
Super User
Super User

Re: Powe BI Security Whitepaper

Thanks @Seth_C_Bauer, glad I'm not crazy!


I have book! Learn Power BI from Packt


Did I answer your question? Mark my post as a solution!

Proud to be a Datanaut!

Super User
Super User

Re: Powe BI Security Whitepaper

@Greg_Deckler I felt the same. "reached out to a Microsoft contact" = Either I missed something unforgivable, or this is an error... I hope this is an error. 🙂


Near SE WI? Join our PUG Milwaukee Brew City PUG
gopowerbi Frequent Visitor
Frequent Visitor

Re: Powe BI Security Whitepaper

screenshot.PNG

I also had doubt about this but I wanted to ask to get sure this is not true Robot Indifferent .

To sum up:

Power BI is based on Azure -> a company's data will do the ETL (Extract, Transform, Load) procedure (exeption it is a livequery), which means the dataset, reports and dashboards will be saved on Azure BLOB, while the metadata will be saved in an Azure SQL Server. -> everything is on the cloud but it is encrypted (or atleast it should be since Q3 2016). right?

Highlighted
Super User
Super User

Re: Powe BI Security Whitepaper

@gopowerbi - Yes, that is my understanding as well (your summary at the end). I think that's why @Seth_C_Bauer and I were so certain that the second highlighted statement had to be incorrect. If it was indeed as stated, then @Seth_C_Bauer and I have spent the last couple years fundamentally not understanding how Power BI works!


I have book! Learn Power BI from Packt


Did I answer your question? Mark my post as a solution!

Proud to be a Datanaut!

View solution in original post

gopowerbi Frequent Visitor
Frequent Visitor

Re: Powe BI Security Whitepaper

Thank you for your effort you are putting in this community. It is not the first time I have opened a thread and you replied solving my problems. Thank you @Greg_Deckler and @Seth_C_Bauer

Moderator v-qiuyu-msft
Moderator

Re: Powe BI Security Whitepaper

Hi @gopowerbi,

 

From the Word document, it said

 

"Metadata about a user’s Power BI subscription, such as dashboards, reports, recent data sources, workspaces, organizational information, tenant information, and other metadata about the system is stored and updated in Azure SQL Database. All information stored in Azure SQL Database is fully encrypted using Azure SQL’s Transparent Data Encryption (TDE) technology. All data that is stored in Azure Blob storage is also encrypted. More information about the process of loading, storing, and moving data is described in the Data Storage and Movement section."

So in my opinion, stored metadata are encrypted in cloud.

 

Best Regards,
Qiuyun Yu

Community Support Team _ Qiuyun Yu
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

Helpful resources

Announcements
Ask Amir Anything

Exclusive LIVE Community Event No. 2 – Ask Amir Anything

Next in our Triple A series: Ask Amir Netz questions about the latest updates, features and future.

October 2019 Community Highlights

October 2019 Community Highlights

October was a busy month in the community. Read the recap article to learn about some of the events and content.

New Solution Badges

New Solution Badges

Two waves of brand new solution badges are coming! Read the article for more information on our new community badges.

Analytics in Azure virtual event

Analytics in Azure virtual event

Experience a limitless analytics service built to ingest, prep, manage, and serve data for immediate use in Power BI.

Users Online
Currently online: 61 members 1,037 guests
Please welcome our newest community members: