cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
gopowerbi
Frequent Visitor

Powe BI Security Whitepaper

Hallo everyone,

 

I have a question regarding the document that Power BI published regarding its security.

In the document is mentioned that Power BI does store the data on "Azure BLOB" and the metadata on "Azure SQL Server".

 

In the "Data Storage and Movement" chapter it is written that the data is either stored "at rest" or "in process".

 

  1.  "in process" is referring to LiveQueries such as Azure SQL Server LiveQonnection.

  2. "at rest" is referred to "imported" data such as Excel files or Data Sources like SAP BW, OData etc.
     

BUT:

  - when we connect to CRM Dynamics Online, does Power BI extract the data, transform it and load it into Azre BLOB, or does it only make a reference to the data source on CRM Dynamics Onine?

 

  - is the below quoted text from the "Power BI Security Whitepaper" file true?

 

"Non-Direct Query queries do not include credentials for the underlying data, and the underlying data is loaded into the Power BI service unless it is on-premises data accessed through a Power BI Gateway, in which case the query only stores references to on-premises data."  ->  That would mean that if a company accesses to its SAP data via "Power BI Gateway on-premise", the MASTER DATA of SAP would NOT be stored in Azure BLOB?

 

Thank you in advance

1 ACCEPTED SOLUTION

@gopowerbi - Yes, that is my understanding as well (your summary at the end). I think that's why @Seth_C_Bauer and I were so certain that the second highlighted statement had to be incorrect. If it was indeed as stated, then @Seth_C_Bauer and I have spent the last couple years fundamentally not understanding how Power BI works!


@ me in replies or I'll lose your thread!!!
Become an expert!: Enterprise DNA
External Tools: MSHGQM
YouTube Channel!: Microsoft Hates Greg
Latest book!:
Learn Power BI 2nd Edition

View solution in original post

9 REPLIES 9
Greg_Deckler
Super User
Super User

For Desktop, I do not see any other way for CRM Online other than that it imports it into its data model. Otherwise, if it just stores a reference, what would be the purpose of a refresh?

 

The other part of the whitepaper you quote is very confusing and doesn't seem correct at all. Again, what would be the purpose of a refresh?


@ me in replies or I'll lose your thread!!!
Become an expert!: Enterprise DNA
External Tools: MSHGQM
YouTube Channel!: Microsoft Hates Greg
Latest book!:
Learn Power BI 2nd Edition

The puprose of a refresh is to have your data as updated as you want (schedule daily/weekly/... refresh). Why would you need a refresh if you get the data instantly when you run the query/open a dashboard or refresh? Besides that, there is the possibility to create a LiveConnection between Azure SQL Server ( = cloud) and Power BI. I understood it in this way: by getting your data through a live connection, the data is stored into the cloud but temporary.

 

Regarding to "Power BI Security Whitepapre"  in the first sentence of this link you can download the word document. In the chapter "Data Storage and Movement" is written the text I quoted above, which is about the location of the data you work with.

 

My post is not about whether the data is refreshed or not but about the security of it. I do not have many doubts about power bi cloud security, but there may be some people in a company who are sceptical about all the cloud history and do not want to "publish" sensitive data onto the cloud.

 

 

@gopowerbi@Greg_Deckler The highlighted portion that is causing confusion is wrong. I reached out to a contact at Microsoft and they will get the change implemented in the white paper soon. Taking that out, the rest of the white paper does a good job explaining all the "States" of data at rest or in transition.


Looking for more Power BI tips, tricks & tools? Check out PowerBI.tips the site I co-own with Mike Carlo. Also, if you are near SE WI? Join our PUG Milwaukee Brew City PUG

Thanks @Seth_C_Bauer, glad I'm not crazy!


@ me in replies or I'll lose your thread!!!
Become an expert!: Enterprise DNA
External Tools: MSHGQM
YouTube Channel!: Microsoft Hates Greg
Latest book!:
Learn Power BI 2nd Edition

@Greg_Deckler I felt the same. "reached out to a Microsoft contact" = Either I missed something unforgivable, or this is an error... I hope this is an error. 🙂


Looking for more Power BI tips, tricks & tools? Check out PowerBI.tips the site I co-own with Mike Carlo. Also, if you are near SE WI? Join our PUG Milwaukee Brew City PUG

screenshot.PNG

I also had doubt about this but I wanted to ask to get sure this is not true Robot Indifferent .

To sum up:

Power BI is based on Azure -> a company's data will do the ETL (Extract, Transform, Load) procedure (exeption it is a livequery), which means the dataset, reports and dashboards will be saved on Azure BLOB, while the metadata will be saved in an Azure SQL Server. -> everything is on the cloud but it is encrypted (or atleast it should be since Q3 2016). right?

Hi @gopowerbi,

 

From the Word document, it said

 

"Metadata about a user’s Power BI subscription, such as dashboards, reports, recent data sources, workspaces, organizational information, tenant information, and other metadata about the system is stored and updated in Azure SQL Database. All information stored in Azure SQL Database is fully encrypted using Azure SQL’s Transparent Data Encryption (TDE) technology. All data that is stored in Azure Blob storage is also encrypted. More information about the process of loading, storing, and moving data is described in the Data Storage and Movement section."

So in my opinion, stored metadata are encrypted in cloud.

 

Best Regards,
Qiuyun Yu

Community Support Team _ Qiuyun Yu
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

@gopowerbi - Yes, that is my understanding as well (your summary at the end). I think that's why @Seth_C_Bauer and I were so certain that the second highlighted statement had to be incorrect. If it was indeed as stated, then @Seth_C_Bauer and I have spent the last couple years fundamentally not understanding how Power BI works!


@ me in replies or I'll lose your thread!!!
Become an expert!: Enterprise DNA
External Tools: MSHGQM
YouTube Channel!: Microsoft Hates Greg
Latest book!:
Learn Power BI 2nd Edition

Thank you for your effort you are putting in this community. It is not the first time I have opened a thread and you replied solving my problems. Thank you @Greg_Deckler and @Seth_C_Bauer

Helpful resources

Announcements
May 23 2022 epsiode 5 without aka link.jpg

The Power BI Community Show

Welcome to the Power BI Community Show! Jeroen ter Heerdt talks about the importance of Data Modeling.

charticulator_carousel_with_text (1).png

Charticulator Design Challenge

Put your data visualization and design skills to the test! This exciting challenge is happening now through June10th!

Power BI Dev Camp Session 22 without aka link and time 768x460.jpg

Check it Out!

Watch Session 22 Ted's Dev Camp along with past sessions!

Power BI Release May 2022 768x460.png

Check it out!

Click here to read more about the May 2022 updates!

Top Kudoed Authors