Solved: Re: Powe BI Security Whitepaper

gopowerbi · ‎09-29-2016

Hallo everyone,

I have a question regarding the document that Power BI published regarding its security.

In the document is mentioned that Power BI does store the data on "Azure BLOB" and the metadata on "Azure SQL Server".

In the "Data Storage and Movement" chapter it is written that the data is either stored "at rest" or "in process".

1. "in process" is referring to LiveQueries such as Azure SQL Server LiveQonnection.

2. "at rest" is referred to "imported" data such as Excel files or Data Sources like SAP BW, OData etc.

BUT:

- when we connect to CRM Dynamics Online, does Power BI extract the data, transform it and load it into Azre BLOB, or does it only make a reference to the data source on CRM Dynamics Onine?

- is the below quoted text from the "Power BI Security Whitepaper" file true?

"Non-Direct Query queries do not include credentials for the underlying data, and the underlying data is loaded into the Power BI service unless it is on-premises data accessed through a Power BI Gateway, in which case the query only stores references to on-premises data." -> That would mean that if a company accesses to its SAP data via "Power BI Gateway on-premise", the MASTER DATA of SAP would NOT be stored in Azure BLOB?

Thank you in advance

Greg_Deckler · ‎09-30-2016

@gopowerbi - Yes, that is my understanding as well (your summary at the end). I think that's why @Seth_C_Bauer and I were so certain that the second highlighted statement had to be incorrect. If it was indeed as stated, then @Seth_C_Bauer and I have spent the last couple years fundamentally not understanding how Power BI works!

@ me in replies or I'll lose your thread!!!
Instead of a Kudo, please vote for this idea
Become an expert!: Enterprise DNA
External Tools: MSHGQM
YouTube Channel!: Microsoft Hates Greg
Latest book!: The Definitive Guide to Power Query (M)

DAX is easy, CALCULATE makes DAX hard...

View solution in original post

Greg_Deckler · ‎09-29-2016

For Desktop, I do not see any other way for CRM Online other than that it imports it into its data model. Otherwise, if it just stores a reference, what would be the purpose of a refresh?

The other part of the whitepaper you quote is very confusing and doesn't seem correct at all. Again, what would be the purpose of a refresh?

@ me in replies or I'll lose your thread!!!
Instead of a Kudo, please vote for this idea
Become an expert!: Enterprise DNA
External Tools: MSHGQM
YouTube Channel!: Microsoft Hates Greg
Latest book!: The Definitive Guide to Power Query (M)

DAX is easy, CALCULATE makes DAX hard...

gopowerbi · ‎09-29-2016

The puprose of a refresh is to have your data as updated as you want (schedule daily/weekly/... refresh). Why would you need a refresh if you get the data instantly when you run the query/open a dashboard or refresh? Besides that, there is the possibility to create a LiveConnection between Azure SQL Server ( = cloud) and Power BI. I understood it in this way: by getting your data through a live connection, the data is stored into the cloud but temporary.

Regarding to "Power BI Security Whitepapre" in the first sentence of this link you can download the word document. In the chapter "Data Storage and Movement" is written the text I quoted above, which is about the location of the data you work with.

My post is not about whether the data is refreshed or not but about the security of it. I do not have many doubts about power bi cloud security, but there may be some people in a company who are sceptical about all the cloud history and do not want to "publish" sensitive data onto the cloud.

Seth_C_Bauer · ‎09-29-2016

@gopowerbi @Greg_Deckler The highlighted portion that is causing confusion is wrong. I reached out to a contact at Microsoft and they will get the change implemented in the white paper soon. Taking that out, the rest of the white paper does a good job explaining all the "States" of data at rest or in transition.

Looking for more Power BI tips, tricks & tools? Check out PowerBI.tips the site I co-own with Mike Carlo. Also, if you are near SE WI? Join our PUG Milwaukee Brew City PUG

Greg_Deckler · ‎09-29-2016

Thanks @Seth_C_Bauer, glad I'm not crazy!

@ me in replies or I'll lose your thread!!!
Instead of a Kudo, please vote for this idea
Become an expert!: Enterprise DNA
External Tools: MSHGQM
YouTube Channel!: Microsoft Hates Greg
Latest book!: The Definitive Guide to Power Query (M)

DAX is easy, CALCULATE makes DAX hard...

Seth_C_Bauer · ‎09-29-2016

@Greg_Deckler I felt the same. "reached out to a Microsoft contact" = Either I missed something unforgivable, or this is an error... I hope this is an error. 🙂

Looking for more Power BI tips, tricks & tools? Check out PowerBI.tips the site I co-own with Mike Carlo. Also, if you are near SE WI? Join our PUG Milwaukee Brew City PUG

gopowerbi · ‎09-30-2016

I also had doubt about this but I wanted to ask to get sure this is not true .

To sum up:

Power BI is based on Azure -> a company's data will do the ETL (Extract, Transform, Load) procedure (exeption it is a livequery), which means the dataset, reports and dashboards will be saved on Azure BLOB, while the metadata will be saved in an Azure SQL Server. -> everything is on the cloud but it is encrypted (or atleast it should be since Q3 2016). right?

v-qiuyu-msft · ‎09-30-2016

Hi @gopowerbi,

From the Word document, it said

"Metadata about a user’s Power BI subscription, such as dashboards, reports, recent data sources, workspaces, organizational information, tenant information, and other metadata about the system is stored and updated in Azure SQL Database. All information stored in Azure SQL Database is fully encrypted using Azure SQL’s Transparent Data Encryption (TDE) technology. All data that is stored in Azure Blob storage is also encrypted. More information about the process of loading, storing, and moving data is described in the Data Storage and Movement section."

So in my opinion, stored metadata are encrypted in cloud.

Best Regards,
Qiuyun Yu

Community Support Team _ Qiuyun Yu
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

Greg_Deckler · ‎09-30-2016

@gopowerbi - Yes, that is my understanding as well (your summary at the end). I think that's why @Seth_C_Bauer and I were so certain that the second highlighted statement had to be incorrect. If it was indeed as stated, then @Seth_C_Bauer and I have spent the last couple years fundamentally not understanding how Power BI works!

@ me in replies or I'll lose your thread!!!
Instead of a Kudo, please vote for this idea
Become an expert!: Enterprise DNA
External Tools: MSHGQM
YouTube Channel!: Microsoft Hates Greg
Latest book!: The Definitive Guide to Power Query (M)

DAX is easy, CALCULATE makes DAX hard...

gopowerbi · ‎09-30-2016

Thank you for your effort you are putting in this community. It is not the first time I have opened a thread and you replied solving my problems. Thank you @Greg_Deckler and @Seth_C_Bauer

Powe BI Security Whitepaper

Helpful resources

Microsoft Fabric Learn Together

Power BI Monthly Update - April 2024

Fabric Community Update - April 2024

How to Get Your Question Answered Quickly