Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Register now to learn Fabric in free live sessions led by the best Microsoft experts. From Apr 16 to May 9, in English and Spanish.

Reply
ovetteabejuela
Impactful Individual
Impactful Individual

Security Risks involving Visuals from app.powerbi.com/visuals

‎01-19-2017 12:14 AM

I have done some research in the forum and found a relevant topic however this topic was not so specific onset altough one of the response were. I would like to repost/rephrase and so my question goes:

 

I am not going to download custom visuals from anywhere else but only from app.powerbi.com/visuals. My understanding is that these visuals has undergone some sort of inspection before it's posted. I don't do custom visual (I'm not capable) so I don't know what's the process of submitting one and would like to ask:

  1. Does it get posted right away (most probably not)
  2. It is submitted first to PowerBI team and will undergo review (security risk check)
  3. How about revisions, does it undergo a similar process (if that process exists)

I was actually hoping that there is a Microsoft/PowerBI verification confirmation/indicator somewhere.

Labels:
Message 1 of 4
3,467 Views
0
1 ACCEPTED SOLUTION
MattAllington
MVP

‎01-19-2017 12:27 AM

My understanding from presentations I have sat through is

 

1. No

2. Yes

3. Yes


* Matt is an 8 times Microsoft MVP (Power BI) and author of the Power BI Book Supercharge Power BI.

View solution in original post

Message 2 of 4
3,958 Views
3 REPLIES 3
MattAllington
MVP

‎01-19-2017 12:27 AM

My understanding from presentations I have sat through is

 

1. No

2. Yes

3. Yes


* Matt is an 8 times Microsoft MVP (Power BI) and author of the Power BI Book Supercharge Power BI.
Message 2 of 4
3,959 Views
PatrickNealis
Frequent Visitor
In response to MattAllington

‎08-04-2017 09:35 AM

I want to use these custom visuals as well, however seeing the error "Caution: A custom visual could contain code with security or privacy risks" makes this an absolute no-go. I can't afford the potential risk that data could be leaked and I don't have an IT department to scan these visuals for security concerns.

 

Has Microsoft every posted an official response acknowledging that custom visuals on app.powerbi.com/visuals are certified as secure? I dont plan to download any custom visuals from any alternate sources, just that portal.

Message 3 of 4
3,339 Views
0
KenSkinner
Frequent Visitor
In response to PatrickNealis

‎10-23-2018 07:34 AM

Just checking to see if your question had been answered.  I've found the perfect custom visual in the Power BI Visuals MarketPlace that will save me a tremendous amount of time, but just as I'm about to load it into my Power BI I see the following generic warning:

 

When this add-in is used, it

 

  • Can read and make changes to your document
  • Can send data over the internet

 

From what I've seen, this is a common warning for add-ins in the MarketPlace, but some have the "This visual is certified by Power BI".  Just looking for answers to the following:

 

  1. When it states "can read and make changes", I'm guessing they're referring to the actual functionality of the custom visual.  I wanted to add a custom visual that can create dynamic text entries based on filter choices.  Of course it would need to read my data and then change the document.  But is that all it's referring to?
  2. The "Can send data over the internet" is a much bigger concern as I wouldn't want confidential data being piped out to the web in the background.  Is this also referring to just the functionality of the visual or could it theoretically send all my data to a third party without my knowledge?
  3. In Microsoft's "Custom visuals in Power BI" page they state that all custom visuals published in the AppSource (MarketPlace) have been tested and approved by Microsoft for functionality and quality.  For the non-certified visuals, do these test include security threats or privacy violations?
  4. Microsoft's certification requirements include "Does not access external services or resources".  I take it that means it won't funnel my data to a third party without my knowledge?

 

In Microsoft's "Power BI Support" page they discuss reviewing custom visuals for security and privacy:

 

https://pbiwebprod-docs.azurewebsites.net/hr-hr/documentation/powerbi-custom-visuals-review-for-secu...

 

The article shows the warning message Patrick mentioned above and has "considerations before you enable a custom visual".  Are they only referring to custom visuals not downloaded from the MarketPlace?

 

Answers to any of the above would be appreciated.  Thanks.

 

 

Message 4 of 4
2,957 Views
0

Helpful resources

Announcements
Microsoft Fabric Learn Together

Microsoft Fabric Learn Together

Covering the world! 9:00-10:30 AM Sydney, 4:00-5:30 PM CET (Paris/Berlin), 7:00-8:30 PM Mexico City

PBI_APRIL_CAROUSEL1

Power BI Monthly Update - April 2024

Check out the April 2024 Power BI update to learn about new features.

April Fabric Community Update

Fabric Community Update - April 2024

Find out what's new and trending in the Fabric Community.

View All
Top Solution Authors
View All