Skip to main content
cancel
Showing results for 
Search instead for 
Did you mean: 

Earn the coveted Fabric Analytics Engineer certification. 100% off your exam for a limited time only!

Reply
BigBadBob
Helper I
Helper I

Power BI "Embed" vs "Publish to Web"

Scenario:

Client wishes to include data sensitive Power BI reports within intranet for internal use only. To avoid having to setup Pro accounts for every user they have not used “embed” but have used “Publish to web”. They have then used code to change the link so it can not be accessed by anyone outside the org.

 

Questions:

  1. I believe that although they have amended the URL with code manually, Power BI still created the original Publish to web and anyone outside of the organisation could access this if they searched the internet.
  2. Is there a way to use embed but not require a pro licence for each user?

Thanks

1 ACCEPTED SOLUTION

Yes, the original publish to web link is still wide open.

They get generated with unique id's and are difficult to guess, but they are still insecure.

Anyone within the Intranet could still take the link and share it outside of the organisation.

 

This document explains using the 'secure embed' publish method (requires user licence) - but note the section at the end:
https://powerbi.microsoft.com/en-us/blog/easily-embed-secure-power-bi-reports-in-your-internal-porta...

"If you want to make you report public and embed it in a public website then Publish to web is the right option. Publish to web should never be used with confidential or proprietary data."

View solution in original post

5 REPLIES 5
BigBadBob
Helper I
Helper I

Hi Please can community help with this

 

Thanks

Hi @BigBadBob 

Publish to web should never be used for anything sensitive or content that should be private.
You cannot guarantee that it wont be accessed by someone outside of the organisation - and you would never know if it was.

 

I am intrigued to know how they think they have managed to secure content by modifying the links?

In terms of allowing access to content without purchasing multiple licences.... Premium Capacity in Azure OR buying into Enterprise licences is the only real option. One alternative is to have a small number of users with licences - and then share content via the subscriptions feature for reports and dashboards. This would create static content (images) that can be sent to users without licences - but if you want fully interactive reports, then you have to pay for them one way or another.

 

Hope this helps.

Cheers, Matt

Thanks for the response Matt

 

In answer to your question they create a public link (Publish to web) and insert it into the intranet. They protect the link using PHP code to request credentials. Whilst from my understanding this would stop / hinder users being able share the link outside it  has already been published to web and hence is availble in public domain. Do you agree?

Yes, the original publish to web link is still wide open.

They get generated with unique id's and are difficult to guess, but they are still insecure.

Anyone within the Intranet could still take the link and share it outside of the organisation.

 

This document explains using the 'secure embed' publish method (requires user licence) - but note the section at the end:
https://powerbi.microsoft.com/en-us/blog/easily-embed-secure-power-bi-reports-in-your-internal-porta...

"If you want to make you report public and embed it in a public website then Publish to web is the right option. Publish to web should never be used with confidential or proprietary data."

Thanks Mat

 

That was my thinking too but good to have confirmed

Helpful resources

Announcements
April AMA free

Microsoft Fabric AMA Livestream

Join us Tuesday, April 09, 9:00 – 10:00 AM PST for a live, expert-led Q&A session on all things Microsoft Fabric!

March Fabric Community Update

Fabric Community Update - March 2024

Find out what's new and trending in the Fabric Community.

Top Solution Authors