Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Register now to learn Fabric in free live sessions led by the best Microsoft experts. From Apr 16 to May 9, in English and Spanish.

Manage encrypted keys in Power BI Premium

Submitted by Anonymous on ‎01-14-2019 08:32 AM

Hi,

 

The security whitepaper http://go.microsoft.com/fwlink/?LinkId=829185 shows a key vault in the architecture for Power BI premium. Is this a custom managed key vault? If yes, does the key vault contain encrypted keys to encrypt the blob storage and the sql database? 

 

Regards,

Klaus

 

 

Status: New
See more ideas labeled with:
4 Comments (4 New)
Comments
v-qiuyu-msft
Community Support
Community Support
‎01-14-2019 10:01 PM

Hi @Anonymous,

 

You can see this section in white paper which you mentioned: 

 

Encryption Keys
• The encryption keys to Azure Blob keys are stored, encrypted, in Azure Key Vault.
• The encryption keys for Azure SQL Database TDE technology is managed by Azure SQL itself.
• The encryption key for Data Movement service and on-premises data gateway are stored:
   o In the on-premises data gateway on customer’s infrastructure – for on-premises data sources
   o In the Data Movement Role – for cloud-based data sources

 

Best Regards,
Qiuyun Yu 

Anonymous
Not applicable
‎01-15-2019 03:30 AM

Hi Qiuyun,

 

Thanks. What does it mean in detail for compliance issues?

 

Are the keys in Azure Key Vault owned and managed by the customer?

If the keys for Azure SQL Database TDE technology is managed by Azure SQL, could Microsoft get access to the business data of the customer in the SQL Database?

 

Regards,

Klaus

v-qiuyu-msft
Community Support
Community Support
‎01-16-2019 10:01 PM

Hi @Anonymous,

 

I have consulted this issue internally, will update here once I get any information. 

 

Best Regards,
Qiuyun Yu 

v-qiuyu-msft
Community Support
Community Support
‎01-20-2019 11:47 PM

Hi @Anonymous,

 

You can see this in the whitepaper: "Regardless of the encryption method used, Microsoft manages the key encryption on customer's behalf, in either a secret store or in Azure Key Vault.". 

 

Besides, data and data center access are well protected: Power BI abides by the Microsoft Online Services Terms and Data Processing Terms. 

 

Best Regards,
Qiuyun Yu 

Idea Statuses