Solved: Security risks related to publish to web (public m...

Cado_one · ‎12-03-2020

Hi all,

I post this topic because I consider using Power BI embedded reports in an intranet website with the Pulbish to web (public) because not everyone in my company has a pro license.

The website access requires a login and password for the users and the reports would be accessible only if the user is connected to the VPN of the company.

Of course I saw many warning messages saying that reports published that way will be accessible by anyone on the internet.

My question : is it possible for an external person to access the reports without having the link only reachable in the source code of the website ? And if the answer is yes, could you tell me how ?

Thanks in advance.

Regards,

Cado

collinq · ‎12-03-2020

Hi @Cado_one ,

They key is the word "intranet". When you embed to the WWW like this (Power BI Embedded Example : :: Welcome To EPM Strategy ::) then anybody in the world that can get to the internet can see it. When you embed to the INTRAnet, then anybody that can get to that page can see it. So, you are protected from the entire world, but, there may be people that can get to that page that you don't expect. A real life example I encounted was a company that embedded to a specific subsection of their intranet - the Accounting "home page" area. Anybody in Accounting department could see anything in that part of their internal website so anything embedded there was visible to accounting. But, no other departments could see it since you have to have permissions to get to that section of intranet.

I would appreciate Kudos if my response was helpful. I would also appreciate it if you would Mark this As a Solution if it solved the problem. Thanks!

Did I answer your question? Mark my post as a solution!

Proud to be a Datanaut!
Private message me for consulting or training needs.

View solution in original post

collinq · ‎12-03-2020

Hi @Cado_one ,

They key is the word "intranet". When you embed to the WWW like this (Power BI Embedded Example : :: Welcome To EPM Strategy ::) then anybody in the world that can get to the internet can see it. When you embed to the INTRAnet, then anybody that can get to that page can see it. So, you are protected from the entire world, but, there may be people that can get to that page that you don't expect. A real life example I encounted was a company that embedded to a specific subsection of their intranet - the Accounting "home page" area. Anybody in Accounting department could see anything in that part of their internal website so anything embedded there was visible to accounting. But, no other departments could see it since you have to have permissions to get to that section of intranet.

I would appreciate Kudos if my response was helpful. I would also appreciate it if you would Mark this As a Solution if it solved the problem. Thanks!

Did I answer your question? Mark my post as a solution!

Proud to be a Datanaut!
Private message me for consulting or training needs.