How can we improve Power BI?

Secure Custom Visuals

Some custom visuals are quite valuable. However, the ability for custom visuals to "send data over the internet" introduces unacceptable risks to our enterprise. We have a rather large enterprise and cannot provide a means for our data to be sent to a third party.

Ideally we would like to be able to turn them on for use in the admin portal for the service and the desktop configuration for the desktop. The choices would be by vendor, visual and version, and also by data risk.

For example, enable all from Microsoft (but we need confirmation that these custom visuals do not introduce data risk nor malicious code risk).

Turn off any that transmit data outside of our environment.

Turn on or off the rest by a selection at the vendor, visual and version level.

Would also like the ability to get notified of new versions when they are released. Ideally with a selectable option in the admin portal by visual.

This is essential to eliminate risk of data breaches.

36 votes
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Joe Champagne shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    3 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      Submitting...
      • Ust commented  ·   ·  Flag as inappropriate

        I love this idea!

        It solves a problem that we have, and many of our clients have as well. It's all very well having the list of certified visuals, but users aren't practically going to check against it every time they want to use a custom visual. And what happens to a visual that has been removed from the list? There's not a way to find out which reports use a visual no longer on the certified list.

      • Joe Champagne commented  ·   ·  Flag as inappropriate

        The store should indicate if the visual is certified, and the "Add in capabilities" should not be generic, but should indicate what the visual is doing. In particular the bullet around "can send data across the internet". If the visual code does not do that it should not have that bullet.

      • Joe Champagne commented  ·   ·  Flag as inappropriate

        Joe Champagne commented · Delete…

        We now understand "Microsoft Certified" visuals do not allow transmitting of data, so we would like to include the ability to choose to allow only certified visuals and others by choice by name and version.

        We would also like a way to identify which custom visuals are in use on the service as a means to audit for potentially concerning custom visuals. This would additionally add value in knowing what our users of our tenant are using overall for these custom visuals.

      Feedback and Knowledge Base

      Ready to get started?

      Try new features of Power BI today by signing up and learn more about our powerful suite of apps.