Secure Custom Visuals
Some custom visuals are quite valuable. However, the ability for custom visuals to "send data over the internet" introduces unacceptable risks to our enterprise. We have a rather large enterprise and cannot provide a means for our data to be sent to a third party.
Ideally we would like to be able to turn them on for use in the admin portal for the service and the desktop configuration for the desktop. The choices would be by vendor, visual and version, and also by data risk.
For example, enable all from Microsoft (but we need confirmation that these custom visuals do not introduce data risk nor malicious code risk).
Turn off any that transmit data outside of our environment.
Turn on or off the rest by a selection at the vendor, visual and version level.
Would also like the ability to get notified of new versions when they are released. Ideally with a selectable option in the admin portal by visual.
This is essential to eliminate risk of data breaches.
It would be very helpful if the Marketplace accessible from within Power BI indicated which visuals are certified.
I love this idea!
It solves a problem that we have, and many of our clients have as well. It's all very well having the list of certified visuals, but users aren't practically going to check against it every time they want to use a custom visual. And what happens to a visual that has been removed from the list? There's not a way to find out which reports use a visual no longer on the certified list.
Joe Champagne commented
The store should indicate if the visual is certified, and the "Add in capabilities" should not be generic, but should indicate what the visual is doing. In particular the bullet around "can send data across the internet". If the visual code does not do that it should not have that bullet.
Joe Champagne commented
Joe Champagne commented · Delete…
We now understand "Microsoft Certified" visuals do not allow transmitting of data, so we would like to include the ability to choose to allow only certified visuals and others by choice by name and version.
We would also like a way to identify which custom visuals are in use on the service as a means to audit for potentially concerning custom visuals. This would additionally add value in knowing what our users of our tenant are using overall for these custom visuals.