Approval Process for Gateways / Prevent Personal Gateways
Build an approval process for Gateways before they become Active on a tenant. The approval process would be manged by the Power BI Admin. This approval process could be a feature the Power BI Admin can enable / disable, defaulting to disabled to retrain backward compatibility.
Current reality allows anyone with a Pro License to push any internal data they have access too to the service. With the right permission they can then push this data public without restrictions.
This feature is a must have in an Enterprise concerned about how data is used / managed. Just because some has access to a data source doesn't mean Data Admin wan't this source to become publicly available via Power BI Service.
At present, O365 tenant admins can control who can install on-premise data gateways in Enterprise/Resource mode, so the approval process is required for gateways installed in Personal mode.
Additionally, if a tenant-level setting/control can be added (like an ON/OFF switch) that disables any on-premise gateway from being installed in Personal mode, that would be highly desired.
This idea seems to be a little over 2 years old now, and we still don't have a solution for blocking personal gateways. The new 'Manage Installers' feature in Power Platform is nice, but it only applies to enterprise gateways. Has anybody found a workaround for blocking personal gateways?
Chris McAlpine commented
A tenant setting should be enabled to get overview of enterprise and personal gateways, and then disable the use of personal gateways in the tenant to avoid Data Breaches or Governance issues by cowboy analysts.
chris horvath commented
A simple admin portal operation that would default with open to all, however if set would grey out the "Manage Gateway" option for anyone not added?
This admin control would be helpful, as we are supporting the organization through enterprise gateways, but once we have seen people creating personal gateways causing security and data integrity issues.
Jordan Mills commented
Lack of this kind of feature is probably going to result in a lot of my clients just blocking the power bi service.
+1. This is a serious security flaw that needs at a minimum, the ability to be turned on and off at the tenant level.
Harrison Irias commented
This is a major data security issue. I can't believe Microsoft would release a functionality like this without giving Admin's a way to control it. This can lead to potential data leaks all over a company and has me reevaluating our Power BI Subscriptions.
This really needs to be resolved.
If admins cannot control this, we are risking security and data integrity issues.
This is a big security hole for us. We have an enterprise gateway, which allows us to see what data sources are being accessed and control access (which is great), but this all goes out the window because anybody in the company can install a personal gateway. We don't know what data is flying around the place.
Appreciate the flexibility is great for some organizations, but not ours. We please need a way to disable personal gateways at the organizational level.
I am in the same boat as others...while office 365 auditing has kept the wolves at bay, we still need the ability to prevent personal gateways, approve who can do a gateway (or whitelist users), and be able to see settings of all gateways for reporting/auditing purposes.
I know gateways are not 100% a BI resource and is available for use with other PowerApps, should it be spun off to its own team so that concerns like the ones mentioned below can be corrected? I have been waiting almost a year like Ray and no mention of these security issues being addressed.
This is a MUST for our org to use Power BI at an enterprise level. Power BI Admin console does not provide enough audit and controls for admins.
I like Casey's idea of a simple tenant setting that will enable/disable personal gateways. The individual approval process requested by Ray sounds great but I would imagine Casey's idea is faster for the Power BI team to implement.
There are a large number of governance and data security issues which need to be addressed.
This was one we had not considered but is quite valid and concerning.
Casey Cook commented
There should be a tenant setting that will enable/disable using personal gateways. This will help resolve issues with supporting/troubleshooting datasets on large BI teams. It will also help appease the security compliance guys.