Current rules for certified visuals prevent visuals from making requests outside of PowerBI.

The specific rule states:

1200.1.3 Code security
Your source code should comply with all security and privacy policies. Source code must be safe and not pass or transmit customer data externally.

This seems like a good rule, but Microsoft is now interpreting this to prevent certified visuals from making requests to any external location, even to display images. Certified visuals like the popular Image control by my company are now no longer approved.

This rule prevents visuals from displaying images from the Internet or even from a company's Azure Blob Storage account, severely limiting their functionality.

The alternative is to use a non-certified visual, which many organizations may not allow. Non-certified visuals can also not be exported in PDF or PPT.

Report authors should be free to use a certified visual to display images from whatever source they choose.
Needs Votes



Good idea, it will save a lot a time


Hello Chris, please, how can we use the non-certified visual to use images from whatever source due to the issues reported with certified version, as workaround at this moment?


It is very unfortunate that microsoft blocking image display from intranet.

We cannot keep all images in public web site for display in Power BI (lost privacy).
Microsoft should ensure the intranet image display functionality.


I have a number of clients who rely on being able to print out co-branded Power BI dashboards to market their services. There isn't another image viewer that supports printing to PDF or PowerPoint. My clients are going to be very, very unhappy with this turn of events. This is really upsetting and seems incredibly short-sighted on the part of Microsoft.


Thats a very silly interpretation and they should be very careful before changing the rules.

Power BI users are now 2..5m+ and Publish to Web is used by many crucial public dashboards including conveying information on Coronavirus COVID-19.


Please. The latest decision makes it impossible for us to show a report showing the logo of the related customer dynamically.


I don't understand this either. We use several of these types of visuals to make reports look amazing.

so does MSFT...

The report used for marketing on the desktop main info page (https://powerbi.microsoft.com/en-us/desktop/) is one made by Microsoft and it uses a custom visual by Microsoft that grabs online images. It also uses one form Cloudscope, too.

Will the MSFT one stay certified?

Generally if MSFT wants to help us keep our data safe then they should work on simple features for data protection and governance. One idea would be a section in the 'Get more visuals' dialog for visuals that do not send data. Otherwise they are keeping us from using even their own cloud products like Azure blobs for images.

This also kills the idea of having any image processing visuals - think 'Key influencers' for images. I don't have a full use case in my head but it seems really silly to cut that off.

FYI. You can download that report here:


Of course this should be possible. This is not a kindergarden, as every company can should take care of their own image policies and security issues.


Totally agree. I have this visual on a lot our Corporate reports. Very annoying to not be able to update or add more visuals


Agree, we should have access to external visuals.