www.ilink-digital.com Open in urlscan Pro
104.155.130.219  Public Scan

Form analysis
0 forms found in the DOM

Text Content

 * Services
 * Industries
 * Case Studies
 * Team

 * Services
 * Industries
 * Case Studies
 * Team


 * Services
   * Digital Experience
     * Power Platform
     * ServiceNow
   * Data Engineering & Business Analytics
     * Microsoft Fabric
   * Data Science & AI
     * Generative & Open AI
   * Security, Infrastructure and Managed Services
     * Microsoft Licensing
     * Azure Migration
     * Microsoft 365/Office 365 Solutions
     * IT Security
       * Ransomware
       * Azure Sentinel
     * Data Archival
     * Audit
   * Internet of Things
     * Industrial IoT
     * Hardware Design & Development
   * Conversational AI
   * Communication Media & Entertainment
     * INDUSTRY 4.0 | HEALTH CARE | SECURE COMMUNICATIONS
   * Channel Partner Services
   * Salesforce Enablement
   * Robotic Process Automation
 * Partnerships
   * Microsoft
   * Amazon Web Services
   * Salesforce
   * PTC
   * Confluent
   * Databricks
 * Solutions
   * Indoor Asset Tracking
   * Industrial IoT
   * Kiwi Smart Information Assistant
   * MIDAS  
   * Power BI Governance Framework
   * Power BI
   * Smart Works Analytics
   * Microsoft Teams Implementation
 * Industries
   * Financial Services
   * Health & Life Sciences
   * Telecommunications
   * Insurance
   * Manufacturing
   * Retail & CPG
   * ISV
   * Hospitality
   * Education
 * Insights
   * Blogs
   * Case Studies
   * Digital Resources
   * iLink Events
   * Press Release
   * Videos
 * About Us
   * Social Responsibility
   * Our Awards
 * Careers
 * Contact


SECURITY BEST PRACTICES FOR MICROSOFT POWER BI

15th March 2019 by admin in Blog, Data & AI

Power BI by Microsoft lets users create self-service datasets, reports,
dashboards, and visualizations with ease and speed. Using the Power BI service,
you can connect to different data sources, combine data from those sources, and
create shareable reports and dashboards.

Microsoft Power BI Software as Service runs on the Azure cloud computing
platform. It is currently deployed in numerous data centers across the world,
serving customers in different regions. There is also an equal number of backups
for each deployment.

The SaaS solution uses the Azure Active Directory (AAD) for customer
authentication and management. It also leverages the Azure Traffic Manager (ATM)
for directing traffic to the proximate data centers, based on the DNS record of
the client.

Power BI likewise uses the closest WFE when distributing files and static
content to users. Custom visuals are, however, delivered using the Azure Content
Delivery Network (CDN).


POWER BI SECURITY CONCERNS

For many organizations, the security concerns with Power BI include the
following questions:

 * Who has access privileges to my data on the cloud?
 * Who can create workspaces and export data?
 * What if my data and reports get shared externally?
 * Does a hybrid cloud expose my Power Bi datacenter?


POWER BI CLOUD SECURITY BEST PRACTICES

User Authentication

The authentication process in Power Bi is governed by Azure Active Directory
(AAD). The SaaS uses the customer’s login credentials to grant access to the
resource. You log into Power BI using the email address used to create your
Power BI account.

Power BI then uses your login email as a username, passing it to resources
whenever you attempt to connect to data sources. The username is mapped to UPN
and resolved with a windows domain account for authentication.

You can use the Azure AD Conditional Access to attain additional layers of
security when it comes to access authentication. You can also implement best
practices, including:

 * Multi-factor authentication (MFA)— turn this ON on Azure AD Conditional
   Access
 * Blocking access from certain Operating Systems
 * Restricting user accesses from untrusted locations
 * Restricting access from individual clients using mobile

 


STRUGGLING WITH POWER BI INTEGRATIONS?


WE’LL MAKE YOUR LIFE EASIER

 


MICROSOFT POWER BI DATA AND SERVICE SECURITY

Power BI has robust encryption for both data at rest and data in transit. Data
at rest is encrypted in Azure BIob Storage and Azure SQL DB. Data in transit is
encrypted with HTTPs, while data in use is cached, encrypted, and stored in the
Azure SQL database.

However, you are responsible for the data you share. You can access your data
sources using your credentials, then share reports with a non-authenticated
person. That is where Power BI security concerns arise. To bolster your Power BI
data security, consider:

 * Disabling the ‘Share content with external users’ setting on the Admin
   Portal—if this is left on, your Power BI reports will be released to the
   public.
 * Disabling the ‘Publish to web’ setting as well—if this is left on, Power BI
   will publish your reports to the internet. Consider disabling publishing for
   the whole organization.
 * Monitoring the exported data iif printed or used in softcopy by your
   employees—Consider turning off the ‘export data’ feature unless it’s
   critically necessary.


POWER BI APPS AND APP WORKSPACE

Power BI enables shared development and staged deployment. You can publish
content from your Power BI desktop into Azure workspaces.  You can then add
groups to the workspaces and assign users their roles and privileges as either
viewer, contributor, member or admin.

The best practice here would be to implement a least-privilege administrative
model. Workspace users should only log in with their given user account that has
bare minimum permissions necessary for them to complete a task, nothing more.

When it comes to the publication of content, workspaces enable the neat
packaging of content into single entities called apps. You can then delineate
access privileges to these apps. A Recipient only views the report, Report
Consumers are able to interact with but not edit the data, while the App Author
can make edits or updates as they like.


ROW LEVEL SECURITY

Row-level security (RLS) can be implemented in Power BI desktop. It grants the
ability to publish a single report to your user base but exposes the data
differently to each person. RLS helps to secure data and streamline
administration. Consider implementing RLS either in Analysis Services or in the
Power BI data model.

The steps in the process include:

 * Defining Power BI roles and rules and apply a DAX expression
 * Validating roles and defining what users can see
 * Managing security of the data model


SHARING WITHIN YOUR ORGANIZATION, GUEST USERS AND SHARING ‘OUTSIDE THE WALLS

For stronger data protection, consider limiting Guest User creation on Power BI
Tenant settings, Azure Active Directory settings, and Office 365 Security
settings.

Power BI also enables the sharing of content by email, including personal email
addresses. If you enable users to share content this way, by default, you will
be enabling them to create guest accounts in Azure Directory. These guest users
could then add content to workspaces or serve as admins.


AUDITING

Admins and other users with the necessary privileges can access the Office 365
Admin Center. Here you can view exhaustive logs of all Power BI activities.
Viewing these logs helps to monitor and evaluate access, users, and group
activities, including the sharing/exportation of reports on Power BI.

It would be wise to regularly access your audit logs so you can see who is doing
what. That’s a critical step in helping your organization comply with regulatory
requirements on record preservation.

Data visualization and cloud solutions come with security concerns, but Power BI
has strong data protection measures built in which enable the integrity of your
data. 

25th March 2020
SHARE
 * Email
 * Twitter
 * Facebook
 * Google +
 * Pinterest
 * Tumblr
 * Linkedin
 * Vkontakte
 * WhatsApp



THE ILINK DIFFERENCE

iLink believes our clients are entitled to a seamless transition through the
lifecycle of a digital transformation initiative with a lean approach and a
focus on results. We measure each engagement by its ROI and potential for new
business opportunities for our customers.

Get Connected

 * Facebook
 * Twitter
 * LinkedIn
 * Instagram
 * YouTube



Copyright © 2023 iLink Digital, Inc. All Rights Reserved
 * Home
 * About Us
 * Privacy Policy
 * Contact



This website uses cookies to improve your experience. We'll assume you're ok
with this, but you can opt-out if you wish. Cookie settingsACCEPT
Privacy & Cookies Policy
Close

PRIVACY OVERVIEW

This website uses cookies to improve your experience while you navigate through
the website. Out of these cookies, the cookies that are categorized as necessary
are stored on your browser as they are essential for the working of basic
functionalities...
Necessary
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly.
This category only includes cookies that ensures basic functionalities and
security features of the website. These cookies do not store any personal
information.
Non-necessary
Non-necessary
Any cookies that may not be particularly necessary for the website to function
and is used specifically to collect user personal data via analytics, ads, other
embedded contents are termed as non-necessary cookies. It is mandatory to
procure user consent prior to running these cookies on your website.
SAVE & ACCEPT


 * Home
 * About Us
 * Privacy Policy
 * Contact

Etiam magna arcu, ullamcorper ut pulvinar et, ornare sit amet ligula. Aliquam
vitae bibendum lorem. Cras id dui lectus. Pellentesque nec felis tristique urna
lacinia sollicitudin ac ac ex. Maecenas mattis faucibus condimentum. Curabitur
imperdiet felis at est posuere bibendum. Sed quis nulla tellus.

ADDRESS

63739 street lorem ipsum City, Country

PHONE

+12 (0) 345 678 9

EMAIL

info@company.com

PURCHASE






Sumo