Security News > 2021 > February > Microsoft's Power BI gets new tools to prevent leakage of confidential data
"If you want to build a new BI product, the first feature you build is export to Excel," jokes Arun Ulag, CVP of Microsoft Power BI. "People want to be able to work with data in the tools that they use." he adds.
So Power BI will now use sensitivity labels from Microsoft Information Protection to protect information in Power BI Desktop, in the Power BI service and when reports are exported to Excel, PowerPoint or PDF. This will allow you to use the same data security policy, compliance and auditing tools for Power BI as for Office.
"So if you email that document outside of the organisation, if somebody who shouldn't have access tries to open it, or you stop being an employee and you try to open the document, you don't have access. If you're using Power BI Desktop to author Power BI reports, it's just like using Excel to author workbooks: you can apply a MIP label right in Power BI Desktop and it will encrypt the file with your company's policy. When it goes to the Power BI service, the service recognises that this data set is highly confidential."
"And then if you export that out of Power BI into Excel, PowerPoint or PDF - which is very, very common for BI tools - you don't have to block that export because that exported entity in Excel, PowerPoint or PDF is also encrypted with the same highly confidential tags, with the same AD credentials. If an unauthorised user tries to open these labelled files, they won't be able to access the data, even when it leaves Power BI," Ulag says.
"In Azure Synapse Analytics you can label a table in the database - like an employee salary table or a performance reviews table - as highly confidential. Then, when Power BI connects to the table, even with permissions, it inherits the label from Synapse and if you export the data, it passes that on to Office. This allows you to string the whole data lifecycle together, all the way from the point of origin in Synapse to the point of consumption, either in Power BI or Office."
If highly secret data isn't your only worry with remote work, Power BI is also taking advantage of Azure AD and Microsoft Cloud App Security to let admins create conditional access rules for ensuring that the devices on which employees load data are up to date and fully managed by blocking downloads on unmanaged personal devices, as well as warning about suspicious access attempts.