Dear,
COuld you please help me to answer below queries from Security Team.
We are using Power BI Pro and i know that it uses shared capacity means Azure resources ae being hsared with other companies such as storage/memory, etc. However tenant is different and separate for each comapny and aligned with AZure AD tenant.
Thanks
Hi @sschaefer.
Yes and yes. I believe if your organization is part of the US government there is also a government-specific tenant that can be accessed, so not eactly “public”. If your organization requires that data stays within your firewall, then you can use Power BI Report Server.
Hope it helps.
Greg
Thanks. If this is case all cloud service is Public right?
Power BI Premium provides dedicated capacity, but still tenant and data all are in public Azure tenant right?
For due diligence, it would be wise to have terms and conditions in hand before making any final decision. The following are only summations and touch on public clouds, and expand on the notion of Government also known as sovereign national cloud.
In Power BI Service, the data and content are stored in the cloud, specifically on Microsoft’s Azure platform. Azure is a public cloud service, which means the infrastructure is owned and operated by Microsoft, and multiple organizations may share the same underlying resources.
Power BI Premium, on the other hand, provides dedicated capacity to an organization. However, even with Power BI Premium, the data, and content still reside on Microsoft’s Azure platform, which is a public cloud.
In terms of Government, this refers to a sovereign national cloud and is exclusively operated and governed by the government of a specific country or region. The main distinguishing characteristic of a sovereign cloud is that it is physically and legally located within the borders of the country, and access to the data and services within the cloud is subject to the laws and regulations of that country.
Just to add another note, while the resources of the Azure infrastructure are maintained by Microsoft outside your firewall, the data is always encrypted (both at rest and in transit), and only accessible by those licensed within your organization (in your case, those with “Pro” licenses). If your Power BI administrators choose to enable the “Publish to Web” feature, then it is possible for those authorized individual users to make Power BI files (and their inherent data) publicly accessible, but are given several warnings before publishing. Greg
Thanks Greg, It helps.
Data at rest is encrypted however key is managed anm owned by Microsoft. This is what security team concern and they want the key to be managed by us. BYOK (Bring Your Own Key) fetaure is available in Power BI Premium. This is what I am gona propese in addition to other premium features.
BYOK is great now that it is GA. I do wonder when the documentation explicitly mentions that this applies to the Application level, and to use BYOK, you must upload data to the Power BI service from a Power BI Desktop (PBIX) file. BYOK applies only to datasets.
Excluding the following can be a downer:
Good first step though.