SQLBits 2024
Find your PII reports and make your data safer
The objective of this session is to know how to find your personal identifiable information (PII) reports automatically and how to protect your data. Finding PII reports/datasets is even possible without Premium!
Three alternatives of how to find PII data will be explained. Also, I'll explained how to make your data safer changing settings in the Admin Settings and using tools like Microsoft Purview, DLP & Microsoft Defender.
At the same time, it's very important to monitor some operations happening in your Power BI Service.
The objective of this session is to know how to find your personal identifiable information (PII) reports automatically and how to protect your data. This is even possible without Premium!
I'll explain three alternative to find PII datasets/reports in Power BI automatically:
Using policies (only for Premium)
Using Synapse & Azure SQL database.
Forcing all refreshes to use the Gateway.
Forcing refreshes through the Gateway is possibly the best solution and this work for Non-Premium. From the REST API we know which Gateway Connectors are being used for each report. If we had connectors with access to PII & Non-PII data, we could tell which datasets/reports have access to PII data.
In addition, it will be explained how to make your data safer using Microsoft Purview, Sensitive Labels, Data Loss Protection, Policies and Microsoft Defender for Cloud Apps.
For example, data can be protected using sensitivity labels. These labels can be inherited. These labels can block external users from opening Excel files that were download from Power BI.
Microsoft Defender is an important tool for Power BI too because it can block downloads from unmanaged devices or alert you from bad praxis
Also, Controlling the Admin Settings and having monitoring reports is critical to make your data safer. Some of the questions that you should answer are the next:
Who's downloading data? Is this data protected? Is data being sent to external users?
Is someone changing the Admin Settings?
Is someone changing sensitivity labels?
What are the service principals and service accounts doing?
Who is using Personal workspaces? we should avoid the usage of them
I'll explain three alternative to find PII datasets/reports in Power BI automatically:
Using policies (only for Premium)
Using Synapse & Azure SQL database.
Forcing all refreshes to use the Gateway.
Forcing refreshes through the Gateway is possibly the best solution and this work for Non-Premium. From the REST API we know which Gateway Connectors are being used for each report. If we had connectors with access to PII & Non-PII data, we could tell which datasets/reports have access to PII data.
In addition, it will be explained how to make your data safer using Microsoft Purview, Sensitive Labels, Data Loss Protection, Policies and Microsoft Defender for Cloud Apps.
For example, data can be protected using sensitivity labels. These labels can be inherited. These labels can block external users from opening Excel files that were download from Power BI.
Microsoft Defender is an important tool for Power BI too because it can block downloads from unmanaged devices or alert you from bad praxis
Also, Controlling the Admin Settings and having monitoring reports is critical to make your data safer. Some of the questions that you should answer are the next:
Who's downloading data? Is this data protected? Is data being sent to external users?
Is someone changing the Admin Settings?
Is someone changing sensitivity labels?
What are the service principals and service accounts doing?
Who is using Personal workspaces? we should avoid the usage of them