Power BI Management Report

The report is deployed as an App in your Power BI service.

We send you a link that can be actioned by your Power BI administrator. That link creates a download to deploy the App and create a new workspace and report.

To get the data feeding into your report we need access to your Power BI Metadata REST API’s. To access these we get your Azure Administrator to Set up a security group, then grant our Service Principal access.

We then set up the data extraction and provide you with credentials.

Once you have downloaded the report you are able to enter your credentials into the App to start the flow of your data

Data is reloaded every night at 9:00pm in the timezone your reside.

The App is then set to reload at midnight in your Power BI service

We have implemented the following security

Access Management

Power BI Metadata Access

We use a service principal to access your Power BI REST API endpoints. This access is restricted by the roles and permissions you assign to the service principal, giving you control over which resources can be accessed and at which level.

Security Framework

A security framework is a compilation of policies and processes relating to the implementation and management of information security controls. Our established security framework helps secure access to your data through standardised processes and policies such as:

• Centralized identity management – we manage the creation of your accounts and enforce strong password policy.

• Role-Bases Access Control (RBAC) – Permissions are assigned to roles and uses principle of least privilege to ensure.

Data Security

Encryption-in-transit

Azure SQL Database secures customer data by encrypting data in motion Transport Layer Security (TLS). TLS is a cryptographic protocol that enables authenticated connections and secure data transport over the internet via HTTP.

SQL Database always enforces TLS encryption for all connections. This ensures all data is encrypted "in transit" between the client and server

Encryption-at-rest

Transparent Date Encryption (TDE) adds a layer of security to help protect data at rest from unauthorized or offline access to raw files or backups. Common scenarios include data center theft or unsecured disposal of hardware or media such as disk drives and backup tapes. TDE encrypts the entire database using an AES encryption algorithm. All newly created databases are encrypted by default and the database encryption key is protected by a built-in server certificate.

Row-level protection

Row-Level Security (RLS) enables the ability to leverage user execution context in order to control access to rows in a database table. RLS ensures that customers can only see the record that pertains to them.

Network Security

Firewall rules

We use IP firewall rules to restrict access to only authorized IP addresses.

Distributed Denial of Service Protection

Distributed Denial of Service (DDoS) attacks are attempts by a malicious user to send a flood of network traffic to Azure SQL Database with the aim of overwhelming the Azure infrastructure and causing it to reject valid logins and workload. DDoS protection is automatically enabled as part of the Azure Platform. It includes always-on traffic monitoring and real-time mitigation of network-level attacks on public endpoints.

We will release an updated version of the report every quarter.

Each update will include improvements that we have identified as well as ideas that come from our customers so you are welcome to suggest ideas.

There are no long term commitments, you can cancel at any time.