Microsoft Viva: Customize visuals and pages in embedded PowerBI reports

🚨 The Signal: Power BI reports embedded in Viva can now be customized and published by analysts. This increases the potential for unauthorized data exposure or manipulation if not properly governed, impacting data integrity and confidentiality.

The Impact

Power BI report creators are affected, increasing the risk of unauthorized data modification or exposure within Viva.

• Report creators: Risk of publishing sensitive data without proper review.
• Data owners: Increased risk of unauthorized changes to underlying datasets.
• Security teams: New vector for data exfiltration or integrity compromise.
• Compliance officers: Challenges in maintaining data governance and audit trails.

The Action

1. Review existing Power BI tenant settings for publishing and sharing controls.
2. Implement data loss prevention (DLP) policies for Power BI content in Microsoft Purview.
3. Establish clear organizational policies for Power BI report customization and publishing in Viva.
4. Conduct user training on secure Power BI report development and sharing practices.
5. Regularly audit Power BI report access and modification logs for anomalies.

Domain: Purview · Impact: high · Workload: Microsoft Purview