Excel: Refresh queries from Authenticated Data Sources in Excel for the Web

🚨 The Signal: Excel for the Web can now refresh Power Query data from authenticated sources. This expands data access, increasing potential exposure of sensitive information if not properly secured.

The Impact

All users are affected, increasing the risk of unauthorized data access and exfiltration through Excel for the Web.

• End-users: Increased risk of inadvertently exposing sensitive data.
• Security Teams: New vector for data exfiltration requires monitoring.
• Admins: Must review and secure data source authentication methods.
• Compliance Teams: Potential for non-compliance with data handling policies.

The Action

1. Review and enforce data governance policies for Power Query data sources.
2. Audit existing Power Query connections for sensitive data exposure.
3. Implement Conditional Access policies for Excel for the Web to restrict data access.
4. Educate users on secure data handling practices when using Power Query.
5. Monitor Microsoft Purview Audit logs for unusual data access patterns via Excel for the Web.

Domain: M365-Apps · Impact: high · Workload: M365 Apps