Share via

Request for Guidance on Uncertified Visuals and Government Best Practices

Joseph, Merin 0 Reputation points
2026-02-10T19:50:00.43+00:00

Hello Microsoft Support,

We are a government organization reviewing our Power BI governance standards and need clarification on the use of uncertified visuals.

  • Are uncertified visuals considered safe for government environments, and what risks or security constraints should we be aware of?
  • If we add an uncertified visual to Organizational Visuals, does that change its security behavior, and what best‑practice vetting steps does Microsoft recommend for government tenants?
  • Since the HTML Content visual is uncertified, are there certified alternatives or secure workarounds for handling HTML content?

Any guidance or best‑practice documentation for government deployments would be appreciated.

Moved from: Microsoft 365 and Office | Other

Microsoft 365 and Office | Subscription, account, billing | For business | Other
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Daniel-Vo 4,420 Reputation points Microsoft External Staff Moderator
    2026-02-11T13:12:29.1566667+00:00

    Dear Joseph, Merin,

    Thank you for posting your question in the Microsoft Q&A forum. 

    I understand that you are seeking clarification regarding Power BI governance standards and the use of uncertified visuals. 

    Please note that as forum moderators, we do not have access to internal or non-public documentation. The information provided below is based on publicly available Microsoft documentation and guidance. If you require a more in-depth or officially documented response specific to your environment (particularly for government tenants), we strongly recommend raising a Microsoft Support ticket via the Microsoft 365 Admin Center so that the appropriate product team can assist you directly.

    • Are uncertified visuals considered safe for government environments, and what risks or security constraints should we be aware of? 
      • Uncertified Power BI visuals don't necessarily mean unsafe visuals. Some visuals aren't certified because they don't comply with one or more of the certification requirements. For example, connecting to an external service like map visuals, or visuals using commercial libraries. 
      • If we add an uncertified visual to Organizational Visuals, does that change its security behavior, and what best‑practice vetting steps does Microsoft recommend for government tenants? 
        • Putting an uncertified visual into the Organizational Visuals store doesn’t change its security behavior — it only centralizes it for your organization. For more information, please refer to this article. 
        • Since the HTML Content visual is uncertified, are there certified alternatives or secure workarounds for handling HTML content? 
          • The HTML Content visual is currently uncertified. If your governance policy restricts uncertified visuals, you may need to evaluate certified alternatives available in AppSource or consider native Power BI visuals where possible. Please refer to here. 

    I hope the above helped with your queries. 

    If you have extra questions about this answer, please click "Comment".     

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

  2. Q&A Assist
    2026-02-10T19:50:13.0966667+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    Uncertified visuals can pose risks in government environments due to potential security vulnerabilities. Here are some key points to consider:

    1. Safety of Uncertified Visuals: Uncertified visuals may not meet the same quality and stability standards as certified ones. They can access data queried from semantic models and may transmit data to external services, which raises concerns about data privacy and leakage. Organizations with significant data privacy concerns should be cautious when using uncertified visuals, as they might not align with their risk profile.
    2. Security Behavior in Organizational Visuals: Adding an uncertified visual to the Organizational Visuals repository does not inherently change its security behavior. It is still crucial to validate and approve these visuals before use to mitigate risks. A thorough vetting process should be established to ensure that any custom visual is tested for security and functionality before being deployed.
    3. Best-Practice Vetting Steps: Microsoft recommends that all custom visuals undergo a validation process, which includes testing and pre-approval for use in the organization. This helps to reduce the risk of using untrustworthy visuals. Additionally, organizations should consider whether to centrally manage custom visuals to ensure consistency and control over which visuals are used.
    4. Alternatives to HTML Content Visual: If the HTML Content visual is uncertified, it is advisable to look for certified alternatives or secure workarounds. While the specific alternatives are not detailed in the provided context, organizations should explore certified visuals that meet their functional requirements without compromising security.

    For government deployments, it’s essential to have a robust governance framework that addresses these concerns and ensures compliance with security standards.

    References:

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.