Use customer-managed keys in Power BI
Power BI encrypts data at rest and in process. By default, Power BI uses Microsoft-managed keys to encrypt your data. You can choose to use your organization's keys for encryption of user content at rest across Power BI, from report images to imported semantic models in Premium capacities.
Why use customer-managed keys
With Power BI customer-managed keys (CMK), your organization can meet compliance requirements for data encryption at rest with your cloud service provider (in this case, Microsoft). CMK is only offered to new Power BI Premium customers. It enables your organization to encrypt Power BI user content with a key that you provide and manage. Revoking a customer-managed key makes user content within Power BI unreadable for everyone within an hour, including Microsoft. Compared to a bring-your-own-key (BYOK) offering, CMK covers user content that is generated by the service, and customer data that is imported into reports and semantic models hosted on Premium capacities. It enforces stricter caching policies, and you can only apply a single key to encrypt all the data.
How to use customer-managed keys
To opt in to Power BI customer-managed keys, contact your Microsoft account manager to validate that your organization meets the size requirements that are required for enabling CMK.
Related content
The following links provide information that can be useful for customer-managed keys:
Feedback
https://aka.ms/ContentUserFeedback.
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see:Submit and view feedback for