Information
Power BI allows the integration of R and Python scripts directly into visuals. This feature allows data visualizations by incorporating custom calculations, statistical analyses, machine learning models, and more using R or Python scripts. Custom visuals can be created by embedding them directly into Power BI reports. Users can then interact with these visuals and see the results of the custom code within the Power BI interface.
Rationale:
Disabling this feature can reduce the attack surface by preventing potential malicious code execution leading to data breaches, or unauthorized access. The potential for sensitive or confidential data being leaked to unintended users is also increased with the use of scripts.
Impact:
Use of R and Python scripting will require exceptions for developers, along with more stringent code review.
NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.
Solution
Configure the recommended state:
Navigate to Microsoft Fabric https://app.powerbi.com/admin-portal
Select Tenant settings.
Scroll to R and Python visuals settings.
Set Interact with and share R and Python visuals to Disabled
Default Value:
Enabled