OKVIZ visuals are custom visuals for Power BI and run inside a sandbox, a secure environment that isolates the visual from the rest of the Power BI system and ensures that it cannot access unauthorized resources. The exact security and privacy behavior depends on the visual, the distribution channel, the license type, and the features enabled in the report.
In general, our visuals do not send your report data to OKVIZ. When a visual communicates with OKVIZ services, that communication is limited to technical scenarios such as license validation, update checks, or Synoptic Panel map storage features.
Security Audits
OKVIZ regularly audits its visuals and infrastructure through Aikido Security, an external security service.
The audit process includes:
- Static and dynamic code analysis (SAST & DAST)
- Open source dependency scanning (SCA)
- Open source license scanning (SBOM)
- Infrastructure as code scanning (IaC)
- Cloud posture management (CSPM)
- SLA compliance
You can request our latest Aikido Security report here.
Microsoft Certification
Some OKVIZ visuals are certified by Microsoft, while others are not certified because they require capabilities that are not compatible with the certification requirements.
Certified visuals must follow Microsoft certification rules, including restrictions on external services, unsafe code, and data storage. For a detailed explanation of the benefits and limitations, see Microsoft Certification.
Uncertified visuals are not automatically unsafe. For example, a visual may be uncertified because it supports Power BI Report Server, Publish to Web, National Clouds, or other features that are not allowed by the certification program. A clear example is that we usually provide the same visual (with the same source code) in both certified and uncertified versions, where the only difference is that certified versions are limited in access to remote resources.
Data and Network Communication
The network behavior depends on how the visual is distributed and licensed.
AppSource Certified Visuals
Certified visuals from AppSource do not send report data to OKVIZ or other external services. Their network communication is limited to Power BI core services required by the platform.
OKVIZ Licensed Visuals
Visuals licensed directly by OKVIZ may contact OKVIZ services to validate the license or check for updates.
This communication can include technical and licensing information such as:
- Visual version
- License identifier or customer token
- Anonymous session or user identifiers generated by the visual
- Execution source, such as Power BI Desktop, Power BI Service, Power BI Embedded, or Publish to Web
- Timestamp or session metadata used to validate and troubleshoot the license
These visuals do not send report data to OKVIZ as part of license validation.
Synoptic Panel Remote Maps and My Storage
Synoptic Panel can use remote maps and My Storage when the selected version and license support these features.
Remote maps are loaded from the URL or hosting service configured in the report. My Storage stores map files in OKVIZ-managed storage and can optionally use encryption. For details, see Synoptic Panel Security & Privacy and My Storage Security.
Firewall Allowlist
If your organization blocks outbound network traffic, OKVIZ licensed visuals may require allowlisting before license validation or related services can work.
The actual endpoint is:
https://api.okviz.com
Some visuals or older versions may require additional endpoints. Review the security page for the specific visual before configuring firewall rules.
Security Reviews
If your organization requires additional assurance for an uncertified visual, contact OKVIZ support. Depending on the request and at OKVIZ discretion, additional review options may be available after signing an NDA.