Wiki Navigation

Security and Privacy

This page explains how to keep model work safe when using an LLM with the MCP server.

Why this matters (practical risks)

When you work with a semantic model through an LLM, query results flow through the chat. That means:

  • Customer names, emails, and phone numbers can appear in query outputs if you ask for row-level data.
  • Revenue figures and financial metrics show up in validation results - and anything in the chat could be copy-pasted or logged.
  • DAX and M expressions contain business logic that may be proprietary.

The safeguards below keep your work safe without making the assistant less useful.

Data minimization (the most important habit)

The single best practice: ask for aggregates, not raw rows. Instead of "show me the Sales table", ask for "monthly totals for the last 12 months". This keeps sensitive row-level data out of the chat entirely.

Masking (what it does in practice)

Masking replaces sensitive values in query results before they reach the chat. When enabled:

  • PII masking replaces names, emails, addresses, and similar text with placeholders - so "John Smith" becomes something like "[MASKED]" in the output.
  • Numeric masking replaces financial figures with representative but non-real numbers - so "12,345,678" becomes a different value that preserves the pattern but not the actual data.

This means you can validate query structure and business logic (the right columns, the right groupings, the right measure behavior) without exposing real values. It is especially useful when you paste results into tickets, PRs, or team chats.

Ask the LLM:

"Enable masking so query outputs are safe to share. Exclude specific tables/columns if needed."

Common safety prompts:

"Enable numeric masking; do not mask Date/Calendar tables." "Enable PII masking; exclude customer IDs from masking only if I explicitly ask."

Logging discipline

Online formatting (DAX and Power Query M)

Optional formatting features may send code to external services. The assistant should ask for explicit consent when enabling formatting, and your org can disable these features centrally.

Ask the LLM:

“Do not use online formatters in this environment.”

If you do want formatting:

“Format DAX for readability, but confirm whether this uses an online service before doing it.”

Practical compliance prompt:

“Assume this is a regulated environment. Don’t send code or metadata to external services; proceed without online formatting.”

Governance controls (org-managed)

Organizations can restrict and govern behavior via:

  • server mode (full/read-only/browse-only),
  • policy rules (allow/deny/require confirmation),
  • centrally deployed policy bundles (lock writes to policy configuration).

If you’re unsure what applies, ask:

“Explain what governance controls are active in this environment.”

Browse-only environments

Sharing outputs (tickets/PRs)

See also