DLP Policies in Power Platform

What must you know?

DLP Policies in Power Platform are essential factor of security. They enforce specific rules and classify connectors as Business or Non-Business, or block them from use entirely.

Here is the essential information about DLP Policies:

  1.  DLP Policies allow you to classify connectors as
    1. Business – connectors from this group can only be used with other connectors from that group. You cannot use non-business group connectors in the same flow or app.
    2. Non-business – connectors from that group can be used with any flow or app.
    3. Blocked – connectors from that group cannot be used and are blocked.
  2. You can create and manage DLP Policies in Power Platform Admin Center
  3. DLP Policies block connectors in Power Automate flows and Power Apps Canvas Apps.

DLP policies enforce rules for which connectors can be used together by classifying connectors as either Business or Non-Business. If you put a connector in the Business group, it can only be used with other connectors from that group in any given app or flow. Sometimes you might want to block the usage of certain connectors altogether by classifying them as Blocked.

How to create DLP Policy?​

To create a new DLP Policy, navigate to Power Platform Admin Center. Remember that this action requires administrative permissions.

Go to Policies and choose “Data policies” from the list.

Now, give your Policy a name and press Next.

This step is the most important of them all. We must categorize connectors. So as you know, the Business category allows connectors to be used only with other Business connectors. Non-business ones can be used wherever you want, and Blocked connectors will be blocked entirely.

I moved two connectors to business category, as follows:

Let’s also block some connectors.

The next step is Custom connectors. We don’t want to block the creation of Custom connectors, so we leave this step without any changes.

Now, we must configure the Scope.

You can add all environments to the policy or exclude some.

I want to exclude one environment and include every other environment, especially the Default environment. A new “Environments” tab appeared when I changed the “I want to:” configuration from “Add all environments” to “Exclude certain environments”.

Let’s configure this tab.

To exclude an environment, mark it and click “Add to policy.”

This should be the result.

This is the final configuration of this tab.

In the Review tab, we can check and finalize a policy’s configuration.

To verify if policy is working, just create a flow and try to use some blocked connector:

Everything is working as it should be!

Some additional information:

You can set up a default group for connectors. This configuration allows you to automatically classify connectors into the on of the 3 categories. The default, category is Non-business.

To change the default group go to “Set default group” on the top right.

For some connectors, you won’t be able to change the category or block them.

Summary

The configuration of DLP Policies is straightforward, and the effect on the Platform is enormous. By blocking some connectors, you are sure that any data from any of the applications of solutions will not leak. Nowadays, security is one of the top priority topics for large companies, and knowing how it works in Power Platform and how to configure it can be a game changer for you and them – for having such an aware specialist.

So, finally, we are at this point where I should thank you for your time and for reading this article. Feel free to rate this article and comment if you liked it. If you have any questions, feel free to contact me (via contact@poweruniverse.org), but first, you may be interested in joining a Newsletter. Hmm? (Sign up here) If you already did, wow, thanks, thanks a lot 🙂 

Via Newsletter, I am sharing insights into my work, plans for upcoming weeks, and knowledge about Power Platform Universe and the IT world. If you are interested, feel free to join! I am going to send the latest Newsletter to everyone who enters!

See you!

About the author

Daniel Ciećkiewicz

FOUNDER

I am a Senior Power Platform Consultant focused on Dataverse, Power Apps, and Power Automate. I was also a Team Leader responsible for the Power Platform Team and their development paths. 

In my private life, I like video games, sports, learning & gaining knowledge, and a taste of good Scotch Whisky! 

Ooo, I almost forgot, I love our Polish Tatra Mountains!

Categories
Top 3 articles
Newest articles
These May also interest you:
0 0 votes
Article Rating
Subscribe
Notify of
guest

0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x