DLP Policies in Power Platform
Daniel Cieckiewicz
What must you know?
DLP Policies in Power Platform are essential factor of security. They enforce specific rules and classify connectors as Business or Non-Business, or block them from use entirely.
Here is the essential information about DLP Policies:
- DLP Policies allow you to classify connectors as
- Business – connectors from this group can only be used with other connectors from that group. You cannot use non-business group connectors in the same flow or app.
- Non-business – connectors from that group can be used with any flow or app.
- Blocked – connectors from that group cannot be used and are blocked.
- You can create and manage DLP Policies in Power Platform Admin Center
- DLP Policies block connectors in Power Automate flows and Power Apps Canvas Apps.
DLP policies enforce rules for which connectors can be used together by classifying connectors as either Business or Non-Business. If you put a connector in the Business group, it can only be used with other connectors from that group in any given app or flow. Sometimes you might want to block the usage of certain connectors altogether by classifying them as Blocked.
How to create DLP Policy?
To create a new DLP Policy, navigate to Power Platform Admin Center. Remember that this action requires administrative permissions.
Go to Policies and choose “Data policies” from the list.
Now, give your Policy a name and press Next.
This step is the most important of them all. We must categorize connectors. So as you know, the Business category allows connectors to be used only with other Business connectors. Non-business ones can be used wherever you want, and Blocked connectors will be blocked entirely.
I moved two connectors to business category, as follows:
Let’s also block some connectors.
The next step is Custom connectors. We don’t want to block the creation of Custom connectors, so we leave this step without any changes.
Now, we must configure the Scope.
You can add all environments to the policy or exclude some.
I want to exclude one environment and include every other environment, especially the Default environment. A new “Environments” tab appeared when I changed the “I want to:” configuration from “Add all environments” to “Exclude certain environments”.
Let’s configure this tab.
To exclude an environment, mark it and click “Add to policy.”
This should be the result.
This is the final configuration of this tab.
In the Review tab, we can check and finalize a policy’s configuration.
To verify if policy is working, just create a flow and try to use some blocked connector:
Everything is working as it should be!
Some additional information:
You can set up a default group for connectors. This configuration allows you to automatically classify connectors into the on of the 3 categories. The default, category is Non-business.
To change the default group go to “Set default group” on the top right.
For some connectors, you won’t be able to change the category or block them.
Summary
The configuration of DLP Policies is straightforward, and the effect on the Platform is enormous. By blocking some connectors, you are sure that any data from any of the applications of solutions will not leak. Nowadays, security is one of the top priority topics for large companies, and knowing how it works in Power Platform and how to configure it can be a game changer for you and them – for having such an aware specialist.
So, finally, we are at this point where I should thank you for your time and for reading this article. Feel free to rate this article and comment if you liked it. If you have any questions, feel free to contact me (via contact@poweruniverse.org), but first, you may be interested in joining a Newsletter. Hmm? (Sign up here) If you already did, wow, thanks, thanks a lot 
Via Newsletter, I am sharing insights into my work, plans for upcoming weeks, and knowledge about Power Platform Universe and the IT world. If you are interested, feel free to join! I am going to send the latest Newsletter to everyone who enters!
See you!
Daniel Ciećkiewicz
I am a Senior Power Platform Consultant focused on Dataverse, Power Apps, and Power Automate. I was also a Team Leader responsible for the Power Platform Team and their development paths.
In my private life, I like video games, sports, learning & gaining knowledge, and a taste of good Scotch Whisky!
Ooo, I almost forgot, I love our Polish Tatra Mountains!
Power Apps Licensing Explained
Power Apps Licensing – this is something every Power Platform expert must know. In this article I will walk you through the cons and pros of available plans.
Understand Delegation in Power Apps
In this article I will walk you through delegation in Power Apps and I will show you many interesting concepts how to work with delegation and understand Delegation in Power Apps!
Connection vs connection reference in Power Platform
In this article I will tell you what is the difference between connection and connection reference in Power Platform. It is very good to know the advantages.
Overview of a Tenant Isolation in the Power Platform
What is Tenant Isolation in the Power Platform? How does it work and how do you know it will be good for your organization? Check the article!
The most interesting Power Platform features of 2024 – Wave 1 update
Do you want to know what updates are coming in 2024? This article will tell you more about incoming updates for Power Platform in Wave 1.
Use a Service Principal to run Dataverse actions in Power Automate
Do you want to learn how to use a Service Principal to work with Dataverse actions in Power Automate? This article is for you. Check it out.
Overview of a Tenant Isolation in the Power Platform
What is Tenant Isolation in the Power Platform? How does it work and how do you know it will be good for your organization? Check the article!