top of page
Search

Power Platform - DLP policyer

  • Writer: Bjørnar Aassveen
    Bjørnar Aassveen
  • Mar 21
  • 3 min read

Data Loss Prevention (DLP) in Power Platform is used to control access to connectors to data sources and other applications.


Think of your data as a valuable collection of rare stamps. Without DLP policies, those stamps could end up in the wrong hands, be exchanged for something less valuable, or even be lost. You don’t want your precious data to end up in a random app like a stamp collector who has lost track! In short, below.


Security

Prevent unauthorized access to sensitive data by blocking or restricting the use of certain connectors that may pose a security risk.


Compliance

Ensure that data handling complies with legislation and internal guidelines, especially in regulated industries such as finance and healthcare.


Data integrity

Protect data from accidental or malicious modification by controlling which applications and services can interact with your organization's data.


Reduce risk

Minimize the risk of data leaks by limiting data flow to only approved and secure connectors.


Control over data flow

Give IT better control over how data moves within and outside the organization, which can help prevent data loss and misuse.




 


Connectors

A Power Platform connector is a component that allows services to communicate with Microsoft Power Automate, Microsoft Power Apps, and Azure Logic Apps.


Some examples of connectors are:

  • SharePoint: Used to connect to and manage documents and data stored in SharePoint.

  • SQL Server: Allows you to connect to SQL databases to retrieve and manipulate data.

  • Microsoft 365: Integrates with Microsoft 365 services such as Outlook and OneDrive.

  • Salesforce: Connects to Salesforce to manage CRM data.

  • X: Used to retrieve data from X and automate tweets.


Connectors in Power Platform are divided into three main categories Certified connectors, Custom connectors and Virtual connectors.


Certified connectors

Certified connectors refer to connectors that have undergone rigorous testing and certification processes to ensure they meet Microsoft standards for security, reliability, and compliance. These connectors provide users with a trusted way to integrate with other Microsoft services and external services while maintaining data integrity and security. (Data Loss Prevention (DLP) policies - Power Platform | Microsoft Learn)


Custom connectors

Custom connectors allow users to create their own connectors to integrate with external systems or services not covered by the standard set of certified connectors. While they offer flexibility and customization, custom connectors require careful consideration to ensure they comply with policies and do not compromise data security. (Data Loss Prevention (DLP) policies - Power Platform | Microsoft Learn)


Virtual connectors

Virtual connectors are connectors that appear in data policies that administrators can control, but they are not based on a REST API. Standard "Built-in" connectors from Microsoft to manage data policies. (Configure data loss prevention policies for agents - Microsoft Copilot Studio | Microsoft Learn)



 

Furthermore, to set up DLP policies, go to the Power Platform admin under the "Security" blade. https://admin.powerplatform.microsoft.com/security/dataprotection/dlp

Here you can create DLP policies



Under "Prebuilt connectors" you will find all Connectors that belong to Certified and Virtual connectors. The connectors are divided into three categories.


Important to note! Data cannot be shared between connectors that are placed in different groups. For example, if you place SharePoint and Salesforce connectors in the Business group and you place Gmail in the Non-Business group, makers cannot create an app or flow that uses both the SharePoint and Gmail connectors. This in turn limits the data flow between these two services in Microsoft Power Platform.


The main point is that connectors in the same group can share data in Microsoft Power Platform, while connectors in different groups cannot share data.


Business

These connectors are used to handle data that is relevant to business use. Examples include SharePoint and Salesforce


Non-business

These connectors are used for personal or non-business data. When a new policy is created, all connectors are placed in the Non-business group by default** and can then be moved to Business or Blocked.


Blocked

Connectors in this category are blocked from use in all environments. This may be necessary to prevent data loss or unwanted sharing of sensitive information.





**This default selection can be changed by selecting "Set default group"



After you have sorted all Connectors and set the default group for new Connectors, proceed to the corresponding Custom connector, here you must scope the policy to the endpoint addresses you have used in the Custom connector(s).



Once you are finished configuring Connectors, you can choose which environments the policy should apply to.



All environments, selected environments or all environments with some exceptions. The recommendation is to have a baseline policy from which you exclude environments if there is a need for Connectors outside the standard range.


Then all that remains is to assess all connectors and not least which connectors will be allowed to talk to each other. There are currently 1327 Connectors available, in addition to the custom connectors you may have lying around.


Bjørnar&AI

 
 
 

Recent Posts

See All
Microsoft Defender - Safe Links

🥷Upcoming changes to M365 Copilot Chat include integration with SafeLinks for URL protection. The rollout will begin in late March 2025...

 
 
 

Comments

bottom of page