As a Power Platform administrator, I have seen how unmanaged connectors can quickly expose sensitive business data. In this post, I’ll show you how to set up strong DLP policies in Power Apps, step by step.
Data Loss Prevention (DLP) policies in Power Apps enable organizations manage which connectors can share data. They group connectors into Business and Non-Business categories. This way, DLP policies stop exposed company information from being shared with unauthorized external services.
Let’s quickly dive in, and I will show you how to implement DLP policies in your organization’s tenant.
Navigate to https://admin.powerplatform.microsoft.com and, on the left-hand side menu, go to Security – Data and privacy
Select to create + New Policy
Policy name
Start by giving your policy a clear and meaningful name, like Finance Data Policy (Demo).
Prebuilt connectors
When you set up a DLP policy, you can group connectors into three categories: Business, Non-business, and Blocked.
By default, all connectors are put into the Non-business category.Some connectors are not blockable like, SharePoint, Dataverse, One Drive, Office 365 ( Outlook, Users, Groups), Defender for Cloud Apps etc.You cannot use Business group connectors together with Non-business group connectors in the same app or flow. Blocked connectors are never available for use.
In my demo, I will move the SharePoint connector to the Business connectors group
Custom connectors
I won’t use a custom connector in this demo. However, if your organization uses them and you want to classify them as Business, Non-business, or Blocked, you can do that.
Scope
In the Scope section, you can choose the environments for which you want to apply the policy. In this demo, I will use a specific environment
Environments
Select the environment or environments where you want to add the policy. For example, I chose just one environment.
Review
Last step: review, make sure this is the policy you want to apply, and tap the Create policy button.
Tips for Management and Maintenance
Let app developers know about the new Data Loss Prevention (DLP) policy by sending an email or a message on Microsoft Teams. Be sure to share the list of approved business connectors.
Set up a process for reviewing connectors, so developers have a clear way to request reclassification using the right channels.
Schedule a quarterly review of the DLP policy to make sure any new Microsoft or third-party connectors are included.