When setting up a new tenant, it is recommended that Power Platform DLP should be implemented before any tools are utilized, while if you've been developing apps and creating flows without any active policies, it might be a risk to implement DLP. In this case, running a Power Platform DLP Impact Assessment beforehand can be beneficial. Impact Assessment can indicate which apps or flows might get disrupted when a Power Platform DLP policy is introduced. This knowledge aids the strategy formation, and a communication plan can be drafted for users who may be affected.
But to carry out a Power Platform DLP impact assessment, users must have admin access to the Power Platform Admin Centre and the updated version of the CoE Starter Kit must be installed. The 'Data Loss Prevention' (DLP) Impact Analysis model-driven app, located in the 'Centre of Excellence' Core Components, will be needed for this assessment.
The initiation step of this process is creating a new DLP policy. Though it might seem counter-intuitive, this new policy won't apply to any environment. Instead, it helps us understand what could occur if applied. This "empty" policy will play a critical role in the impact assessment.
A standard DLP policy generally classifies all Microsoft connectors to Business, and the rest as Blocked. Based on business needs, more connectors can be added to Business or Non-Business. Some connectors cannot be blocked, and for such cases, the connector classification documentation provides more information. A list of connectors to be moved to Business/Banned can be obtained post filtering.
This assessment does not apply to custom connector usage; the analysis of the same can be gleaned via other tabs in the CoE Starter Kit Power BI dashboard.
Setting the scope of assessment is a crucial step where no policy is applied to any environment; we will merely view its potential effect. This is done by selecting 'Exclude certain environments' and adding those environments to the policy. However, we are actually adding them to the set of excluded environments, so it doesn't affect overall functioning.
Once the Impact Assessment is conducted, users can navigate to the environment where their CoE Starter Kit is installed to find the DLP Impact Analysis app. If the policy doesn't affect any apps or flows, a respective message would be displayed. If it does, the affected assets would be displayed in a table.
The 'Impact' section shows which connector(s) could be affected in the selected app or flow. The 'Email Maker' section has an auto-populated email body, which lets the user know about potential connector conflicts. It allows communicating with the relevant makers regarding conflicts.
The responsibility to keep track of emails falls on the user, as hundreds of flows and apps might be affected, and follow-ups may be required. The 'Export to Task List' option adds these records to the DLP Impact Analysis table in the CoE Core Components solution; from there, they can be accessed anytime through the 'Non-compliant task list' area of the app.
The details of the Impact Analysis are then sent to the user's email, which provides key information such as the creator, environment, and connector(s) that would be impacted. This Impact Assessment is crucial for any Power Platform activity in your tenant, and the results can guide the conversations about any forthcoming changes.
Lastly, depending on the results, users might need to strategize and plan their DLP policy or policies. There could be a need for more than one policy – a topic that would be tackled in the subsequent articles. The overall goal remains to make the Power Platform experience better without compromising on data security.
The Power Platform Data Loss Prevention (DLP) Impact Assessment is a crucial undertaking for ensuring the safe and efficient operation of your tenant. The process aids in creating, implementing, and testing DLP policies without causing upheaval among your userbase. It helps with strategy formulation and optimal communication with affected users.
Here's how to go about it:
To begin the impact assessment, you would need:
Once you have these, the first step is to create a new DLP policy within the PPAC. However, you won't be applying this policy to any environments. The initial, 'empty', policy is there to act as a keystone for your impact assessment.
Next, let's delve into pre-built connectors. A baseline DLP policy aligns all Microsoft ones to Business, with everything else set to Blocked. The exceptions to this norm are managed on a case-by-case basis.
You'll then need to deal with custom connectors. Keep in mind that this area could be left untouched for initial impact assessment purposes.
Before we move forward, we'd like to stress that your policy, although created, shouldn't be applied to any environments. The idea is to analyse the potential repercussions if it were applied.
In scope definition, make sure to exclude all environments. The objective is to keep your policy separate from actual environments. Your goal is to examine what might happen in a hypothetical scenario.
As we step into the Impact Assessment phase, visit the CoE Starter Kit installed environment. From here, find the DLP Impact Analysis app, and get started.
After finishing the Impact Analysis, you might need some time to gather the results, particularly when multiple environments are involved. That's perfectly normal.
Moving on to viewing the results, you'll be informed whether any apps or flows are to be affected by your hypothetical DLP policy. If assets are affected, they'll be shown in a table.
Looking into impact, you can get specifics about what connectors are likely to be impacted by each app or flow by clicking the View Impact icon. To reach out to a maker, click the Email Maker icon.
With the process complete, you can decide to export the data to a Task List or a CSV. These records provide detailed insights into the impact analysis and can be accessed anytime.
Undertaking the Power Platform DLP Impact Assessment is a move towards responsible and efficient tenant management. Your results will guide how you communicate with your makers about potential changes, influencing your DLP policy strategy.
And with that, you're ready to assess the impact of your DLP policy, safeguarding your tenant effectively. Stay tuned for our next article on DLP Policies.
Power Platform DLP, DLP Assessment, Impact Assessment, Power Platform Impact, Power Platform Analysis, DLP Impact Analysis, DLP Power Platform, Power Platform Policies, DLP Impact Assessment, Power Platform DLP Analysis.