All Content
explore our new search
Data Loss Prevention Strategy in Power Platform Governance
Image Source:
Power Automate
Oct 19, 2022 9:02 PM

Data Loss Prevention Strategy in Power Platform Governance

by HubSite 365 about Michael Roth [MVP]

Microsoft MVP Business Applications | Power Platform Consultant | Governance & Adoption | reigning minigolf champion

Citizen DeveloperPower AutomatePower SetupPower Selection

Understanding and implementing Data Loss Prevention strategies to guard critical business data on Power Platform - a Microsoft experts insights.

Summarizing Power Platform Governance and Data Loss Prevention Strategies

Power Platform governance is an essential topic that broadly covers the effective application of Power Automate, particularly with its use of connectors that allow for diverse data sources and services interaction. In our constantly evolving digital landscape, connectors have become a key component of the Power Platform, boasting about 683 and increasing weekly. Even though connectors may lack their personalized icons, they form an integral part of the Power Platform.

However, the immense power and flexibility brought forward by this vast set of connectors come with one chief concern - the potential loss of data. As such, this highlights the need for the implementation of data loss prevention policies (DLPs) to aid users in distinguishing safe connectors from risky ones. Effectual DLPs serve as protective barriers, ensuring safe data handling and categorizing connectors into three distinct groups;

  • Business
  • Non-business
  • Blocked

The two primary categories, Business and Non-business, are merely functional; they help sort the connectors and don't have any consequential effect. However, the blocked category is noteworthy as it generally prevents the usage of all connectors listed under it. The segregation ensures that sensitive business data only interacts with pre-approved connectors, preventing any unintentional exposure.

DLPs can be applied not just across the entire tenant but also individual environments, suggesting the need for multiple DLPs according to the operational scope.

Developing an Effective DLP Strategy

Coming up with a winning DLP strategy is dependent on a few critical factors. For instance, a good starting point is to put in place a tenant-wide DLP that's as inclusive as possible yet serves all necessary restrictions. A 'feel-good' default DLP could be one where the user feels comfortable across all new environments. The strategy should always be in line with the environmental strategy in place. There are three prevalent DLP approaches practiced:

  • "Business as usual"- An everyday, standard DLP policy covering basic productivity.
  • “Develop something new” - An open-ended policy enabling connector usage to develop apps and flows to enhance team productivity.
  • “Business Critical” - A stringent policy only allowing what’s strictly necessary for critical business operations.

These can be customized further depending on your environmental strategy and need. The default group for new connectors is always set as blocked to keep DLP up to date.

Diving deeper into DLP customization, you can control individual connector actions. The option is available in the Power Platform admin center, where you can select whether to allow or block single actions of a connector. This advanced function enables a detailed DLP config for very specific use cases.

Avoiding DLP Layering

As much as combining multiple DLPs in one environment is technically feasible, it’s not recommended. The issue arises, especially in determining the combination of connectors in the Business and Non-Business categories. A connector classified as a Business in one DLP and Non-business in another complicates the whole setup - hence layering DLPs is not advised.

Prior Considerations

Before the implementation of any new DLP policy, it's critical to assess its impact on existing flows and apps. This can be accomplished through the DLP Editor V2 in the Center of Excellence Starter Kit, which provides an Impact Analysis for all affected flows and apps.

Read the full article Power Platform governance 06 - Consider a data loss prevention strategy

Power Automate - Data Loss Prevention Strategy in Power Platform Governance

Learn about Power Platform governance 06 - Consider a data loss prevention strategy

Understanding data loss prevention strategies (DLPs) can be a complex process. However, grasping them associated with Microsoft's Power Platform is crucial for its successful implementation. In fact, DLPs play an integral role in tackling potential data loss within the Power Platform’s connectors, acting as guardrails to help keep our data safe.

With the Power Platform providing an extensive selection of connectors, this presents the risk for accidental data loss. Hence, users need to be careful about which connectors are safe for use. Thus, enters DLPs. Serving as an ideal solution for users' concerns, DLPs facilitate the categorization of connectors into three distinct categories - Business, Non-business, and Blocked.

While the names Business and Non-business are to help categorize the connectors and don’t necessarily indicate their functionality, 'Blocked' implies the inability to use those connectors. This method aids in ensuring that crucial business data is only used with appropriate connectors, avoiding any unwanted interactions that could result in data loss.

One of the many benefits of DLPs is their flexibility. They can be applied to an entire tenant or only to individual environments, and users can have multiple Data loss protection arrangements.

The next logical question is, what entails a good DLP strategy? The answer largely hinges upon your specific needs. A practical DLP strategy commences with a tenant-wide DLP that bears minimal restrictions, yet provides optimum access. Understanding the connectors that must not be blocked becomes a vital step here.

DLP strategy should work concurrently with your environment strategy. Depending upon your business requirements, you may have to consider more customized DLPs. However, remember to always set the default group for new connectors to Blocked. This ensures that any new connectors automatically fall under the blocked category, keeping your DLP updated.

The Power platform Admin Center lets us even delve deeper into configuring the single actions of a connector, adding an additional layer of customization for specific use cases.

Even though it's technically plausible to layer multiple DLPs in one environment, this can quickly turn complicated, making it advisable to use as few DLPs as possible per environment.

Furthermore, a crucial aspect to keep in mind while implementing a new DLP policy is that it might affect existing flows and apps. Currently, the only method of identifying which flows and apps will be impacted by a new DLP is through the DLP Editor V2 in the Center of Excellence Starter Kit.

Finally, familiarizing oneself with resources concerning DLPs, such as policies and the combined effect of multiple DLP policies, is a fundamental part of managing this space. So always think before you act and stay informed!

In conclusion, the increasing accessibility and dependence on technology call for stringent measures to prevent data loss. In response, companies like Microsoft have cultivated products like Power Platform and DLPs to eliminate the risk of data loss and streamline digital operations.

In the dynamic world of digital security, understanding and harnessing the potential of DLPs and similar tools like Power Platform prove to be exceptionally advantageous.

More links on about Power Platform governance 06 - Consider a data loss prevention strategy

Create a data loss prevention (DLP) policy - Power Platform
Jun 29, 2022 — In this topic, you learn how to create a data loss prevention (DLP) policy in Power Apps.
Manage data loss prevention (DLP) policies - Power Platform
Oct 2, 2023 — Learn how to create, edit, and delete data loss prevention (DLP) policies, including the default data group for new connectors.
Consider a data loss prevention strategy - MichaelRoth42 Blog
Oct 11, 2022 — This blog explains how data loss prevention policies work and how you can use them for your governance strategy.


Power Platform governance, data loss prevention strategy, DLP strategy, Microsoft Power Platform, Power Platform data security, data protection, Power Platform DLP, Power Platform management, safeguarding Power Platform, data loss in Power Platform.