Why is DLP and Why do we need DLP ?  

Data loss prevention is a security solution that identifies and helps prevent unsafe or inappropriate sharing, transfer, or use of sensitive data.  

Essentially, the purpose of DLP in Power Platform is to help prevent users from unintentionally exposing organizational data.  

They affect Power Platform Canvas apps and Power Automate flows.  

Since Power Platform in general, and Power Automate / Canvas Apps in particular rely heavily on the concept of data connectors, those connectors are meant to be combined in the same Power Automate flows/canvas applications.  

When two or more connectors are combined that way, sensitive data available through one connector might be unintentionally exposed through the other connector. 

DLP Policy Scope 

DLP policies can be scoped at:  

• Environment level  
• Tenant level  

• • All environments  
  • Selected environments  
  • All environments except ones you specifically exclude 

Permission Required:  

• Environment  

• • Environment Admin / System Administrator  

• Tenant Level  

• • Microsoft Power Platform admin permissions  
  • Microsoft 365 Global admin permissions 

DLP policy connector classifications 

DLP policies enforce rules for which connectors can be used together by classifying connectors to three classifications:  

• Business  

Connectors that host business-use data  

• Non-Business  

Connectors that host personal-use data  

• Blocked  

Any connectors that you want to keep from being used (Connectors driving core Microsoft Power Platform functionality can’t be blocked)  

Connectors can reside in only one data group at a time.  

Connectors in the Non-business data group won’t be allowed to establish connections with Business connectors, and vice versa. 

Connector action control 

 You can use connector action control to allow or block individual actions within a given connector.  

Configuring a connector’s actions is available for all blockable connectors.