·
3 min read

Protect your data with Power Platform’s latest Data Loss Prevention (DLP) capabilities, now generally available

Microsoft Power Platform is a powerful low-code development platform that allows you to analyze data, build solutions, automate processes, and create virtual agents thanks to a growing ecosystem of more than 700 data connectors. Your organization’s data is likely one of the most important assets you’re responsible for safeguarding as an administrator. Therefore, Microsoft Power Platform provides a comprehensive set of Data Loss Prevention (DLP) policies to help you define and enforce rules for how these connectors can be used.

Microsoft Power Platform has invested heavily in extending its DLP offering, and we are pleased to announce the general availability of two advanced capabilities, DLP connector action control and DLP for custom connectors, that will provide administrators with a level of control that is unmatched in the industry.

DLP connector action control enables admins to easily allow or block specific connector actions for each connector. For example, you could block the Delete row (V2) action for the SQL Server connector.

DLP for custom connectors enables admins to apply well known DLP constructs—like connector classification (business, non-business, blocked)—to a newer breed of connectors named custom connectors.

Important: DLP connector endpoint filtering remains in preview. Its planned general availability on March 31, 2022, is postponed. We apologize for the delay, and we will notify you when a new date has been chosen.

Data Loss Prevention connector action control

Microsoft Power Platform allows admins to categorize connectors in a DLP policy into buckets such as Business, Non-business, or Blocked. When administrators only have access to these heavy-handed settings, they have no choice but to block the connector if it represents the slightest risk. With DLP connector action control, administrators can now control which specific connector actions can be used by the Microsoft Power Platform’s makers.

For example, an organization may have a policy that says users cannot post tweets to Twitter but reading tweets is allowed. Typically, that organization would block the Twitter connector. Thanks to DLP connector action control, you can now choose to completely block the usage of the Twitter connector in one department but allow for limited usage of that same connector in the marketing department, where tracking product sentiment is an important sales signal. You can choose to disable the write or post actions, but allow for read actions, safely enabling the connector, and supporting scalable digital transformation.

Configuring a connector’s actions is available for all blockable connectors, but not for unblockable connectors nor custom connectors. It is available in the Prebuilt connectors tab of the DLP Policies wizard when selecting a connector.

Animation depicting how to block the “Delete row (V2)” action for the “SQL server” connector.
Note: Please zoom in your web browser’s display to see the GIF in higher resolution.

Data Loss Prevention for custom connectors

Microsoft Power Platform allows makers to create and share custom connectors.

Environment admins can now classify individual custom connectors by name in environment-level DLP policies in the Microsoft Power Platform admin center or with PowerShell. All custom connectors are listed in line with pre-built connectors in the Connectors tab of the DLP Policies wizard.

Tenant admins can also classify custom connectors by their Host URL endpoints using a pattern matching construct with ‘*’ support for tenant-level DLP policies in the Power Platform admin center or with PowerShell. A new tab was added in the DLP Policies wizard called Custom connectors where you can specify an ordered list of allow and deny URL patterns for custom connectors.

Animated gif depicting how to block custom connectors that are behind a specific host URL endpoint.
Note: Please zoom in your web browser’s display to see the GIF in higher resolution.

Getting started with Data Loss Prevention capabilities

We are confident that this new set of advanced DLP capabilities will help your organization strike a balance between productivity and protection. They are now available for all customers in all supported regions. Want to learn more about using advanced DLP controls in your organization? Here are some resources to help you get started: