I'm running into a frustrating and inconsistent issue with a managed solution deployment and hoping someone has seen this before.
The Setup
I have a managed solution containing 5 cloud flows. Connectors used are Gmail (x2 connection references), SharePoint, Microsoft Forms, and Content Conversion.
The Problem
When importing into a fresh Developer environment and attempting to turn on flows, I receive:
"Turn on failed. Flow client error returned with status code Forbidden and details GoogleDlpViolation."
What Makes This Strange
- Zero DLP policies exist in this tenant — confirmed in Power Platform Admin Center
- The identical managed solution works perfectly in another Developer environment on the same tenant
- One flow (with a scheduled trigger) enables successfully in the failing environment
- Three other flows all fail with GoogleDlpViolation. Two are triggered via microsoft form, one is triggered via an email received in gmail
- Gmail connector is set to Trusted in Google Workspace Admin Console
- All connectors are in the same Business data group in DLP policy
- All connection references show green checkmarks after import
- The initial install flow (manual trigger) runs successfully and sends email via Gmail
What I've Already Tried
- Fresh Developer environment provisioned after DLP policy was verified
- Pre-created all connections in Power Apps before import
- Deleted and reimported solution multiple times
- Created explicit DLP policy with all connectors in Business group applied to all environments
- Verified Google Workspace Admin Console has Power Platform set to Trusted
- Waited over an hour for DLP policy propagation
- Opened and hydrated each flow individually before attempting to turn on
- Compared both environments — configuration is identical
Key Observation
The manual trigger install flow sends email via Gmail successfully. Only automated trigger flows fail. The flow with a scheduled trigger also works. The pattern seems to be specific to certain trigger types combined with Gmail in a managed solution context — but even that theory is inconsistent across environments with the same solution imported.
My Theory
This appears to be a backend environment initialization issue where Microsoft spins up Developer environments with different internal Gmail enforcement states, independent of any visible DLP configuration.
Has anyone else encountered this? Any workarounds would be greatly appreciated. I have a Microsoft support ticket open but looking for community insights while that works through the system.
