Enable Public Preview to get DLP - Blocked option

(0) Share

Report

Posted on by Community Power Pla...

Hi!

We are about to roll out a PowerApp in an organization. This organization has strict security policies for their data.

The problem is that you can't remove Tenant from the Environment Maker role (which is something I still don't understand). So everyone is allowed to create a PowerApp since everyone needs to use the PowerApp we built for them.

The problem with that is that everyone can use the connectors which are available to them like Dropbox etc.. I know that we can set the Sharepoint connector as business data only so the non-business data connectors can't work with business data connectors. But the problem is that they also don't want to facilitate users to use the other connectors.

I read this post:
https://docs.microsoft.com/en-us/power-platform/admin/wp-data-loss-prevention

That there is a 3rd category: Blocked but it's in Public Preview which let's you block connectors. I really need that feature so my question is (maybe a dumb one).. Is there a way to sign up for this without waiting till it becomes generally available?

Kind regards!

All responses (4)

Answers (1)

Community Power Pla... on at

Like (0)

Report

Re: Enable Public Preview to get DLP - Blocked option

A-ha! I was exploring these options at admin.powerapps.com and not in admin.powerplatform.com 🙂
I just tried blocking some connectors although I could still use them in PowerApps.. blocked the dropbox connector, but I could still connect to it via PowerApps and Flow. Maybe it needs some time to process?
Verified answer

UdayAdhikari 450 Most Valuable Professional on at

Like (0)

Report

Re: Enable Public Preview to get DLP - Blocked option

Hi @Anonymous, hope you are doing well!

It looks like some of your questions are still unanswered. So, let me take a stab at them. Please ignore you have already figured them out for posting so others are refer to it.
1) "can't remove Tenant from the Environment Maker role"
This is true for default environment, everyone with log in can create app in the default env. and there is no way to block that today. As a best practice, we recommend at a minimum creating a new env. for production application. By doing this you can manage who you want to give access to create apps. Please refer to to this article for more details: https://docs.microsoft.com/en-us/power-platform/admin/environments-overview

2) "can I use Blocked group now while in Public Preview"
You should be able to see and manage new DLP policies by going into https://admin.powerplatform.microsoft.com/ > Data policies (preview). This is a tenant level feature and you should be able to see right off the bat. Make sure the account you are logging in is either tenant admin or has Power Platform Admin role.

---------------------------------------------------------------------------------------------------------------------------------------------
If you like this reply, please give kudos. And if this solved your problem, please accept this reply as the solution so others are refer as well.
CU01081947-0 716 on at

Like (0)

Report

Re: Enable Public Preview to get DLP - Blocked option

Hello @Anonymous,
I hope you're well. Just to confirm, I too am already seeing the "Block" functionality without enabling anything. When I edit out DPL policy I'm now seeing the "Block" option.
What I did was open the DPL policy, go into one of the Data Groups, such as "Non-business | Default" then if I select a connector I then have either two options "Move to Business" or "Block".

If I select "Block" it moves into that Data Group.

And if I want I can then move it out again to one of the other two Data Groups.
Hope that helps. Let me know if you still can't see it.
Thanks,
Garry
alrezac on at

Like (1)

Report

Re: Enable Public Preview to get DLP - Blocked option

Hi,

Public preview means that everyone should be able to participate in using this new DLP feature. Double check to see if its there on a new DLP policy. It is available in my test tenant. Note though;

Data flow to a specific service can be blocked altogether by marking that connector as Blocked. For example, if you place Facebook in the Blocked group, makers can't create an app or flow that uses the Facebook connector. This in turn restricts data flows to this service in Power Platform.

All third-party connectors can be blocked. All Microsoft-owned premium connectors (except Common Data Service) can be blocked.

Regards,

Alex

-------

Community Support Team _ Alex Rezac
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.