DLP for default enviroment but excempt all old resources (flows & apps) and apply it only for new resources

(0) Share

Report

Posted on by aterbrack

Hello,

Unfortunately, we have encountered a problem when using the following PowerShell or API.

New-PowerAppDlpPolicyExemptResources -TenantId xxx -PolicyName xxx -NewDlpPolicyExemptResources $exemptResources

https://api.bap.microsoft.com/providers/PowerPlatform.Governance/v1/tenants/xxx/policies/bb8aa1cf-071e-4917-9f19-f388019ff3fe/exemptResources

Initial scenario:

We want to set a DLP for the default environment. Existing apps (approx. 200) and flows (approx. 800) should remain unaffected. The DLP should only apply to new apps and workflows.

But at a certain size of the string to be transmitted of the object "$excemptResources" there is unfortunately an internal server error.
100 resources will work, 200 resources also, but then it will fail at a certain size.

A command to submit individual apps and flows to exclude them does not exist or is not documented.

Question:

How can we achieve to exclude all resources (approx. 1000) at once from a DLP?

Power Shell Script

cls

#Init Hashtable

$exemptResources = @{

exemptResources = @()

}

#function to Ressources for excemption

function excemptResource($id,$type) {

$exemptResource = @{

id = $id

type = $type

}

$exemptResources.exemptResources += $exemptResource

}

$environment = Get-PowerAppEnvironment -Default

$flows = Get-AdminFlow -EnvironmentName $environment.EnvironmentName

$apps = Get-AdminPowerApp -EnvironmentName $environment.EnvironmentName

#iteration for all flows in this environment

foreach ($flow in $flows) {

Write-Host $flow.DisplayName

excemptResource $flow.Internal.id $flow.Internal.type

}

#iteration for all apps in this environment

foreach ($app in $apps) {

Write-Host $app.DisplayName

excemptResource $app.Internal.id $app.Internal.type

}

#add all current resources as an excemption to a dlp

New-PowerAppDlpPolicyExemptResources -TenantId xxxx -PolicyName ba3ea951-cee9-40d4-987b-ea5677d9266b -NewDlpPolicyExemptResources $exemptResources

Categories:

Governance & administering

I have the same question (0)

All responses (2)

Answers (0)

Devikumari Krishna 988 Super User 2024 Season 1 on at

Like (0)

Report

Hi @aterbrack ,

Did you manage to resolve this issue?
I suggest you to raise a Microsoft Support ticket if your issue still persist.
-------------------------------------------------------------------------
If I have answered your question, please mark your post as Solved.
If you like my response, please give it a Thumbs Up.
My Blog: Dynamics 365 Key Topics – https://d365topicsbydk.com/

My Youtube Channel : https://www.youtube.com/channel/UCxSIryP2ah2VpEFr-Z72t1A
Regards
Devi
Regards
Devi

Was this reply helpful? Yes No
Hamish Sheild 3,005 Most Valuable Professional on at

Like (0)

Report

Hi @aterbrack

I haven't done this before but I would assume that you are hitting some sort of limit and trying to use the exempt resources in a way that is not intended. Exemptions should be used as an exception, not the normal.

I understand that you do not want to impact the existing apps and flows with a new DLP but I think there is a better long term approach. I assume that you want to have some sort of DLP policy applied to the existing apps or flows? Another option is to create new environment(s) with less restrictive DLP policies that will not affect your existing apps and flows. Move the impacted apps and flows (using Solutions) from the Default environment to the new environment(s). With that approach you will have DLP policies applied to all environments, without exemptions, and without impacting existing apps and flows. This is obviously a lot more work but I think is a better long term solution.

Was this reply helpful? Yes No