You’re offline. This is a read only version of the page.
Hello,
Unfortunately, we have encountered a problem when using the following PowerShell or API.
New-PowerAppDlpPolicyExemptResources -TenantId xxx -PolicyName xxx -NewDlpPolicyExemptResources $exemptResources
Initial scenario:
We want to set a DLP for the default environment. Existing apps (approx. 200) and flows (approx. 800) should remain unaffected. The DLP should only apply to new apps and workflows.
But at a certain size of the string to be transmitted of the object "$excemptResources" there is unfortunately an internal server error.
100 resources will work, 200 resources also, but then it will fail at a certain size.
A command to submit individual apps and flows to exclude them does not exist or is not documented.
Question:
How can we achieve to exclude all resources (approx. 1000) at once from a DLP?
Power Shell Script
cls
#Init Hashtable
$exemptResources = @{
exemptResources = @()
}
#function to Ressources for excemption
function excemptResource($id,$type) {
$exemptResource = @{
id = $id
type = $type
}
$exemptResources.exemptResources += $exemptResource
}
$environment = Get-PowerAppEnvironment -Default
$flows = Get-AdminFlow -EnvironmentName $environment.EnvironmentName
$apps = Get-AdminPowerApp -EnvironmentName $environment.EnvironmentName
#iteration for all flows in this environment
foreach ($flow in $flows) {
Write-Host $flow.DisplayName
excemptResource $flow.Internal.id $flow.Internal.type
}
#iteration for all apps in this environment
foreach ($app in $apps) {
Write-Host $app.DisplayName
excemptResource $app.Internal.id $app.Internal.type
}
#add all current resources as an excemption to a dlp
New-PowerAppDlpPolicyExemptResources -TenantId xxxx -PolicyName ba3ea951-cee9-40d4-987b-ea5677d9266b -NewDlpPolicyExemptResources $exemptResources
Hi @aterbrack
I haven't done this before but I would assume that you are hitting some sort of limit and trying to use the exempt resources in a way that is not intended. Exemptions should be used as an exception, not the normal.
I understand that you do not want to impact the existing apps and flows with a new DLP but I think there is a better long term approach. I assume that you want to have some sort of DLP policy applied to the existing apps or flows? Another option is to create new environment(s) with less restrictive DLP policies that will not affect your existing apps and flows. Move the impacted apps and flows (using Solutions) from the Default environment to the new environment(s). With that approach you will have DLP policies applied to all environments, without exemptions, and without impacting existing apps and flows. This is obviously a lot more work but I think is a better long term solution.
Hi @aterbrack ,
Did you manage to resolve this issue?
I suggest you to raise a Microsoft Support ticket if your issue still persist.
-------------------------------------------------------------------------
If I have answered your question, please mark your post as Solved.
If you like my response, please give it a Thumbs Up.
My Blog: Dynamics 365 Key Topics – https://d365topicsbydk.com/
My Youtube Channel : https://www.youtube.com/channel/UCxSIryP2ah2VpEFr-Z72t1A
Regards
Devi
Regards
Devi
#1
Michael E. Gernaey
11
Super User 2025 Season 1
#2
stampcoin
9
#3
bscarlavai33
5
Super User 2025 Season 1
Share
Report
All responses (
Answers (
