web
You’re offline. This is a read only version of the page.
close
Skip to main content

Notifications

Announcements

Welcome to the Power Platform Communities
Sign Up for Ask a Community Pro Today!
Share your business problems and get Power Platform leaders' perspectives!
Community site session details

Community site session details

Session Id :
Power Platform Community / Forums / Power Automate / DLP seems easy to circ...
Power Automate
Unanswered

DLP seems easy to circumvent via a separate tenant?

(1) ShareShare
ReportReport
Posted on by Mike2500 1,247 Super User 2024 Season 1

TenantA has a DLP with SharePoint in "Business Data Only". This means that users in TenantA cannot email content from SharePont via Flow. This is good.

 

TenantA creates an account for a consultant, Sam. Sam also has an account in a TenantB. Sam creates a flow in his TenantB that connects to SharePoint in TenantA, which emails content from SharePoint. Sam's Flow wouldn't be subject to the DLP, because the Flow is running in TenantB.

 

We also have a separate tenant for developers for them to build/test. They're in charge of that tenant, and so they can also ignore any DLP policies in the main tenant, right?

 

So, what do we actually accomplish by configuring DLP? Is there a way for admins to block users from emailing business data, or posting it to Twitter, via flow?

 

 

 

Categories:
General topics
I have the same question (0)
  • v-xida-msft Profile Picture
    v-xida-msft on at

    Hi @Mike2500,

     

    Thanks for your feedback. A DLP is applied to one or more environments which are created by a tenant. The DLP takes effect in one or more environments which are created by a tenant. The DLP is created in TenantA is not effective in TenantB.

     

    More details about Data Loss Prevention Policies, please check the following document:

    Introducing Data Loss Prevention Policies in Microsoft Flow

     

    Best regards,

    Kris

  • Mike2500 Profile Picture
    Mike2500 1,247 Super User 2024 Season 1 on at

    So is this a bug in the software, or does the documentation need to be udpated? According to the docs:

     

    "Benefits of a DLP policy
    Ensures that data is managed in a uniform manner across the organization
    Prevents important business data from being accidentally published to services such as social media sites."

     

    But because of the issue I pointed out with tenants, these benefits don't actually exist. 

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

News and Announcements

Welcome to the Power Platform Communities
Sign Up for Ask a Community Pro Today!
Share your business problems and get Power Platform leaders' perspectives!

Quick Links

Forum hierarchy changes are complete!

In our never-ending quest to improve we are simplifying the forum hierarchy…

Kudos to our 2025 Community Spotlight Honorees

Congratulations to our 2025 community superstars!

Congratulations to the December Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Power Automate

#1
trice602 Profile Picture

trice602 248 Super User 2026 Season 1

#2
David_MA Profile Picture

David_MA 207 Super User 2026 Season 1

#3
Power Platform 1919 Profile Picture

Power Platform 1919 101 Super User 2026 Season 1

Last 30 days Overall leaderboard

Featured topics

Share your ideas and struggles with building Power Automate flows!
Survey: Power Automate mobile app
How to Ask for Help with Your Power Automate Workflow
Flows are not visible for users who sign in with their personal accounts
Start and wait for an approval action
Restore a deleted flow
List of actions cheat sheet for Power Automate Desktop
Question for everyone : How are you using Create Text GPT in AI Builder?
Welcome to the Power Automate forum!

Product updates

Microsoft Power Platform Community release plans