Recommended DLP policy settings for the default environment
Microsoft Power Platform default environment is commonly used by users to create their own Power Automate flows. If that's true for you, assign DLP policy to the default environment to prevent users from leaking business data stored in Microsoft 365. Assign the connectors to the Business data group to prevent sharing outside of other Business connectors.
| Connector Name | Purpose |
|---|---|
| Office 365 Outlook | This connector allows makers to retrieve emails from an Office 365 mailbox and send emails through that mailbox. |
| OneDrive for Business | The OneDrive for Business connector allows makers to store and retrieve documents from their OneDrive for Business account. |
| Office 365 Users | The Office 365 Users connector is used to obtain metadata about Office 365 users, including direct reports, photos, profiles, and other user details. |
| SharePoint | The SharePoint connector allows makers for interacting with SharePoint features like reading/writing documents, communicating with custom lists, and deleting content. |
| Excel Online (Business) | The Excel Online (Business) connector allows makers to interact with spreadsheets by listing rows, adding rows, or deleting rows in an online Excel spreadsheet. |
| Microsoft Forms | Microsoft Forms is a popular connector that allows makers to retrieve input from a Microsoft Form and process it in a flow. |
| Office 365 Groups | Office 365 Groups are a connector that is used to manage groups, including adding/removing members and creating group events. |
| OneNote (Business) | The OneNote (Business) connector can be used to manipulate OneNote notebooks, including adding sections and creating pages. |
| Word Online (Business) | The Word Online (Business) connector allows makers to convert a Word Document to PDF or populate a Microsoft Word template. |
| Yammer | The Yammer connector allows makers to subscribe and post messages in the enterprise social media site. |
| Microsoft Teams | Using the Microsoft Teams connectors, makers can subscribe to messages that are posted within Teams channels, post messages, and create channels. |
The following connectors do not contain business data, but administrators should consider placing them in the Business data group. These connectors automate approvals, content conversions, Microsoft Power Platform management, and cyber security processes.
| Connector name | Purpose |
|---|---|
| Approvals | The Approvals connector is used to facilitate approvals in Power Automate. It is technically a connector, so it needs to be considered when you are implementing DLP policies. |
| Content Conversion | The Content Conversion connector allows makers to convert HTML markup to plain text. It is useful when you need to remove all HTML markup so that you can store the raw text in another system. |
| Microsoft Translator | The Microsoft Translator connector allows a maker to detect languages, translate text, and convert text to speech. It does not pose data leakage risks but might be helpful in multi-national organizations. |
| File System | For organizations that are still dependent on on-premises network shares, the File System connector will use the on-premises data gateway to provide a bridge between local file shares and Power Automate. |
| Microsoft To Do (Business) | The Microsoft To Do (Business) connector allows makers to get, list, and create to-do items in the Microsoft To Do service. |
| PowerApps for Admins | The PowerApps for Admins connector allows administrators to modify app permissions, get a list of apps, get a list of custom connectors, and set app owners. |
| PowerPlatform for Admins | The PowerPlatform for Admins connector allows administrators to create environments, create environment DLP policies, create tenant DLP policies, delete environments, force environment syncs, list supported environments, and more. |
| PowerApps for App Makers | The PowerApps for App Makers connector provides administrative capabilities in the context of an application, not the entire environment/tenant. Within this connector, an app owner can edit permissions, get app versions, get connections, publish an app, remove an app, and more. |
| Flow management | The Flow management connector provides administrative capabilities to the flow owner. Within this connector, a flow owner can create connections, create flows, delete flows, get flow details, list my flows, list my environments, and more. |
| Microsoft Flow for Admins | The Microsoft Flow for Admins connector has environment or tenant scope, based on the connection. As a result, this connector allows an admin to disable a flow, edit flow permissions, get flow user details, remove flow user details, remove flow, and more. |
| Cloud App Security | The Cloud App Security connector is for use with the Microsoft Cloud App Security service. For organizations that are using this service, this connector allows Cloud Security Analysts to automate activities such as enabling security policies, getting cloud security alerts, tagging apps as sanctioned, and more. |
| Microsoft Graph Security | For organizations that are using Microsoft Graph Security, the Microsoft Graph Security connector automates security workflows by creating subscriptions, subscribing to alerts, and more. |
| Microsoft Defender ATP | Microsoft Defender ATP provides endpoint protection against malware and other malicious activities. Using the Microsoft Defender ATP, Cyber Security Analysts can automate actions such as isolating machines, investigating, removing application permissions, running antivirus scans, and much more. |