Recommended DLP policy settings for Dynamics 365 environments
Another popular use case that organizations face when creating DLP policies is supporting Dynamics 365 workloads. The following connectors should be assigned to the Business data group to protect Dynamics 365 data from leaking.
| Connector name | Purpose |
|---|---|
| Microsoft Dataverse | The Microsoft Dataverse connector provides underlying platform access to Dynamics 365 data that is stored in Dataverse tables. This connector is the older of the two Microsoft Dataverse connectors and should be used in personal automation areas. |
| Dataverse (current environment) | The Database (current environment) connector can dynamically infer the environment that it's in. It also has some Dataverse solution-specific capabilities like calling AI Builder predict actions. Using this connector also simplifies deployments because the Dataverse environment doesn't need to be reset every time a flow or app is deployed. |
| Dynamics 365 | The Dynamics 365 connector has been deprecated in favor of Microsoft Dataverse connectors. However, by not including it in the Business data group, other users could use this connector to send data to Non-Business connectors. With this in mind, it's best to include this connector in your DLP policy, but it isn't recommended for use. |
| DocuSign* | The DocuSign connector is used with the DocuSign SaaS service, which supports obtaining and tracking digital signatures. |
| Adobe Sign* | The Adobe Sign connector is used with the Adobe Sign SaaS service, which supports obtaining and tracking digital signatures. |
| OneDrive | The OneDrive connector allows makers to store and retrieve documents from their individual OneDrive account. |
| Office 365 Outlook | The Office 365 connector allows makers to retrieve emails from and send emails through their individual Office 365 mailbox. |
| SharePoint | The SharePoint connector allows makers to interact with SharePoint to read/write documents, communicate with custom lists, delete content, and more. |
| Microsoft Forms | Microsoft Forms connector is a popular connector that allows makers to receive input from a Microsoft Form and process it in a flow. |
| Word Online (Business) | The Word Online (Business) connector allows makers to convert a Word Document to PDF and populate a Microsoft Word template. |
| Microsoft Teams | Using the Microsoft Teams connector, makers can subscribe to messages posted in Teams channels, post messages, and create channels. |
* Optional - If an organization uses these tools, these connectors are available to support digital signatures for documents generated from Dynamics 365.
The following connectors don't contain Dynamics 365 business data, but administrators should consider placing them in the Business data group. These connectors automate approvals, content conversions, Microsoft Power Platform management, and cyber security processes.
| Connector name | Purpose |
|---|---|
| Content Conversion | The Content Conversion connector allows makers to convert HTML markup to plain text. It's useful when you need to remove all HTML markup so that you can store raw text in another system. |
| File System | For organizations that are still dependent on on-premises network shares, this connector uses the on-premises data gateway to provide a bridge between local file shares and Power Automate. |
| Microsoft To Do (Business) | This connector allows makers to get, list, and create to-do items in the Microsoft To Do service. |
| PowerApps for Admins | This connector allows administrators to modify app permissions, get a list of apps, get a list of custom connectors, and set app owners. |
| PowerPlatform for Admins | This connector allows administrators to create environments, create environment DLP policies, create tenant DLP policies, delete environments, force environment syncs, list supported environments, and more. |
| PowerApps for App Makers | This connector provides administrative capabilities but in the context of an application and not the entire environment/tenant. Within this connector, an application owner can edit permissions, get app versions, get connections, publish an app, remove an app, and more. |
| Flow management | This connector provides administrative capabilities but in the context of the flow owner. Within this connector, a flow owner can create connections, create flows, delete flows, get flow details, list my flows, list my environments, and more. |
| Microsoft Flow for Admins | This connector has environment and tenant scope depending on the connection that it's running under. As a result, this connector allows an admin to disable a flow, edit flow permissions, get flow user details, remove flow user details, remove flow, and more. |
| Cloud App Security | This connector is for use with the Microsoft Cloud App Security service. For organizations that are using this service, this connector allows Cloud Security Analysts to automate activities such as enabling security policies, getting cloud security alerts, tagging apps as sanctioned, and more. |
| Microsoft Graph Security | For organizations that are using Microsoft Graph Security, they can automate their security workflows by creating subscriptions, subscribing to alerts, and more. |
| Microsoft Defender ATP | Microsoft Defender ATP provides endpoint protection against malware and other malicious activities. By using the Microsoft Defender ATP, Cyber Security Analysts can automate actions such as isolating machines, performing investigation actions, removing application permissions, running antivirus scans, and much more. |