Data loss prevention example - Block SharePoint knowledge sources

You can use data loss prevention (DLP) policies to prevent copilot authors for connecting to data. Doing so can help prevent data exfiltration.

For more information about other DLP policy configurations, see Configure data loss prevention policies for copilots.

Configure DLP to block or configure endpoints using SharePoint in Power Platform admin center

Select or create a policy

  1. In the Power Platform admin center, under Policies, select Data policies.

  2. Create a new policy, or choose an existing policy to edit:

    • If you want to create a new policy, select New policy.

    • If you want to choose an existing policy to edit, select the policy and select Edit policy.

  3. Enter a name for the policy then select Next. You can change the name later.

Choose an environment

  1. Choose one or more environments to add to your policy.

  2. Select + Add to policy.

  3. Select Next.

Add the connector

  1. Use the search box to find the connector you want to block. You can see connectors that are already blocked on the Blocked tab.

  2. Select the connector's More actions icon (), and then select Block.

  3. Select Next.

  4. Review your policy, then select Update policy to apply the DLP changes.

If admins wants to allow or deny SharePoint endpoints their makers can use as knowledge sources in Copilot Studio, they can use DLP connector endpoint filtering instead of blocking it.

Confirm policy enforcement

You can confirm that this connector is being used in the DLP policy from Copilot Studio.

  1. Open your copilot from the environment where the DLP policy is applied.

  2. Go to the Knowledge tab, select Add knowledge, and add a SharePoint knowledge source.

If the policy is enforced, an error banner with a Details button appears. On the Channels page, expand the error link and select the Download button to see details. The Published button is disabled when there's a DLP violation.

In the details file, a row appears for each violation. If a knowledge source has a DLP violation, a row appears for the knowledge page and for each generative answers node that uses that knowledge source.

Note

Classic chatbots don't support Power Platform connectors.