Delen via


Microsoft 365 compliance (Preview)

The Microsoft Purview compliance portal is home to integrated solutions for protecting and governing data, mitigating risks, and more. Simplify tasks across these solutions so you can focus on your compliance posture.

This connector is available in the following products and regions:

Service Class Regions
Power Automate Premium All Power Automate regions except the following:
     -   China Cloud operated by 21Vianet
Power Apps - Not available
Contact
Name Microsoft
URL https://support.microsoft.com/microsoft-365
Connector Metadata
Publisher Microsoft
Website https://compliance.microsoft.com/
Privacy policy https://privacy.microsoft.com
Categories Security

Microsoft 365 compliance solutions help you discover, protect, and govern your data, address regulations and standards, and mitigate insider risks. The Microsoft 365 compliance connector allows you to automate actions for many of these compliance solutions.

Prerequisites

Subscriptions and required permissions vary depending on the compliance solutions where this connector will be used. To learn which subscriptions and permissions are required for compliance solutions, review the Microsoft 365 compliance documentation.

How to get credentials?

Visit https://docs.microsoft.com/en-us/microsoft-365/compliance/?view=o365-worldwide for additional details on Microsoft 365 compliance solutions and subscriptions.

Creating a connection

The connector supports the following authentication types:

Default Parameters for creating connection. All regions Not shareable

Default

Applicable: All regions

Parameters for creating connection.

This is not shareable connection. If the power app is shared with another user, another user will be prompted to create new connection explicitly.

Throttling Limits

Name Calls Renewal Period
API calls per connection 500 60 seconds

Actions

Add insider risk management case note

Adds a note to the insider risk management case

Add privacy management case note

Adds a note to the privacy management case

Apply a Retention Label on the item

Apply a Retention Label on the item.

Deletes the item

Deletes the items.

Get communication compliance violation metadata

Get Violation Metadata

Get insider risk management alert

Get insider risk management alert.

Get insider risk management alerts for a case

Get insider risk management alerts for a case.

Get insider risk management case

Get insider risk management case.

Get insider risk management user

Get insider risk management user.

Get privacy management case

Get privacy management case.

Get tagged privacy files

Get a list of tagged privacy files.

Get translated message Id

Get translated message Id.

Relabel an item at the end of retention

Relabel an item at the end of retention.

Trigger a new instance of the flow if an item can’t be located

If an item can't be located (for example, if it was moved or renamed), this action attempts to find the item using its ID. If the item is found, the flow's settings are reset and a new instance of the flow will be triggered the next time the retention service runs.

Add insider risk management case note

Adds a note to the insider risk management case

Parameters

Name Key Required Type Description
Case ID
Case_Id True string

The unique identifier of an insider risk management case

Note content
content string

The content of the case note.

Returns

Add privacy management case note

Adds a note to the privacy management case

Parameters

Name Key Required Type Description
Case ID
Case_Id True string

The unique identifier of an privacy management case

Note content
content string

The content of the case note.

Returns

Apply a Retention Label on the item

Apply a Retention Label on the item.

Parameters

Name Key Required Type Description
Site Address
SiteUrl string

SharePoint / OneDrive site url. Example: https://contoso.sharepoint.com/sites/sitename

Label name
LabelName string

Label name to update the item with.

ListItem Id
ListItemId integer

SharePoint list item id not GUID.

Folder Path
FolderPath string

Document folder path.

Returns

Deletes the item

Deletes the items.

Parameters

Name Key Required Type Description
Site Address
SiteUrl string

SharePoint / OneDrive site url. Example: https://contoso.sharepoint.com/sites/sitename

Site Id
SiteId string

SharePoint site id.

Web Id
WebId string

SharePoint web id.

List Id
ListId string

SharePoint list id.

Item Unique Id
ItemUniqueId string

SharePoint item unique Guid or mail internet message Id.

Existing Label Id
ExistingLabelId string

The existing label id on the item.

Workload name
ContentSourceApplication string

SharePoint, OneDrive or Exchange

User Id
UserId string

User external directory id.

Returns

Get communication compliance violation metadata

Get Violation Metadata

Parameters

Name Key Required Type Description
Case id
caseId True string

Communication compliance case id

Workingset id
workingsetId True string

Communication compliance working set id

Document id
docId True string

Communication compliance document id

Flow name
flowName True string

Communication compliance flow name

Returns

Name Path Type Description
id
id string

The unique identifier for remediation action

policyName
policyName string

The name for the policy which capture the items

violationTime
violationTime string

The time when the item happened

violationSource
violationSource string

The source through which the item was sent

violatedUserEmail
violatedUserEmail string

User email address who sent this item

Get insider risk management alert

Get insider risk management alert.

Parameters

Name Key Required Type Description
Alert ID
Alert_Id True string

The unique identifier of the insider risk management alert.

Returns

Name Path Type Description
Alert severity
severity string

The severity of the alert.

Alert name
name string

The name of the alert.

Alert status
status string

The status of the alert.

Time to resolve in hours
resolutionTimeInHours float

The total time elapsed in hours to resolve the alert.

Alert ID
id string

The unique identifier of the alert.

Alert creation time
createdDateTimeUtc string

The timestamp in UTC when alert was generated.

Case ID
assignedCase.caseId string

The unique identifier of the case associated with alert.

Case name
assignedCase.name string

The name of the case associated with alert.

Case status
assignedCase.status string

The status of the case associated with alert.

Matched policy ID
violatedPolicy.policyId string

The unique identifier of the policy associated with alert.

Matched policy name
violatedPolicy.policyName string

The name of the policy associate with alert.

User ID
riskyUser.riskyUserId string

The unique identifier of the user associated with the alert.

User principal name
riskyUser.userPrincipalName string

The UPN of the user associated with the alert.

Get insider risk management alerts for a case

Get insider risk management alerts for a case.

Parameters

Name Key Required Type Description
Case ID
Case_Id True string

The unique identifier of the case.

Returns

Name Path Type Description
value
value array of object
Alert severity
value.severity string

The severity of the alert.

Alert name
value.name string

The name of the alert.

Alert status
value.status string

The status of the alert.

Resolution reason
value.closureReason string

The closure reason associated with the alert.

Time to resolve in hours
value.resolutionTimeInHours float

The total time elapsed in hours to resolve the alert.

Alert ID
value.id string

The unique identifier of the alert.

Tenant ID
value.tenantId string

The unique identifier of the organization.

Alert created timestamp
value.createdDateTimeUtc string

The UTC timestamp identifying the creation time of the alert.

Case ID
value.assignedCase.caseId string

The unique identifier of the case associated with alert.

Case name
value.assignedCase.name string

The name of the case associated with alert.

Case status
value.assignedCase.status string

The status of the case associated with alert.

Matched policy ID
value.violatedPolicy.policyId string

The unique identifier of the policy associated with alert.

Matched policy name
value.violatedPolicy.policyName string

The name of the policy associated with alert.

User ID
value.riskyUser.riskyUserId string

The unique identifier of the user associated with alert.

User principal name
value.riskyUser.userPrincipalName string

The UPN of the user associated with alert.

Get insider risk management case

Get insider risk management case.

Parameters

Name Key Required Type Description
Case ID
Case_Id True string

The unique identifier of insider risk management case.

Returns

Name Path Type Description
Case name
name string

The name of the case.

Case status
status string

The status of the case.

Case resolution time
resolutionTimeInHours float

The time elapsed in hours to resolve the case.

Created by
createdBy string

The identifier for the user who created the case.

Case ID
id string

The unique identifier of the case.

Tenant ID
tenantId string

The unique identifier of the organization.

Case created timestamp
createdDateTimeUtc string

The timestamp in UTC corresponding to the time when the case was created.

Content labels
riskyContentInfo.labels array of

The list of content labels associated with the case.

Sensitive info types
riskyContentInfo.dlpSensitiveTypes array of

The list of DLP sensitive info types associated with the case.

SharePoint sites
riskyContentInfo.spoSites array of

The list of SharePoint sites associated with the case.

Resolution reason
closingNote.closingStatus string

Resolution status when case closed.

Action taken
closingNote.actionTaken string

The action taken when case closed.

User ID
riskyUser.riskyUserId string

The unique identifier user associated with the case.

User principal name
riskyUser.userPrincipalName string

The UPN for the user associated with the case.

Teams ID
teamInfo.id string

The Teams ID associated with the case.

Teams name
teamInfo.displayName string

Teams display name.

Teams URL
teamInfo.webUrl string

URL for Teams.

Teams status
teamInfo.status string

Status of Teams.

Get insider risk management user

Get insider risk management user.

Parameters

Name Key Required Type Description
User ID
RiskyUser_Id True string

The unique identifier of the insider risk management user.

Returns

Name Path Type Description
Risk level
riskLevel string

The risk level associated with the user.

User principal name
userPrincipalName string

The UPN of the user.

User status
status string

The status of the user.

User ID
id string

The unique identifier of the user.

Case ID
assignedCase.caseId string

The unique identifier of the case associated with the user.

Case name
assignedCase.name string

The name of the case associated with the user

Case status
assignedCase.status string

The status of the case associated with the user

Get privacy management case

Get privacy management case.

Parameters

Name Key Required Type Description
Case ID
Case_Id True string

The unique identifier of privacy management case.

Returns

Name Path Type Description
Case name
name string

The name of the case.

Case status
status string

The status of the case.

Privacy case type
privacyCaseType string

The type of the case.

DSR type
dsrType string

The DSR Type of the case.

DSR source
dsrSource string

The DSR source of the case.

DSR regulation
dsrRegulation string

The DSR regulation of the case.

Case impact summary
impactSummary string

The impact summary of the case.

Case severity
severity string

The severity of the case.

Created by
createdBy string

The identifier for the user who created the case.

Case ID
id string

The unique identifier of the case.

Tenant ID
tenantId string

The unique identifier of the organization.

Case created date
createdDateTimeUtc string

The timestamp in UTC corresponding to the time when the case was created.

Case due date
dueDateTimeUtc string

The timestamp in UTC corresponding to the time when the case is due.

Case closed date
closedDateTimeUTC string

The timestamp in UTC corresponding to the time when the case was closed.

Files count
insight.filesCount integer

Files count insight.

File locations count
insight.fileLocations integer

File locations count insight.

Files size
insight.filesSize integer

Files size insight.

File need review count
insight.needReview integer

File need review count insight.

Last update time
insight.lastUpdateTimeUtc string

The timestamp in UTC corresponding to the time when the case was last updated.

documentSourceCount
insight.documentSourceCount array of object
Document source count key
insight.documentSourceCount.key string

Document source count key.

Document source count value
insight.documentSourceCount.value integer

Document source count value.

conflictTypeCount
insight.conflictTypeCount array of object
Conflict type count key
insight.conflictTypeCount.key string

Conflict type count key.

Conflict type count value
insight.conflictTypeCount.value integer

Conflict type count value.

reviewStatusCount
insight.reviewStatusCount array of object
Review status count key
insight.reviewStatusCount.key string

Review status count key.

Review status count value
insight.reviewStatusCount.value integer

Review status count value.

Privacy admin user ID
privacyAdmin.userObjectId string

The unique identifier of the privacy admin user.

Privacy admin user UPN
privacyAdmin.userPrincipalName string

The User Principal Name of the privacy admin user.

Alert information
alertInformation array of

Alert information of the case.

stages
stages array of object

Stages of the case.

Case stage ID
stages.id string

The unique identifier of the case stage.

Case stage status
stages.status string

The case stage status.

Data subject ID
dataSubject.id string

The unique identifier the data subject.

Data subject last name
dataSubject.lastName string

The last name of the data subject.

Data subject first name
dataSubject.firstName string

The first name of the data subject.

Data subject residency
dataSubject.residency string

The residency of the data subject.

Data subject email
dataSubject.email string

The email of the data subject.

Data subject address
dataSubject.address string

The address of the data subject.

Is existing data subject
dataSubject.existingDataSubject boolean

Is an existing data subject.

Teams ID
teamInfo.id string

The Teams ID associated with the case.

Teams name
teamInfo.displayName string

Teams display name.

Teams URL
teamInfo.webUrl string

URL for Teams.

Teams status
teamInfo.status string

Status of Teams.

Get tagged privacy files

Get a list of tagged privacy files.

Parameters

Name Key Required Type Description
Case Id
caseid True string

The unique identifier of privacy management case.

Tag Name
tagName True string

The name of a tag for privacy file.

Page Index
pageIndex True integer

The page index of the search for tagged privacy files.

Page Size
pageSize integer

The page size of the search for tagged privacy files.

Returns

Name Path Type Description
value
value array of object
File ID
value.id string

The unique identifier of an tagged file.

Immutable ID
value.immutableId string

The immutable id of an tagged file.

File workload
value.workload string

The workload of the tagged file.

File size
value.size integer

The size of the tagged file.

File name
value.fileName string

The name of the tagged file.

File type
value.fileType string

The file type of the tagged file.

Title
value.title string

The title of the tagged file.

Subject title
value.subjectTitle string

The subject title of the tagged file.

Native size
value.nativeSize integer

The native size of the tagged file.

Document Url
value.documentUrl string

The document Url of the tagged file.

File class
value.fileClass string

The file class of the tagged .

Extracted content type
value.extractedContentType string

The extracted content type of the tagged file.

File path
value.filePath string

The file path of the tagged file.

File item Url
value.itemUrl string

The item Url of the tagged file.

Recorded doc actions
value.docActions string

DocAction for the file.

Remediation actions
value.remediationActions string

RemediationActions for the file.

Annotations
value.annotations string

Annotations for the file.

File created date
value.createdDateTimeUtc string

The timestamp in UTC corresponding to the time when the file was created.

File last modify date
value.lastModifiedDateTimeUtc string

The timestamp in UTC corresponding to the time when the file was last modified.

author
value.author array of string

Author of the file.

The sender of the email.
value.sender string

The sender of email.

Site property path
value.sitePropertyPath string

The file path in site property.

Compound path
value.compoundPath string

The file compound path.

The internet message id
value.internetMessageId string

The internet message id for exchange item.

Get translated message Id

Get translated message Id.

Parameters

Name Key Required Type Description
Case ID
Case_Id True string

The unique identifier of the case.

Immutable Id
immutableId True string

The immutable Id for translation.

Mail Address
mailAddress True string

Mail Address of the exchange mail.

Returns

Name Path Type Description
Message Id
value string

The message Id.

Relabel an item at the end of retention

Relabel an item at the end of retention.

Parameters

Name Key Required Type Description
Site Address
SiteUrl string

SharePoint / OneDrive site url. Example: https://contoso.sharepoint.com/sites/sitename

Site Id
SiteId string

SharePoint site id.

Web Id
WebId string

SharePoint web id.

List Id
ListId string

SharePoint list id.

Item Unique Id
ItemUniqueId string

SharePoint item unique Guid or mail internet message Id.

Workload name
ContentSourceApplication string

SharePoint, OneDrive or Exchange

Label Id
LabelId string

Label Id to update the item with.

User Id
UserId string

User external directory id.

Returns

Trigger a new instance of the flow if an item can’t be located

If an item can't be located (for example, if it was moved or renamed), this action attempts to find the item using its ID. If the item is found, the flow's settings are reset and a new instance of the flow will be triggered the next time the retention service runs.

Parameters

Name Key Required Type Description
Site Id
SiteId string

SharePoint site id.

Web Id
WebId string

SharePoint web id.

List Id
ListId string

SharePoint list id.

Item Unique Id
ItemUniqueId string

SharePoint item unique Guid or mail internet message Id.

Returns

Triggers

For a selected communication compliance item

This trigger allows you to start a flow when a Communication Compliance item is selected in Microsoft 365 compliance center (Available only for Power Automate.)

For a selected insider risk management case

This trigger allows you to start a flow when an insider risk management case is selected in Microsoft 365 compliance center (Available only for Power Automate.)

For a selected insider risk management user

This trigger allows you to start a flow when an insider risk management user is selected in Microsoft 365 compliance center (Available only for Power Automate.)

When an item reaches end of its retention period

Triggers when a SharePoint, OneDrive or Exchange item (which has a retention label applied to it ) reaches the end of its established retention period. When using this trigger, the retention label configuration must be set to trigger this action at the end of the period as well.

When an item violates a DLP policy

Triggers when a SharePoint, OneDrive or Exchange item violates a DLP Policy which is configured with Power Automate Flow Action.

For a selected communication compliance item

This trigger allows you to start a flow when a Communication Compliance item is selected in Microsoft 365 compliance center (Available only for Power Automate.)

Returns

The outputs of this operation are dynamic.

For a selected insider risk management case

This trigger allows you to start a flow when an insider risk management case is selected in Microsoft 365 compliance center (Available only for Power Automate.)

Returns

The outputs of this operation are dynamic.

For a selected insider risk management user

This trigger allows you to start a flow when an insider risk management user is selected in Microsoft 365 compliance center (Available only for Power Automate.)

Returns

The outputs of this operation are dynamic.

When an item reaches end of its retention period

Triggers when a SharePoint, OneDrive or Exchange item (which has a retention label applied to it ) reaches the end of its established retention period. When using this trigger, the retention label configuration must be set to trigger this action at the end of the period as well.

Returns

Name Path Type Description
Site Address
SiteUrl string

SharePoint / OneDrive site url. Example: https://contoso.sharepoint.com/sites/sitename

List Name
ListName string

SharePoint list name.

Folder Path
FolderPath string

Document folder path.

Document Name
DocumentName string

Document name.

Site Id
SiteId string

SharePoint site id.

Web Id
WebId string

SharePoint web id.

List Id
ListId string

SharePoint list id.

Item Unique Id
ItemUniqueId string

SharePoint item unique Guid or mail internet message Id.

ListItem Id
ListItemId integer

SharePoint list item id not GUID.

Library Name
LibraryName string

SharePoint library name.

Workload name
Workload string

SharePoint, OneDrive or Exchange.

Existing Label Id
ExistingLabelId string

The existing label id on the item.

User Id
UserId string

User external directory id.

When an item violates a DLP policy

Triggers when a SharePoint, OneDrive or Exchange item violates a DLP Policy which is configured with Power Automate Flow Action.

Returns

Name Path Type Description
Power Automate Flow ID
FlowId string

Represents the ID of the Power Automate Flow triggered

Item ID
ItemId string

ID of the email, file, or item matching the DLP policy.

Operation
Operation string

Operation that triggered the workflow

Item created on (UTC)
CreationTimeUTC string

Time the detected item was created

Item last modified on (UTC)
LastModifiedTimeUTC string

Time the item was last modified

Actor
Actor string

The user or service principal that performed the action.

Data source
Workload string

Data sources where the activity occurred

Recipients
SharedWith array of string

Users who the item was shared with

Sensitivity label
SensitivityLabels array of string

Sensitivity labels applied to matching email, file, or item.

Matched policy name
PolicyName string

Name of the DLP policy that detected the user activity triggering this workflow.

Matched policy ID
PolicyId string

GUID of the DLP policy that detected the user activity triggering this workflow.

Matched rule ID
RuleId string

GUID of the DLP rule that detected the user activity triggering this workflow.

Matched rule name
RuleName string

Name of the DLP rule that detected the user activity triggering this workflow.

Item size
ContentSize integer

Size (in bytes) of the email, file, or item matching the DLP policy.

Email subject
ExchangeMetadata.Subject string

Subject of the email message.

Attachments
ExchangeMetadata.Attachments array of object

The list of attachments associated with the matched item

Name
ExchangeMetadata.Attachments.Name string

Name of the attachment

Size
ExchangeMetadata.Attachments.Size integer

Size of the attachment

Sensitivity labels
ExchangeMetadata.Attachments.Labels array of string

Sensitivity labels applied to attachment.

ID
SharepointMetadata.SiteId string

ID of the SharePoint site or OneDrive account

URL
SharepointMetadata.SiteUrl string

URL of the SharePoint site or OneDrive account

Folder URL
SharepointMetadata.FolderUrl string

URL of the folder containing the item

File name
SharepointMetadata.FileName string

Name of the file violating the policy on SharePoint or OneDrive

File ID
SharepointMetadata.FileId string

A guid that identifies the file

File URL
SharepointMetadata.FileUrl string

SharePoint or OneDrive URL of the file that matched the DLP policy.

List item id
SharepointMetadata.ListItemId integer

An integer identifier for the item within the containing list

Message type
TeamsMetadata.MessageType string

Teams message type

Message ID
TeamsMetadata.MessageId string

Teams chat or channel message ID

Channel ID
TeamsMetadata.ChannelId string

A unique identifier for the channel

Device ID
EndpointMetadata.MachineId string

Unique ID of device where activity was detected by DLP policy

File name
EndpointMetadata.FileName string

Name of file on device that matched the DLP policy

File path
EndpointMetadata.FilePath string

Local path to the file on a device that matched the DLP policy

User activity
EndpointMetadata.Operation string

User activity detected on device that matched the DLP policy

Evidence URL
EndpointMetadata.EvidenceUrl string

Evidence URL if configured in the policy

Destination
EndpointMetadata.Destination string

Target path

UPN
EndpointMetadata.UPN string

User principal name

Action enforced
EndpointMetadata.EnforcementMode string

DLP action enforced on user activity