Known limitations

Below are known limitations to know about when leveraging our suite of data loss prevention (DLP) capabilities:

General

  • There's limited support for DLP actions in the Power Platform for Admins connector. The ability to block a connector is only supported in the DLP actions labeled with "V2" (such as "Create DLP Policy V2"). Connector action control, connector endpoint filtering, and DLP for custom connectors can't be configured using the Power Platform for Admins connector.
  • Tabular functions in the Power Apps expression language can't be governed with DLP.
  • Solution flows need to be activated once, to create a runtime representation, before they can be targeted for DLP enforcement exemption using the Set-PowerAppDlpPolicyExemptResources cmdlet. If activation of the flow isn't allowed as-is because of a current DLP violation, then you could make changes to avoid violations, save, activate, add the exemption, then edit as desired with the exemption active.

Child flows

  • Blocking the HTTP with Azure AD connector will also block child flows because those child flows are called using the same HTTP connector technology.
  • If a child flow violates a DLP policy, it will not result in the parent flow becoming non-compliant.

Desktop flows

  • There's no support for cross checking the categories between a cloud flow and the desktop flows it calls. This will be supported when DLP for desktop flows is generally available.
  • There's no support for cross checking the modules that are used between a desktop flow and all its child desktop flows. This will be supported when DLP for desktop flows is generally available.
  • There's no support for the "Set default group" for newly added desktop flow modules. This will be supported when DLP for desktop flows is generally available.

See also

DLP for desktop flows