Recommended DLP policy settings for the default environment
Microsoft Power Platform default environment is traditionally used by users to create their own Power Automate flows. A DLP policy assigned to the default environment is recommended to prevent users from leaking business data stored in Microsoft 365. These connectors should be assigned to the Business data group.
| Connector Name | Purpose |
|---|---|
| Office 365 Outlook | This connector allows makers to retrieve emails from an Office 365 mailbox and send emails through that mailbox. |
| OneDrive for Business | The OneDrive for Business connector allows makers to store and retrieve documents from their OneDrive for Business account. |
| Office 365 Users | A connector that is used for obtaining metadata about Office 365 users, including user details, direct reports, photos, and profiles. |
| SharePoint | The SharePoint connector allows makers to interact with SharePoint features like reading/writing documents, communicating with custom lists, and deleting content. |
| Excel Online (Business) | This connector allows makers to interact with spreadsheets by listing rows, adding rows, or deleting rows in a spreadsheet. |
| Microsoft Forms | A popular connector that allows makers to receive input from a Microsoft Form and process it in a flow. |
| Office 365 Groups | A connector that is used to manipulate groups, including adding/removing members from a group and creating group events. |
| OneNote (Business) | The OneNote connector can be used to manipulate OneNote notebooks, including adding sections and creating pages. |
| Word Online (Business) | This connector allows makers to convert a Word Document to PDF and populate a Microsoft Word template. |
| Yammer | The Yammer connector allows makers to subscribe and post messages in the enterprise social media site. |
| Microsoft Teams | By using the Microsoft Teams connectors, makers can subscribe to messages that are posted within Teams channels, post messages, and create channels. |
The following connectors do not contain business data, but administrators should consider placing them in the Business data group. These connectors automate approvals, content conversions, Microsoft Power Platform management, and cyber security processes.
| Connector name | Purpose |
|---|---|
| Approvals | This connector is used to facilitate approvals in Power Automate. It is technically a connector, so it needs to be considered when you are implementing DLP policies. |
| Content Conversion | The Content Conversion connector allows makers to convert HTML markup to plain text. It is useful when you need to remove all HTML markup so that you can store the raw text in another system. |
| Microsoft Translator | The Microsoft Translator connector allows a maker to detect languages, translate text, and convert text to speech. It does not pose data leakage risks, but might be helpful in multi-national organizations. |
| File System | For organizations that are still dependent on on-premises network shares, this connector will use the on-premises data gateway to provide a bridge between local file shares and Power Automate. |
| Microsoft To-Do (Business) | This connector allows makers to get, list, and create to-do items in the Microsoft To-Do service. |
| PowerApps for Admins | This connector allows administrators to modify app permissions, get a list of apps, get a list of custom connectors, and set app owners. |
| PowerPlatform for Admins | This connector allows administrators to create environments, create environment DLP policies, create tenant DLP policies, delete environments, force environment syncs, list supported environments, and more. |
| PowerApps for App Makers | This connector provides administrative capabilities but in the context of an application and not the entire environment/tenant. Within this connector, an app owner can edit permissions, get app versions, get connections, publish an app, remove an app, and more. |
| Flow management | This connector provides administrative capabilities but in the context of the flow owner. Within this connector, a flow owner can create connections, create flows, delete flows, get flow details, list my flows, list my environments, and more. |
| Microsoft Flow for Admins | This connector has environment and tenant scope depending on the connection that it is running under. As a result, this connector allows an admin to disable a flow, edit flow permissions, get flow user details, remove flow user details, remove flow, and more. |
| Cloud App Security | This connector is for use with the Microsoft Cloud App Security service. For organizations that are using this service, this connector allows Cloud Security Analysts to automate activities such as enabling security policies, getting cloud security alerts, tagging apps as sanctioned, and more. |
| Microsoft Graph Security | For organizations that are using Microsoft Graph Security, they can automate their security workflows by creating subscriptions, subscribing to alerts, and more. |
| Microsoft Defender ATP | Microsoft Defender ATP provides endpoint protection against malware and other malicious activities. By using the Microsoft Defender ATP, Cyber Security Analysts can automate actions such as isolating machines, performing investigation actions, removing application permissions, running antivirus scans, and much more. |