With the introduction of the Power Platform and its enormous amount of connectors, there is a certain risk organizational data can be exposed unintentionally to third party systems. To prevent and manage this, there is a feature called Data Policies.


A Data policy is basically a group of connectors. Power Platform Administrators can create them tenant wide or environment specific, also depending of your rights within the organization. You have two types of data policy groups:

  • Business Data Allowed
  • No Business Data Allowed

To goal of using these groups is to prevent the usage of connectors from both groups within the same flow or canvas app. This way, exposure of sensitive company data is not possible. By default, new connectors are added to the “No Business Data Allowed” group. You can override this in the admin portal. An important remark is that environment specific groups cannot override tenant-wide policies.


Go to https://admin.powerplatform.microsoft.com/ and go to Data policies. This will open up a new window showing the currently existing dlp’s. Click on the new policy sign in the upper right corner to create a new one.

Next, you will have options depending on your privileges within your organization. Here, we only have environment access, and are no tenant-wide admin.

In the next tab, the actual grouping can be done. Please note that once a connector can only be part of one data group at a time.

This is a fairly easy concept of protecting your company data. However, it is key to pay attention to it and develop a strong and clear strategy in the early implementation of a project. Also, it is beneficial to share a list with your (citizen) developers in which category the connectors are based.

How do you implement DLP’s in your organization? Please let me know!