Monitoring the Power Platform: Connectors, Connections and Data Loss Prevention Policies (2023)


Connectors are used throughout Power Platform Pillars such as Microsoft Power Automate and Microsoft Power Apps. They are also used in Azure services such as Azure Logic Apps. Connectors are a wrapper around first and third party APIs to provide a way for services to talk to each other. They represent the glue between services, allowing users to setup Connections to connect various accounts together. These connectors encompass a wide range of SaaS providers including Dynamics 365, Office 365, Dropbox, Salesforce and more.

This article will explore Connectors and Connections to help administrators better understand how they are being leveraged within the Power Platform. We will discuss components of connectors and where to go to find out about connectors used with Power Apps and Power Automate. Next, we will connections and their boundaries and impact. Finally, we will explore Data Loss Prevention Policies and how to restrict connector usage for business and non-business related purposes.

Connector Components

Each connector used in the Power Platform consists of operations called "Actions" and "Triggers".


Actions are operations that read, change or manipulate data or variables, all directed by a Maker. These are tied to the Connector (Open API) definition provided by each service. Examples include Reading data from the Common Data Service, sending emails through Outlook or internal operations such as parsing JSON or looping through a result set.


Triggers represent notifications to Microsoft Power Automate Flows or Azure Logic Apps that an event has occurred. They are generally grouped into two types of triggers: Poll and Push Triggers.

A polling trigger makes a call into the API at a reoccurring frequency to check for new messages. When new data is available, the trigger will run the Flow or Logic App. Examples include timer triggers. A great breakdown into explaining, using and creating a custom connector that uses polling is titled "Use a polling trigger for Azure Logic Apps and Microsoft Power Automate".


Monitoring the Power Platform: Connectors, Connections and Data Loss Prevention Policies (1)

A push trigger is a listener waiting for an event to occur or a message to be received. Once received, the trigger will run the Flow or Logic App. Examples include Flow button presses, HTTP or Webhook connectors. Another article, titled "Use a webhook as a trigger for Azure Logic Apps and Power Automate", explains how to create a custom connector for GitHub to listen for push events on a repo.

Connector Definition

In the case of the Dropbox connector, we can see in the documentation the actions and triggers defined in the Open API definition. This same definition is available using the PowerApps Administration PowerShell module or Management connector and the list connectors action. The image below was extracted from the Management connector list connector action.

Monitoring the Power Platform: Connectors, Connections and Data Loss Prevention Policies (2)

Each connector definition will include a "tier" property, this tells administrators if the connector is considered premium. This can also impact out DLP Policies discussed below.

(Video) Power Platform Security: Granular Data Loss Prevention and Endpoint Restriction Policies

Monitoring the Power Platform: Connectors, Connections and Data Loss Prevention Policies (3)

Standard and Premium Connector Tiers

Both Standard and Premium tiers are available based on the type of Office 365 licensing. Below you'll find references to both tiers. Standard licenses, where the service is owned by Microsoft, can't be added to the Blocked Data Loss Prevention Policy discussed below.

List of Premium Connectors

List of Standard Connectors

Preview and Production Connector Release Statuses

Preview Connectors, can be used in Production environments but with caution as indicated by the light blub symbol attached to each connector. If a connector is not in preview, then its considered in a Production release status. For each connector, check to see the regional availability using the links provided.

List of Preview Connectors

List of Production Connectors

Custom Connectors

As described above, hundreds (as of this time 325+) of connectors exist to allow Power Apps and Power Automate to talk to services. That said, there will eventually come a time where an API that your app or flow needs to talk to will not be available as a provided connector. Luckily, the concept of Custom Connectors can help fill this gap.

Custom connectors allow developers to build and secure APIs that can be consumed by Makers and Users of the Power Platform. Common examples include using Azure Functions or Web Apps to build an API and using Azure AD to secure the API. Finally, the API will need to be defined and described using a specification called Open API. One of the advantages of using Azure Functions is that it can generate the Open API spec for a developer, allowing for a seamless handoff to the author of the Custom Connector.

This image from the Custom Connectors overview does a wonderful job of visualizing the steps involved here.

Monitoring the Power Platform: Connectors, Connections and Data Loss Prevention Policies (4)

The scope of creating a custom connector covers a wide range of additional concepts and considerations, such as authentication and access protocols. I would consider starting with this step by step to begin creating your own Custom Connector or here for using the Logic Apps Custom Connector service in Microsoft Azure. Custom connectors are scoped to a specific environment, this is important when discussing Data Loss Prevention Policies below.

(Video) Block connectors in the Microsoft Power Platform with the new Data Loss Prevention (DLP) policies

Solution Aware Connectors

Custom connectors can also be created within Dynamics 365 or Common Data Service solutions. Enterprises that need to utilize custom connectors in a production ready environment, will want automation tools to migrate changes from developers. Solution aware custom connectors, as part of a Common Data Service solution, can be neatly packaged and moved across sandbox and test environments towards production. Administrators can leverage existing tools such as Solution Packager to unpack and store within source control.

When working with custom connectors in solutions, be sure to reference and evaluate the Known Limitations currently with this feature.


Connections are used by Power Apps and Power Automate to activate and work with Connectors. When viewing within the Portal, each connection has an identifier, the connector its using, the creation time and who created it as well as the current environment and status. Each connection shows how its used across Power Apps and Power Automate Flows. The below image shows a connection in the Maker Portal.

Monitoring the Power Platform: Connectors, Connections and Data Loss Prevention Policies (5)

Here is the same Azure Application Insights connection shown using the PowerShell module for Power Apps Administration tasks. This option provides us an option to view the current status programmatically.

Monitoring the Power Platform: Connectors, Connections and Data Loss Prevention Policies (6)

The same connector can be used for multiple connections as shown in the image below with multiple entries for Azure DevOps.

Monitoring the Power Platform: Connectors, Connections and Data Loss Prevention Policies (7)

Connections can be connected to a user account but can also work with service principals. The supported types of authentication are None, Basic, API Key and OAuth 2.0.

Connections across environments

Environments represent boundaries between data sources, customizations, etc within the Power Platform and this includes connections. One question that will eventually come up is how to work with solution aware components that use connections. The connections that may be used for development purposes won't necessarily work in production workloads.

The typical approach I've seen is to create the connections manually and update the connector's connection where needed. Using PowerShell or potentially other connectors (i.e. Power Automate Management), automation techniques can be applied as part of your ALM strategy.

Monitoring the Power Platform: Connectors, Connections and Data Loss Prevention Policies (8)

(Video) Power Platform Administration [Live Event]

Quick Point on Migrating Managed Solution Power Automate Flows

Recently I begin investigating scenarios of moving flows and applying connections as referenced above. Using that approach I was able to apply connections using automation techniques with Microsoft Power Automate. This worked and I was able to successfully apply the connection and turn on the Flow using the Power Automate (CDS) API. However by doing this, an active unmanaged layer was introduced. This causes concern as subsequent changes performed on the flow will be underneath the active layer as pointed out in this Known Limitations section.

"Importing a solution containing a flow will not automatically create or associate required connections. The flow must be edited to fix the connections.

  • If using managed solutions, this creates an active customization in the unmanaged layer. Therefore subsequent solution updates to the flow will not be reflected."

Until I find a solution to this, consider removing the active layer and applying the solution. In my findings when the active layer was applied, the flow reverted back to its original state. Here is the extracted flow to use as an example.

Monitoring the Power Platform: Connectors, Connections and Data Loss Prevention Policies (9)

Data Loss Prevention Policies

Data Loss Prevention Policies help protect and secure organizational data within an enterprise by providing rules enforcing what connectors can be used. Connectors can be grouped into Business, Non-Business and Blocked classifications which determine if they can be used within Power Apps or Flows. These policies can be scoped to a specific environment or across all environments within a tenant.

Here is an image showing a Business Data Only policy I created that is scoped to a single environment.

Monitoring the Power Platform: Connectors, Connections and Data Loss Prevention Policies (10)

Blocked policies restrict resources from interacting with a specific service. All third-party connections and Microsoft owned Premium connectors (except Common Data Service) can be blocked.

This image shows an error message when attempting to use connectors that are from different policy groups.

Monitoring the Power Platform: Connectors, Connections and Data Loss Prevention Policies (11)

DLP Policies and Power App Administration PowerShell

As detailed in "Introducing HTTP and Custom Connector Support for Data Loss Prevention Policies" by Jonathon Levesque, these policies can be used for HTTP and Custom Connectors. There is an important note that Jonathon documents that is worth pointing out:

(Video) Secure your Data All About Power Platform Data Loss Prevention

"To add support for custom connectors and/or HTTP connectors to a policy using the PowerShell, download and import the latest PowerApps PowerShell scripts from the link above and use the cmdlets ‘New-AdminDlpPolicy’, ‘Set-AdminDlpPolicy’, ‘Add-CustomConnectorToPolicy’, and ‘Remove-CustomConnectorFromPolicy’ to modify a policy. The cmdlet ‘Get-Help -detailed’ can be used as a reference.

Note: Use the schema version ‘2018-11-01′ when creating or updating a DLP policy to include HTTP connectors. Adding HTTP support using the template or PowerShell will only affect the specified policy. New policies created via the Admin Center will not contain the HTTP connectors.

Caution: WE DO NOT SUPPORT DOWNGRADING FROM SCHEMA VERSION 2018-11-01. Once HTTP support is added to a policy, it cannot be taken away. Attempting to do so may corrupt that DLP policy. Furthermore, if a DLP policy is updated to support HTTP connectors, current flows using these HTTP capabilities may be shut off."

This image shows, using the Power App Administration PowerShell module and the Get-AdminDlpPolicy cmdlet, I can list out the connectors for both business and non-business groups.

Monitoring the Power Platform: Connectors, Connections and Data Loss Prevention Policies (12)

Using the below PowerShell command, the DLP Policy can be read and audited.

Get-AdminDlpPolicy {DLP Policy Name}

The PowerShell command above shows how to work with the DLP Policy Name to limit the response to a specific policy. The name can easily be found in the URL within the PowerApps Admin Portal.

Monitoring the Power Platform: Connectors, Connections and Data Loss Prevention Policies (13)

Here is a gif showing the login flow and using the Get-AdminDlpPolicy and reviewing the Non-Business Data Group.

Monitoring the Power Platform: Connectors, Connections and Data Loss Prevention Policies (14)

Next Steps

In this article we have covered foundational information and concepts for Connectors, Connections and Data Loss Prevention Policies. We have discussed some of the boundaries and limitations to be aware of. Examples of working with the Power Apps Admin Portal as well as the PowerApps Administration PowerShell modules were examined.

This article is a good starting point to better understanding how to work with powerful connectors such as the Power Automate Management and Admin connectors referenced in a future article. The article also begins the journey into the Power Automate API and how solution layers can impact changes to components.

(Video) PowerApps dlp tutorial

If you are interested in learning more about specialized guidance and training for monitoring or other areas of the Power Platform, which includes a monitoring workshop, please contact your Technical Account Manager or Microsoft representative for further details.

Your feedback is extremely valuable so please leave a comment below and I'll be happy to help where I can! Also, if you find any inconsistencies, omissions or have suggestions, please go here to submit a new issue.


Monitoring the Power Platform: Introduction and Index


Who manage the allowed Power Apps connectors and data loss prevention policy? ›

DLP policies can be created at the tenant level or at the environment level and are managed from the Power Platform admin center.

What are data loss prevention policies? ›

Data Loss Prevention (DLP) is a set of technologies and business policies to make sure end-users do not send sensitive or confidential data outside the organization without proper authorization.

What are the key steps technology policies and practices involved in data loss prevention? ›

Data Loss Prevention Best Practices
  • Identify and classify sensitive data. ...
  • Use data encryption. ...
  • Harden your systems. ...
  • Implement a rigorous patch management strategy. ...
  • Allocate roles. ...
  • Automate as much as possible. ...
  • Use anomaly detection. ...
  • Educate stakeholders.
Jul 16, 2019

How do you manage data loss prevention? ›

A 7 Step Framework for Developing and Deploying Data Loss Prevention Strategy
  1. Prioritize data. Not all data is equally critical. ...
  2. Categorize (classify) the data. ...
  3. Understand when data is at risk. ...
  4. Monitor all data movement. ...
  5. Communicate and develop controls. ...
  6. Train employees and provide continuous guidance. ...
  7. Roll Out.
Dec 28, 2022

Who is responsible for data loss prevention? ›

1. Data protection is everyone's job. “Everyone in a company is responsible for upholding data security standards. While the IT department does the majority of the everyday work with these systems and processes, stakeholders across your organization influence security policy and implementation.

How do I create a DLP policy in Power Platform? ›

Sign in to the Power Platform admin center as a global admin. From the list of DLP policies, select an environment, and then select Edit Policy. If you have a long list of policies, use the Search box to find specific environments. Environment admins can't edit policies created by the tenant admin.

What are the 3 steps of data loss prevention? ›

Explanation: The three steps of data loss prevention are – Identify, Discover and Classify. First, you have to identify the systems of records. Then you've to classify what comprises of sensitive data on those systems & discover the data elements which are sensitive depending on those classifications.

What is an example of data loss prevention? ›

For example, an Intrusion Detection System (IDS) can alert about attacker attempts to access to sensitive data. Antivirus software can prevent attackers from compromising sensitive systems. A firewall can block access from any unauthorized party to systems storing sensitive data.

What are 5 methods of loss prevention? ›

5 Loss Prevention Tools You Should Have
  • Staff Awareness Training. ...
  • Prevention Methods using Technology. ...
  • Management Training for Internal Theft. ...
  • Strive for Operational Excellence. ...
  • Auditing.

What are the major points to be taken care of for protection and loss prevention? ›

5 Loss Prevention Tools You Should Have
  • Staff Awareness Training. ...
  • Prevention Methods using Technology. ...
  • Management Training for Internal Theft. ...
  • Strive for Operational Excellence. ...
  • Auditing.

What is DLP data loss prevention policy and how do we configure it? ›

DLP policies are how you monitor the activities that users take on sensitive items at rest, sensitive items in transit, or sensitive items in use and take protective actions.

What method can be used to help prevent any breach or data loss? ›

A comprehensive endpoint solution will use encryption to prevent data loss and leakage, enforce unified data protection policies across all your servers, networks, and endpoints, thereby reducing the risk of a data breach.

What is the purpose of data loss prevention? ›

Data loss prevention (DLP) makes sure that users do not send sensitive or critical information outside the corporate network. The term describes software products that help a network administrator control the data that users can transfer.

What is the most common loss prevention technique? ›

Set Up Security Measures

Security tools are some of the most common and effective loss prevention methods. Cameras, mirrors, security tags, sensors and guards both detect shoplifting and deter criminals. Lock up small, expensive or frequently stolen items.

What three elements should a data security policy include? ›

The CIA triad refers to an information security model made up of the three main components: confidentiality, integrity and availability. Each component represents a fundamental objective of information security.

What is the first step in DLP? ›

The first step in any DLP program is to determine which data would cause the biggest problem were it stolen. Manufacturing companies might choose to prioritize intellectual property such as design documents in their DLP efforts, particularly those for future products.

How do I test my DLP policy? ›

To test and validate DLP policies, you'll need sample data. For this, you can upload your own data or use one of the sets we provide on the page. Our data sets contain sensitive information such as name, credit card number, or social security number, and are available in different formats (HTML, PDF, XLS, and CSV).

How are DLP policies implemented? ›

  1. DLP Step #1: Scope the program. ...
  2. DLP Step #2: Start awareness and governance activities. ...
  3. DLP Step #3: Design initial architecture. ...
  4. DLP Step #4: Begin to address dependencies. ...
  5. DLP Step #5: Deploy, operate and evolve.
Feb 2, 2022

What is the primary purpose of implementing DLP policy in an organization? ›

A data loss prevention policy defines how organizations can share and protect data. It guides how data can be used in decision making without it being exposed to anyone who should not have access to it. Data loss prevention is broadly defined as technology or processes that: Identifies confidential data.

What are three 3 possible causes of data loss? ›

The primary causes of data loss are:
  • Human failure.
  • Human error.
  • Software corruption.
  • Theft.
  • Computer viruses.
  • Hardware destruction.

What are two types of loss control? ›

What are loss control procedures? Avoidance is to prevent the loss by avoiding the risk completely. Prevention is a series of measures implemented to reduce the chance of a loss.

What is an example of loss prevention in a company? ›

Loss prevention aims to reduce preventable losses, those caused by inadvertent or deliberate human actions. For example, a loss prevention business policy would be designed to stop incidents of shoplifting, theft, vandalism, fraud, employee misconduct, waste, and other such incidents.

What is loss prevention and control explain? ›

Loss Prevention and Control is as the name states, identification and evaluation of risks before they become losses. It is necessary to carry out the ongoing role of risk identification and evaluation to protect and prevent personal injury and suffering before the damage or injury occurs.

What are the benefits of an effective loss prevention plan? ›

8 Reasons to Implement a Fleet Loss Prevention Program
  • Improve efficiency. ...
  • Improve public image. ...
  • Reduce employee injuries. ...
  • Employees feel valued. ...
  • Fewer accidents. ...
  • Reduce accident costs. ...
  • Compliance with government regulations and legal requirements. ...
  • Lower insurance costs.

What factors should you consider when designing a loss prevention program? ›

Ideally, however, the primary goal should be to prevent losses in the first place. The execution of such a sustainable, proactive loss prevention program requires three key elements to ensure its success: consistency, visibility, and innovation.

What is loss prevention technique used by most clients? ›

Here are five loss prevention techniques most clients use to help meet their goals.
  • #1 Anti-Theft Devices.
  • #2 Internal Loss Prevention Policies.
  • #3 Strategic Store Layout.
  • #4 Proactive Monitoring.
  • #5 Working with a Loss Prevention Company.
Nov 5, 2022

What is the best practice to prevent data loss due to local power? ›

To prevent data loss, you're going to need an uninterruptible power supply. It will provide near-instantaneous emergency power if the main supply cuts out so you can save your documents and shut down your computer properly without damaging the hardware or corrupting the files.

Which is the best solution to prevent data loss from a database? ›

Use data encryption

Encrypting the hard drives of laptops and computers lets you avoid losing important data even if attacks have accessed the device. One way to encrypt data on Windows systems is through an Encrypting File System or EFS technology.

What is the most effective method to protect data? ›

Encryption—alters data content according to an algorithm that can only be reversed with the right encryption key. Encryption protects your data from unauthorized access even if data is stolen by making it unreadable.

How do I manage permissions for Power Apps? ›

Webpage access control rules
  1. Go to Power Apps.
  2. On the left pane, select Apps.
  3. Select Portal Management.
  4. On the left pane, under Security, select Web Page Access Control Rules.
  5. Select a webpage access control rule to edit, or select New to create a new rule. ...
  6. Select Save & Close.
Dec 22, 2022

Which prerequisites permission is required to create DLP policy in Flow Admin Center? ›

They affect Power Platform canvas apps and Power Automate flows. To create a DLP policy, you need to be a tenant admin or have the Environment Admin role.

What is the default behavior for custom connectors with respect to DLP policies? ›

By default, the pattern is set as Ignore for new DLP policies. Ignore ignores DLP classification for all connectors in this tenant-level policy, and defers evaluation of a pattern to other environments or tenant-level policies to attribute them into the Business, Non-Business, or Blocked grouping as appropriate.

Who can have access to the Power Apps and Power Automate default environment? ›

It can be created and owned by an administrator or anyone with a Power Apps license, provided there is 1 GB available database capacity.

How do I give users access to my environment in PowerApps? ›

Select Settings > Users + permissions > Users. Check to see whether the user you want to add might already be present in the environment by doing a search (because automatic user addition might have added the user already). If you don't find the user in the environment yet, select Add user.

How do you trigger a Power Automate flow from PowerApps? ›

Open a new or an existing app in Power Apps Studio. Select Settings at the top. Select Upcoming features. Under the Retired tab, select Enable Classic Power Automate pane to set the toggle to On.

How do I add a security role to my PowerApps app? ›

Sign in to the Power Platform admin center. Select Environments > [select an environment]. In the Access tile, select See all under Security roles. Make sure the right Business unit is selected from the dropdown, and select a role from the list of roles in the environment.

When implementing a data loss prevention DLP strategy What is the first step in the process Mcq? ›

The first step in any DLP program is to determine which data would cause the biggest problem were it stolen. Manufacturing companies might choose to prioritize intellectual property such as design documents in their DLP efforts, particularly those for future products.

What are the three categories of Power Automate connectors? ›

  • All connectors.
  • Standard connectors.
  • Premium connectors.

What is the first step in defining a DLP policy? ›

The first step to implementing DLP is monitoring organizational data.

What causes breach of DLP guidelines? ›

Most of the breaches involved exposure of user's personal data and disclosure of business-related documents. Data breaches and data loss are natural things when you have many people working with information in numerous data analytics, data mining, machine learning operations, accounting, customer support, etc.

What is the difference between Power Automate and Power Apps? ›

PowerApps is a low code / rapid application development product from Microsoft that allows users to quickly build apps. Microsoft Power Automate (formerly Microsoft Flow) enables employees to create and automate workflows and tasks across multiple applications and services without help from developers.

What are the two types of Power Apps? ›

There are two main types of Power Apps: Canvas apps and Model-driven apps. Previously, Power Apps Portals would have fallen under this category. Microsoft have since released Power Pages, a standalone product that has evolved from the functionality of Power Apps Portals.

Can I use Power Automate without Power Apps? ›

Yes. With Dataverse for Teams, users now can build flows using Power Automate portal and that operate in a Dataverse for Teams environment. Please note that a Dataverse for Teams environment needs to be created first by either authoring an app or chatbot.


1. Secure & Manage Power Apps, Power Automate, RPA and the rest of the Power Platform
(Microsoft Mechanics)
2. 5.6 Symantec DLP 15 5 Overview of Symantec Data Loss Prevention
3. Setting Up a Power Platform Environment Strategy
(Pragmatic Works)
4. Building a custom data Loss Prevention (DLP) solution for emails with Microsoft Graph
(Microsoft 365 & Power Platform Community)
5. New controls to govern the Power Platform | Deep Dive with CVP Charles Lamanna | STUDIO40
(Microsoft Ignite)
6. MN365 Fall Workshop Day 2022 - Customizing your Power Platform Center of Excellence Starter Kit
(Minnesota M365 User Group)
Top Articles
Latest Posts
Article information

Author: Trent Wehner

Last Updated: 01/17/2023

Views: 5417

Rating: 4.6 / 5 (56 voted)

Reviews: 95% of readers found this page helpful

Author information

Name: Trent Wehner

Birthday: 1993-03-14

Address: 872 Kevin Squares, New Codyville, AK 01785-0416

Phone: +18698800304764

Job: Senior Farming Developer

Hobby: Paintball, Calligraphy, Hunting, Flying disc, Lapidary, Rafting, Inline skating

Introduction: My name is Trent Wehner, I am a talented, brainy, zealous, light, funny, gleaming, attractive person who loves writing and wants to share my knowledge and understanding with you.