Hey, welcome back everybody. Okay, we're going to continue talking about the Center of Excellence, but we're going to focus on DLP policies. So let's get started.
I've headed over to the Power Platform Admin Center. Now, some may wonder — this is a Center of Excellence video, so why start here? It is because the Power Platform Admin Center allows monitoring and management of DLP policies with additional functionality before moving into the Center of Excellence. Then, the CoE Toolkit tool can manage DLP policies in one place along with other Center of Excellence tools.
There are two policies to focus on: "Blocked Twitter" and "Google Restricted." Others exist, but these examples illustrate key functionality. Selecting a policy allows editing or deleting it. Editing walks through a process where the name can be updated, connectors reviewed, and connector groupings managed.
Connectors are grouped into "Business" (sensitive data) and "Non-business" (non-sensitive data) groups. A default group can be chosen, and connectors in different groups cannot be used together in flows — a warning will be shown if attempted.
The "Blocked" group is used in the Twitter DLP policy. Here, selective actions can be blocked instead of completely blocking Twitter. Actions like posting a tweet or retweeting are restricted, while other less sensitive actions can be left enabled. Policies can also specify whether new connector actions should be allowed or blocked. This granular control extends to both pre-built connectors and custom connectors. Custom connectors can be blocked entirely or restricted by pattern to control access to external endpoints.
Scope settings allow targeting specific environments or applying a blanket policy across all environments. After reviewing the policy, changes can be saved.
An example is provided where connectors are moved between groups. In the "Google Restricted" policy, the default group is changed to "Business," marking all Google connectors as sensitive data to prevent them from interacting with non-business connectors. This prevents organizational data from being passed to personal Google services such as Drive or Sheets. Custom connector patterns can be added to extend this protection. Environments can be targeted individually, such as restricting actions in development environments to prevent unauthorized experimentation.
The DLP Policies section of the Power Platform Admin Center is robust, but the Center of Excellence tool centralizes management. Within the CoE environment, the DLP Editor app offers a similar interface with additional functionality. This includes viewing all DLP policies, copying policies for edits, and seeing connector involvement, policy scope, and environment applicability.
The CoE DLP Editor adds value by providing an impact analysis. It shows apps or flows that will be affected by policy changes, allowing administrators to proactively address impacts before applying changes. This includes the ability to export impacted app data to CSV for further review.
This centralization in the Center of Excellence creates a powerful hub for managing governance rules and policies, giving administrators a streamlined and insightful toolset for DLP policy management across the Power Platform.