Recommended DLP policy settings for Dynamics 365 environments
Another popular use case that organizations face when creating DLP policies is supporting Dynamics 365 workloads. The following connectors should be assigned to the Business data group to protect Dynamics 365 data from leaking.
| Connector name | Purpose |
|---|---|
| Microsoft Dataverse | The Microsoft Dataverse connector provides underlying platform access to Dynamics 365 data that is stored in Dataverse tables. This connector is the older of the two Microsoft Dataverse connectors and should be used in the areas of personal automation. |
| Dataverse (current environment) | This connector can dynamically infer the environment that it is in. It also has some Dataverse solution-specific capabilities like calling AI Builder predict actions. Using this connector also simplifies deployment scenarios because the Dataverse environment does not need to be reset every time a flow or app is deployed. |
| Dynamics 365 | This connector has been deprecated in favor of Microsoft Dataverse connectors. However, by not including it in the Business data group, other users could use this connector to send data to Non-Business connectors. With this in mind, it is best to include this connector in your DLP policy, but it is not recommended for use. |
| Approvals | This connector is used to facilitate approvals in Power Automate. It is technically a connector, so you need to consider it when implementing DLP policies. |
| DocuSign* | This connector is used in conjunction with the DocuSign SaaS service that supports obtaining and tracking digital signatures. |
| Adobe Sign* | This connector is used in conjunction with the Adobe Sign SaaS service that supports obtaining and tracking digital signatures. |
| OneDrive for Business | The OneDrive for Business connector allows makers to store and retrieve documents from their OneDrive for Business account. |
| Office 365 Outlook | This connector allows makers to retrieve emails from an Office 365 mailbox and send emails through that mailbox. |
| SharePoint | The SharePoint connector allows makers to interact with SharePoint features like reading/writing documents, communicating with custom lists, and deleting content. |
| Microsoft Forms | A popular connector that allows makers to receive input from a Microsoft Form and process it in a flow. |
| Word Online (Business) | This connector allows makers to convert a Word Document to PDF and populate a Microsoft Word template. |
| Microsoft Teams | By using the Microsoft Teams connectors, makers can subscribe to messages that are posted within Teams channels, post messages, and create channels. |
* Optional - Depending on whether an organization uses these tools or not, these connectors are often used to support digital signatures for contracts that might be generated from Dynamics 365.
The following connectors do not contain Dynamics 365 business data, but administrators should consider placing them in the Business data group. These connectors automate approvals, content conversions, Microsoft Power Platform management, and cyber security processes.
| Connector name | Purpose |
|---|---|
| Content Conversion | The Content Conversion connector allows makers to convert HTML markup to plain text. It is useful when you need to remove all HTML markup so that you can store the raw text in another system. |
| Microsoft Translator | The Microsoft Translator connector allows a maker to detect languages, translate text, and convert text to speech. It does not pose data leakage risks but might be helpful in multi-national organizations. |
| File System | For organizations that are still dependent on on-premises network shares, this connector will use the on-premises data gateway to provide a bridge between local file shares and Power Automate. |
| Microsoft To-Do (Business) | This connector allows makers to get, list, and create to-do items in the Microsoft To-Do service. |
| PowerApps for Admins | This connector allows administrators to modify app permissions, get a list of apps, get a list of custom connectors, and set app owners. |
| PowerPlatform for Admins | This connector allows administrators to create environments, create environment DLP policies, create tenant DLP policies, delete environments, force environment syncs, list supported environments, and more. |
| PowerApps for App Makers | This connector provides administrative capabilities but in the context of an application and not the entire environment/tenant. Within this connector, an application owner can edit permissions, get app versions, get connections, publish an app, remove an app, and more. |
| Flow management | This connector provides administrative capabilities but in the context of the flow owner. Within this connector, a flow owner can create connections, create flows, delete flows, get flow details, list my flows, list my environments, and more. |
| Microsoft Flow for Admins | This connector has environment and tenant scope depending on the connection that it is running under. As a result, this connector allows an admin to disable a flow, edit flow permissions, get flow user details, remove flow user details, remove flow, and more. |
| Cloud App Security | This connector is for use with the Microsoft Cloud App Security service. For organizations that are using this service, this connector will allow Cloud Security Analysts to automate activities such as enabling security policies, getting cloud security alerts, tagging apps as sanctioned, and more. |
| Microsoft Graph Security | For organizations that are using Microsoft Graph Security, they can automate their security workflows by creating subscriptions, subscribing to alerts, and more. |
| Microsoft Defender ATP | Microsoft Defender ATP provides endpoint protection against malware and other malicious activities. By using the Microsoft Defender ATP, Cyber Security Analysts can automate actions such as isolating machines, performing investigation actions, removing application permissions, running antivirus scans, and much more. |