Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Note
The new and improved Power Platform admin center is now generally available. We're currently updating the documentation to reflect these changes, so check back to ensure that you're getting the latest updates.
Below are known limitations to know about when using our suite of data loss prevention (DLP) capabilities:
General
- Runtime enforcement is being allowed across all Power Platform regions. For customers who have used the connector action control to block all new actions for a given connector, this could block triggers implicitly. To identify and resolve any blocked triggers, review Identify blocked Power Automate flows for a script to review and add to your policies.
- If you delete an environment and it's still within the seven day recovery period, you can see it in DLP policies when you view them in PowerShell. Once the recovery period ends, the environment is permanently deleted. However, it may take up to seven days for all references to the environment to be automatically removed from your DLP policies.
- There's limited support for DLP actions in the Power Platform for Admins connector. The ability to block a connector is only supported in the DLP actions labeled with "V2" (such as "Create DLP Policy V2"). Connector action control, connector endpoint filtering, and DLP for custom connectors can't be configured using the Power Platform for Admins connector.
- Tabular functions in the Power Apps expression language can't be governed with DLP.
- Solution flows need to be activated once, to create a runtime representation, before they can be targeted for DLP enforcement exemption using the Set-PowerAppDlpPolicyExemptResources cmdlet. If activation of the flow isn't allowed as-is because of a current DLP violation, then you could make changes to avoid violations, save, activate, add the exemption, then edit as desired with the exemption active.
Power Apps
Power Apps treats Dataverse native and Dataverse (legacy) connections as the same for DLP enforcement.
Note
DLP authoring experiences allow Dataverse (legacy) and Dataverse connectors to be grouped separately. If the following conditions are true, it can cause an app to not be DLP compliant:
- The Dataverse connectors are grouped separately
- An app triggers a flow
- Both the app and flow connect to Dataverse
Desktop flows
- There's no support for cross checking the categories between a cloud flow and the desktop flows it calls. This will be supported when DLP for desktop flows is generally available.
- There's no support for cross checking the modules that are used between a desktop flow and all its child desktop flows. This will be supported when DLP for desktop flows is generally available.
- There's no support for the "Set default group" for newly added desktop flow modules. This will be supported when DLP for desktop flows is generally available.