Data loss prevention example - Block Power Platform Connectors in copilots
You can use data loss prevention (DLP) policies to prevent copilot authors from configuring connectors. Doing so can help prevent data exfiltration.
For more information about other DLP policy configurations, see Configure data loss prevention policies for copilots.
Configure DLP to block Power Platform connectors in the Power Platform admin center
Select or create a policy
In the Power Platform admin center, under Policies, select Data policies.
Create a new policy, or choose an existing policy to edit:
If you want to create a new policy, select New policy.
If you want to choose an existing policy to edit, select the policy and select Edit policy.
Enter a name for the policy then select Next. You can change the name later.
Choose an environment
Choose one or more environments to add to your policy.
Select + Add to policy.
Select Next.
Add the connector
Use the search box to find the connector you want to block. You can see connectors that are already blocked on the Blocked tab.
Select the connector's More actions menu (⋮), and then select Block.
Select Next.
Review your policy, then select Update policy to apply the DLP changes.
Confirm policy enforcement
You can confirm that this connector is being used in the DLP policy from Microsoft Copilot Studio:
Open your copilot from the environment where the DLP policy is applied and go to the authoring canvas.
Create a new topic and add a Call an action node.
In the node's properties, select Connectors and choose your connection. Save your topic.
If the policy is enforced, you'll see an error banner with a Details button after the topic is saved. On the Channels page, expand error link and select the Download button to see details. Published button is disabled if there is a DLP violation.
In the details file, a row will appear for each violation. If a connector has a DLP violation, a row will appear for each connector.