Governance & DLP
How to keep a Power Platform estate safe and supportable as it scales past one maker — data loss prevention (DLP) policies and connector classification, Managed Environments, environment strategy and environment groups, the CoE Starter Kit, and the tenant-level admin controls (tenant isolation, IP firewall, sharing limits, auditing) that draw the trust boundaries around your data.
Why governance matters
Power Platform is deliberately easy to build in — which means without guardrails, an estate sprawls into hundreds of apps and flows nobody can inventory, secure, or support. Governance is the set of proactive controls that let you say *yes* to makers while keeping data inside trust boundaries you can defend to an auditor.
It works in layers: data policies (DLP) decide which connectors can be combined; Managed Environments add premium control and visibility per environment; environment strategy and groups decide where makers build; the CoE Starter Kit (and increasingly the admin center itself) gives you inventory and compliance automation; and tenant-level controls draw the outer boundary. This guide covers each layer. For the naming and ALM discipline that sits alongside it, see Naming & ALM; for per-flow standards, see Best Practices.
Govern early, not after sprawl
DLP policies and Managed Environments are far cheaper to stand up before hundreds of flows exist. Apply a restrictive tenant-wide default DLP and lock down the Default environment alongside your *first* production solution — retrofitting governance onto a sprawling estate is the expensive path.
Data policies (DLP)
Data loss prevention policies — now called data policies — are guardrails that enforce *which connectors can be used, and which can be used together*, in each environment. They classify every connector into one of three data groups; connectors in different groups can never be combined in the same app or flow, so business data can’t flow into a consumer connector and leave the organisation.
| Data group | What goes here | Combination rule |
|---|---|---|
| Business | Connectors that handle sensitive, organisational data — Dataverse, SQL Server, SharePoint, custom line-of-business APIs. | Can only be combined with other Business connectors in one app/flow. |
| Non-Business | Connectors for non-sensitive / personal-use data. New and unassigned connectors land here by default. | Can only be combined with other Non-Business connectors. |
| Blocked | Connectors you want to keep from being used at all where the policy applies. | Cannot be used in any app/flow under the policy. |
Some connectors can’t be blocked
Microsoft-owned standard connectors and the Dataverse / Common Data Service connectors can’t be placed in the Blocked group — only in Business or Non-Business. All premium and third-party connectors (standard or premium) *can* be blocked. If you set the default group to Blocked, unblockable connectors fall back to Non-Business automatically.
Rules that bite in practice
- Two groups never mix. The moment a resource uses one Business connector, it can’t use any Non-Business connector — and vice versa. This is the whole mechanism: data can’t cross the boundary you draw.
- New connectors default to Non-Business — keep it that way. One group must be the *default* for connectors Microsoft adds after your policy is created. Leave it as Non-Business and promote to Business deliberately, so a brand-new connector can’t silently inherit business-data access.
- HTTP connectors are classifiable — and child flows depend on them.
HTTP,HTTP Webhook, andWhen an HTTP request is receivedcan be grouped like any connector. Because child flows share an internal dependency on the HTTP connector, the group you choose for HTTP affects whether child flows run in that environment. - Policies are connector-aware, not connection-aware. A data policy can’t tell whether the SQL connector points at a dev or prod server — it only governs the connector itself. Use environment separation and endpoint filtering for that.
- Never per-user. Policies apply at the environment or tenant level only; you can’t scope DLP to an individual.
Granular connector control
Classifying a whole connector is blunt. Four finer controls let you allow a connector but restrict *how* it’s used — and a newer model (ACP) flips the default to deny.
| Control | What it does | Applies to |
|---|---|---|
| Connector action control | Allow or block individual actions within a connector (e.g. permit read actions, block modify). Set whether new actions are allowed by default. | Blockable connectors in a Business / Non-Business group |
| Endpoint filtering | Allow or deny the specific endpoints a connector may reach. Rules apply only when the maker uses a static endpoint value. | HTTP, HTTP with Microsoft Entra ID, HTTP Webhook, SQL Server, Azure Blob Storage, SMTP |
| Custom connector — by name | Environment admins classify individual custom connectors by name. | Environment-level data policies |
| Custom connector — by URL pattern | Tenant admins classify custom connectors by Host URL pattern in an ordered list (the catch-all `*` stays last). | Tenant-level data policies |
| Advanced connector policies (ACP) | A strict allowlist: everything is blocked unless explicitly allowed, enforced at design time. Replaces the Business/Non-Business/Blocked model for certified connectors. | Certified connectors, per-environment or per environment group |
SQL Server
Allow: contoso-sql.database.windows.net
Deny: *
HTTP
Allow: https://api.contoso.com/*
Deny: *Advanced connector policies are default-deny
ACP is the next-generation model: all certified connectors and actions are blocked unless explicitly allowed, with design-time enforcement so makers are stopped while authoring — not just at runtime. It supports per-environment and environment-group scope and an optional ACP-only mode. Today it covers certified connectors only; keep using classic data policies to govern custom and HTTP connectors.
Policy scope, precedence & automation
- Two scopes. Policies apply at the tenant level (all environments, all-except, or a chosen set) or the environment level. By default a tenant has *no* policies — nothing is restricted until you create one.
- Environment policies can’t override tenant policies. A tenant-wide policy is the floor; environment policies can only add restriction on top.
- Most restrictive wins. If several policies apply to one environment, the most restrictive combination of connector groupings is enforced.
- Tenant-wide default, relaxed per environment. Set a restrictive tenant baseline, then create environment policies that relax it only where a workload genuinely needs a connector — default-deny beats default-allow.
Beyond cloud flows
- Desktop flows (PAD). Data policies classify desktop-flow *modules* and individual actions as business / non-business / blocked. A flow that violates the policy is suspended and can’t run until the offending actions are removed or disabled.
- Copilot Studio agents. Data policies govern how agents connect to data and services inside and outside the organisation — configure them under the agent’s data-policy settings.
Manage policies as code
The Power Platform admin center is the primary UI, but the `Microsoft.PowerApps.Administration.PowerShell` module (and the data policy SDK / Power Platform API) lets you read, create, update, and remove policies for repeatable, source-controlled governance.
# Install once (run PowerShell as admin)
Install-Module -Name Microsoft.PowerApps.Administration.PowerShell -Force
Add-PowerAppsAccount
# List every DLP / data policy in the tenant
Get-DlpPolicy
# Inspect a single policy (connector groups, endpoints, scope)
Get-DlpPolicy -PolicyName <policy-guid>
# Create a new policy from a DLPPolicyDefinition object
# (build $policy with its connector groups, then:)
New-DlpPolicy -NewPolicy $policyMind the Default and Teams environments
Everyone in the tenant can build in the Default environment and it can’t be deleted — give it a strict policy. Dataverse for Teams environments are created on demand and are easy to overlook; you can apply a single data policy across *all* Teams environments at once.
Managed Environments
Managed Environments is a suite of premium governance capabilities you switch on per environment (any type). Once an environment is managed, it unlocks controls that simply don’t exist on a standard environment — the foundation most enterprise governance is built on.
| Feature | What it gives you | Theme |
|---|---|---|
| Weekly usage insights | Admin digest email of apps, flows, makers, and inactivity across the environment. | Visibility |
| Data policy view & license reports | See which data policies apply and how licences are consumed. | Visibility |
| Export to Application Insights | Stream Dataverse / flow telemetry to Azure Monitor for tenant-wide querying. | Visibility |
| Limit sharing | Cap how broadly makers can share apps, flows, and agents (no security groups, or a hard ceiling). | Control |
| Solution checker enforcement | Block imports of solutions that fail security / quality rules. | Control |
| IP firewall | Restrict Dataverse access to allowed IP ranges (CIDR), with an audit-only mode. | Control |
| IP cookie binding | Bind sessions to an IP to block token-replay / session-hijack attacks. | Control |
| Customer-managed key & Lockbox | Bring your own encryption key; gate Microsoft support access to your data. | Control |
| Maker welcome content | Show governed onboarding guidance when makers enter the environment. | Control |
| Pipelines in Power Platform | In-product DEV → TEST → PROD deployment for makers. | Less effort |
| Environment groups & rules | Apply settings and policies across many environments at once. | Less effort |
| Default environment routing | Send new makers into governed personal developer environments instead of Default. | Less effort |
| Actions page & recommendations | A single place to monitor and respond to governance issues. | Less effort |
Managed Environments needs premium licences for every user
Any user who runs an app or flow in a Managed Environment needs a standalone premium licence (Power Apps / Power Automate Premium, or Dynamics 365). It isn’t covered by seeded Microsoft 365 licences or the Developer Plan. Pair it with auto-claim licensing so licences are assigned only to users who actually run resources.
Environment strategy
Environments are the primary security, DLP, and ALM boundary. A deliberate environment strategy decides where makers build and how independently teams ship — it’s the canvas every other control is applied to.
| Environment | Purpose | Posture |
|---|---|---|
| Default | Personal productivity & Microsoft 365 customisations only | Strict DLP, sharing limits, swept for orphans — never a production home |
| DEV | Makers build and iterate | Unmanaged solution authoring; managed at the group level |
| TEST / UAT | Integration and user acceptance | Managed, production-like data, deployment-gated |
| PROD | Live business workloads | Managed, locked, approval-gated imports |
The Default environment is everyone’s — treat it that way
Every employee can create in the Default environment and it can’t be deleted. Apply a strict DLP, turn on Managed Environment features (sharing limits, usage insights), route serious work elsewhere, and periodically quarantine and remove unused assets. Never let a production process live there.
The naming, solution-layering, and ALM-pipeline side of this lives in Naming & ALM — environment *strategy* and environment *governance* are two halves of the same plan.
Environment groups & routing
Environment groups let you apply a single set of rules (sharing, solution-checker, AI features, deployment pipeline, IP firewall, and more) across many environments at once, instead of configuring each one by hand. Combined with default environment routing, governance travels with the environment automatically.
- Default environment routing sends new (or existing) makers into their *own* personal developer environment when they open Power Apps, Power Automate, or Copilot Studio — instead of cluttering the shared Default environment. Routed environments are Managed Environments by default.
- Route into a group. Point routing at an environment group so every newly provisioned developer environment is *born* governed — the group’s rules apply from the first minute, with no maker setup.
- Makers are admins, but can’t loosen the rules. A maker becomes the admin of their developer environment, yet settings governed by the group’s rules can only be changed by a Power Platform admin who edits the group.
- Lock the side doors. Disallow manual developer-environment creation in tenant settings, and scope routing to a security group, so makers can’t spin up an ungoverned environment outside the group.
- Multi-rule routing can direct different maker populations into different groups (by security group / portal), so region- or team-specific governance applies automatically.
Group by what you govern
Common patterns: a *Personal Productivity* group for routed developer sandboxes (restrict sharing, add welcome content); region or business-unit groups for data-residency rules; a *Copilot Pilot* group to roll AI features out in phases; and DEV / UAT / PROD groups that standardise the ALM posture. Move an environment between groups to change its governance without touching the environment itself.
Tenant & admin controls
The Power Platform admin center is mission control — environments, data policies, security, analytics, billing, and tenant settings all live there. These are the outer-boundary controls that apply across the whole tenant.
| Control | What it protects against | Notes |
|---|---|---|
| Tenant isolation | Data exfiltration to / from other Microsoft Entra tenants | One-way or two-way; allow-list specific tenants. Covers only Entra ID-based connectors (e.g. Outlook, SharePoint). |
| IP firewall | Dataverse access from untrusted networks | Managed Environments + Dataverse. CIDR ranges; audit-only mode to test safely. |
| IP cookie binding | Session hijack / token replay | Managed Environments + Dataverse. |
| Environment security groups | Unauthorised users entering an environment | Restrict which licensed users can access each environment. |
| Tenant settings | Ungoverned environment / trial creation, broad sharing | Restrict who can create environments, share apps, or start trials. |
| Customer Lockbox | Microsoft support accessing your data | Approve / reject support access requests; Managed Environments. |
| Capacity & billing policies | Surprise overages and untracked spend | Watch Dataverse storage; use pay-as-you-go billing policies for spiky workloads. |
Tenant isolation ≠ Entra tenant restrictions
Power Platform tenant isolation governs only connectors that use Microsoft Entra ID auth, and only within Power Platform — it doesn’t replace Microsoft Entra ID-wide tenant restrictions. Turn it on and *all* tenants are blocked in the chosen direction(s) until you add allow-list exceptions (use * to allow all in a direction). Run the cross-tenant connection report first to find which partner tenants you must exempt.
CoE Starter Kit
The Center of Excellence (CoE) Starter Kit is a reference solution that inventories every app, flow, and maker in your tenant and layers admin, compliance, and community tooling on top. It’s the canonical example of governing Power Platform *with* Power Platform.
| Component | What it does | Audience |
|---|---|---|
| Core components | Sync flows inventory all environments into Dataverse tables; admin apps (Power Platform Admin View, DLP Editor, Set/Manage App Permissions) give visibility and daily admin. | Admins |
| Governance (Audit) components | Compliance processes — Developer Compliance Center, app auditing, archive & clean-up — to gather metadata from makers and enforce policy. | Admins & makers |
| Nurture components | Community and adoption tooling — App Catalog, Maker Assessment, Video Hub, Pulse survey, Innovation Backlog, Training in a Day. | Everyone |
| Power BI dashboards | The Production CoE dashboard and the Governance & Compliance dashboard surface trends across the inventory. | Admins |
- Inventory is the foundation. The
Admin | Sync Template v3flows populate the Dataverse tables every component builds on. You can scope inventory to a subset of environments via the *is All Environments Inventory* environment variable. - Install in dependency order. Core → Governance/Audit → Nurture. The Creator Kit and an HTTP-with-Entra-ID connection are prerequisites for setup.
- It’s a starting point, not a security boundary. The kit facilitates monitoring and management; it doesn’t implement row-level security. Extend it carefully so you keep receiving Microsoft’s upgrades.
CoE capabilities are moving into the admin center
Microsoft has announced the CoE Starter Kit is no longer actively maintained, and its core capabilities — inventory, usage insights, governance recommendations — are increasingly native in the Power Platform admin center (Managed Environments, the actions page, advisor recommendations, inventory explorer). Prefer the in-product features where they exist, and treat the kit as a reference/extension layer rather than the long-term backbone.
Auditing & monitoring
Governance you can’t evidence isn’t governance. Instrument the estate so access, changes, and failures are queryable after the fact.
- Dataverse auditing. Enable auditing at the environment level *and* on the specific tables you care about, to capture record create / update / delete and access. Mind the storage it consumes.
- Microsoft Purview activity logging. Power Platform and Power Automate activity flows into the Purview / Microsoft 365 audit log — the tenant-wide trail for who did what, including admin actions.
- Application Insights. In Managed Environments, export Dataverse and flow telemetry to Azure Monitor / Application Insights so traces, failures, and performance are queryable (KQL) across every app and flow — see the monitoring section of Best Practices.
- Analytics & alerts. Use the admin center analytics (and CoE dashboards) for trends, and a monitoring flow over the Power Automate Management connector to push failures to Teams / email / ITSM in real time.
- Tenant isolation & cross-tenant reports. Generate the cross-tenant connection report (one per tenant per day) to see which external tenants your connectors actually reach before you tighten isolation.
Retention is a design decision
Flow run history defaults to ~28 days in Dataverse and Dataverse audit logs consume capacity — decide retention deliberately. For anything you need for audit or longer than the platform keeps, log the key events to your own Dataverse table or to Application Insights.
Governance rollout checklist
A pragmatic order to stand governance up — each step is cheap before sprawl and expensive after.
| Step | Control | Outcome |
|---|---|---|
| 1 | Tenant-wide default DLP (restrictive) + lock the Default environment | A safe floor under every environment from day one |
| 2 | Environment strategy: dedicated DEV / TEST / PROD per workload | A clean ALM and security boundary |
| 3 | Managed Environments on anything with a real workload | Sharing limits, solution-checker, insights, IP firewall |
| 4 | Environment groups + default environment routing | New makers born into governed developer environments |
| 5 | Tenant isolation + IP firewall where data sensitivity warrants | Outer boundary against exfiltration and untrusted networks |
| 6 | CoE Starter Kit / admin-center inventory + compliance process | Visibility and a repeatable audit / compliance loop |
| 7 | Auditing: Dataverse auditing, Purview logging, App Insights, alerts | Evidence and operability across the estate |
Every cheat table above is searchable
Use the filter box on each table to jump to a control fast. This whole guide is generated from one structured dataset, so it stays in sync with the FlowLibs MCP reference.