cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Reply
grantreid
Resolver I
Resolver I

Duplicating DLP's

‎01-03-2021 05:24 PM

I wanted to check that  I'm approaching this the right way and haven't missed something.... 

 

We have a default DLP which is applied to the default and newly created environments. However, whenever someone wants a custom connector in their prod environment, a new DLP has to be created to allow it. This requires all 50ish connectors from the default DLP to be added to this new DLP, along with the custom connector. 

I find it frustrating the DLP's are exclusive not inclusive.  Now... every time we make a change to the default DLP, whenever a new Microsoft connector is added or changed, we have to update every other DLP!!!! I find this counter productive.

 

1. Is there a way to copy DLP's?   I'm currently sitting here with split screens, with the new and old side by side manually mirroring the business connectors.   I'm pondering creating a powershell script... 

 

2. Am I correct with the "exclusive" aspect? What's the logic with this?  Shouldn't it be that you have a base level DLP which applies across the board and in Environment X, you can also use connector Y granted by an additional DLP?  This would be a more common scenario than needing to reduce/restrict the default DLP connectors.

Message 1 of 12
1,719 Views
0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions
RossCampbell
Frequent Visitor

‎05-17-2022 06:07 PM

In the interest of anyone else trying to figure this out i finally got something that works. It creates a new environment and copies a DLP of your choice to that env. The new DLP sets the default connector group to blocked also.

 

Bare in mind i haven't ever worked in Powershell, or with the PowerAppsAdmin module, before. I make no assertions around the following and you should test them yourself before using them.

 

2 files are attached:

  1. 'function Add-ConnectorToDataGroup_v2'.txt' - run this first to create the requisite functions (you may have to run the commented install, import & add commands in 'NewEnvAndDlp_v1.txt' first).
  2. 'NewEnvAndDlp_v1.txt' - run this, it will prompt you for new environment name & description, new DLP name and the name of the DLP you want to copy [hint: this performs a search of type *query* on existing policies, my standard DLP is called 'Restricted(Default) - DLP' so i can simply enter 'default' ] .  Make sure that the return codes you get are of the '200' type (as shown in attached image 'Expected.png'). 

 

 

 

 

 

 

View solution in original post

Preview file
44 KB
NewEnvAndDLP.zip
Message 11 of 12
1,240 Views
0 Kudos
11 REPLIES 11
v-bofeng-msft
Community Support
Community Support

‎01-04-2021 01:37 AM

Hi @grantreid :

About Q1:

I'm not sure what copy DLP means. If you want to apply the same DLP to multiple environments, then this can be done.Just set the scop of the specified DLP, and then configure it:

1.JPG

About Q2:

If there are multiple DLPs in an environment, these DLPs need to be satisfied at the same time.

I think this link will help you a lot:

Combined effect of multiple DLP policies 

Best Regards,

Bof

Message 2 of 12
1,362 Views
0 Kudos
grantreid
Resolver I
Resolver I

‎01-04-2021 08:34 PM

Hi Bof

 

No problems adding or excluding DLP's across multiple environments. Where I getting stuck is if someone wants an additional connector which is allowed only in their environment, I can't add it to the standard DLP which is applied across multiple.  So, a new DLP is required. 

 

please correct me if I'm wrong:

If the default policy A (applied across multiple environments) has the 50 (roughly)  family of Microsoft standard connectors set as "Business"  and I create policy B with 1 custom connector in "Business", the result is they negate each other and 0 connectors are in the Business category. 

 

If I want all 50 connectors from policy A to be allowed to work with the 1 custom connector, all 50 Microsoft connectors have to be added to policy B? 

Message 3 of 12
1,351 Views
0 Kudos
v-bofeng-msft
Community Support
Community Support

‎01-04-2021 11:37 PM

Hi @grantreid :

I think I roughly understand what you mean. You want to increase the number of connecotors that can be used simultaneously by adding DLPs. Am I right?

 

If so,the answer is 'No'.In other words, your app must satisfy the rules of DLPA, B, C ...at the same time.

For example:

 

DLPA

Bussiness:A,B

Non Bussiness:C,D

 

DLPB

Bussiness:A

Non Bussiness:,B,C,D

 

Then A and B cannot appear in the same app,because it violates the rules of DLPB.

 

However,there is another situation where DLPA and DLPB are opposite.

 

DLPA

Bussiness:A,B

Non Bussiness:C,D

 

DLPB

Bussiness:C,D

Non Bussiness:A,B

 

Then, since A and B do not violate any DLP rules, they can appear in the same application.

 

So if you want to use 51 connectors, I suggest you remove the original DLP and then add a new DLP. Or directly modify the original DLP.

 

Best Regards,

Bof

 

 

 

 

 

Message 4 of 12
1,347 Views
0 Kudos
grantreid
Resolver I
Resolver I
In response to v-bofeng-msft

‎01-05-2021 03:38 PM

Yes.. this is exactly my point, you've finally reached the same conclusion.... you need to add a new DLP with all of the same connectors as the default. We're not going to modify the original DLP as we don't want the majority of the users accessing this additional connector. 

Every time someone wants something slightly different, I have to create a new DLP, which means duplicating all of the default connectors.  As far as I'm aware, this is a manual process of clicking "add to business" for 50ish connectors.  This is time consuming.  Also... every time Microsoft changes one of their family of connectors, retires something and adds a new one, I have to update all of the other customized DLPs.  For a platform pushing automation, this is mental.  So back to the original questions: 

1. There should be a way to copy a DLP. 

 

2. DLP's should be inclusive, not exclusive.  There should be a default DLP applied across all environments (maybe some are excluded if required) and if you want to customize something, you can add a second DLP.  This would be the same concept as standard Security Groups. 

Message 5 of 12
1,339 Views
0 Kudos
v-bofeng-msft
Community Support
Community Support
In response to grantreid

‎01-05-2021 05:07 PM

Hi @grantreid :

I am afraid that your request cannot be realized at the moment. If you need this feature, I suggest you post your ideas to the idea form.

Best Regards,

Bof

Message 6 of 12
1,336 Views
0 Kudos
LarsHem
Advocate I
Advocate I

‎03-09-2022 11:47 PM

@grantreid did you find a solution for this? We are struggling with the same and started to look into the "power platform for admins" connector to see if we could use some logic there.

Message 7 of 12
1,100 Views
0 Kudos
grantreid
Resolver I
Resolver I

‎03-10-2022 01:30 PM

I set up some powershell scripts to export a list of connectors as the 'default' DLP.   If someone wants an environment with something different, can just build a new DLP with powershell from this list and add the additionals. 

Message 8 of 12
1,084 Views
0 Kudos
LarsHem
Advocate I
Advocate I

‎03-14-2022 01:34 AM

Update from our side.

We decided to create a flow to copy all "settings" from our Default policy, create a new dlp and add selected environments to the new DLP and remove the selected environment from the Default policy.

Selecting environment, giving the new policy a name and executing the flow is done in a new screen we added to the CoE DLP Editor.

Any changes to the DLP (primarly adding new connectors to Business) must be done manually in DLP Editor in Coe after the new DLP is created.

Message 9 of 12
1,068 Views
RossCampbell
Frequent Visitor
In response to grantreid

‎05-16-2022 01:01 AM

any chance you feel like sharing?

 

i've been trying to do this and can create the new dlp and apply all business connectors but not modify non-business and blocked connectors

 

Message 10 of 12
929 Views

Helpful resources

Announcements
Announcement image

Power Platform Connections - Episode 7 | March 30, 2023

Episode Seven of Power Platform Connections sees David Warner and Hugo Bernier talk to Dian Taylor, alongside the latest news, product reviews, and community blogs.     Use the hashtag #PowerPlatformConnects on social media for a chance to have your work featured on the show.     

Announcement image

Announcing | Super Users - 2023 Season 1

Super Users – 2023 Season 1    We are excited to kick off the Power Users Super User Program for 2023 - Season 1.  The Power Platform Super Users have done an amazing job in keeping the Power Platform communities helpful, accurate and responsive. We would like to send these amazing folks a big THANK YOU for their efforts.      Super User Season 1 | Contributions July 1, 2022 – December 31, 2022  Super User Season 2 | Contributions January 1, 2023 – June 30, 2023    Curious what a Super User is? Super Users are especially active community members who are eager to help others with their community questions. There are 2 Super User seasons in a year, and we monitor the community for new potential Super Users at the end of each season. Super Users are recognized in the community with both a rank name and icon next to their username, and a seasonal badge on their profile.    Power Apps  Power Automate  Power Virtual Agents  Power Pages  Pstork1*  Pstork1*  Pstork1*  OliverRodrigues  BCBuizer  Expiscornovus*  Expiscornovus*  ragavanrajan  AhmedSalih  grantjenkins  renatoromao    Mira_Ghaly*  Mira_Ghaly*      Sundeep_Malik*  Sundeep_Malik*      SudeepGhatakNZ*  SudeepGhatakNZ*      StretchFredrik*  StretchFredrik*      365-Assist*  365-Assist*      cha_cha  ekarim2020      timl  Hardesh15      iAm_ManCat  annajhaveri      SebS  Rhiassuring      LaurensM  abm      TheRobRush  Ankesh_49      WiZey  lbendlin      Nogueira1306  Kaif_Siddique      victorcp  RobElliott      dpoggemann  srduval      SBax  CFernandes      Roverandom  schwibach      Akser  CraigStewart      PowerRanger  MichaelAnnis      subsguts  David_MA      EricRegnier  edgonzales      zmansuri  GeorgiosG      ChrisPiasecki  ryule      AmDev  fchopo      phipps0218  tom_riha      theapurva  takolota     Akash17  momlo     BCLS776  Shuvam-rpa     rampprakash  ScottShearer     Rusk  ChristianAbata     cchannon  Koen5     a33ik   Heartholme     AaronKnox        Matren        Alex_10        Jeff_Thorpe        poweractivate        Ramole        DianaBirkelbach        DavidZoon        AJ_Z        PriyankaGeethik        BrianS        StalinPonnusamy        HamidBee        CNT        Anonymous_Hippo        Anchov        KeithAtherton        alaabitar        Tolu_Victor        KRider        sperry1625        IPC_ahaas      zuurg    rubin_boer   cwebb365   Dorrinda   G1124   Gabibalaban   Manan-Malhotra   jcfDaniel   WarrenBelz   Waegemma      If an * is at the end of a user's name this means they are a Multi Super User, in more than one community. Please note this is not the final list, as we are pending a few acceptances.  Once they are received the list will be updated. 

Announcement image

Microsoft Power Platform Conference | Registration Open | Oct. 3-5 2023

We are so excited to see you for the Microsoft Power Platform Conference in Las Vegas October 3-5 2023! But first, let's take a look back at some fun moments and the best community in tech from MPPC 2022 in Orlando, Florida.   Featuring guest speakers such as Charles Lamanna, Heather Cook, Julie Strauss, Nirav Shah, Ryan Cunningham, Sangya Singh, Stephen Siciliano, Hugo Bernier and many more.   Register today: https://www.powerplatformconf.com/   

Announcement image

Check out the new Power Platform Communities Front Door Experience!

We are excited to share the ‘Power Platform Communities Front Door’ experience with you!   Front Door brings together content from all the Power Platform communities into a single place for our community members, customers and low-code, no-code enthusiasts to learn, share and engage with peers, advocates, community program managers and our product team members. There are a host of features and new capabilities now available on Power Platform Communities Front Door to make content more discoverable for all power product community users which includes ForumsUser GroupsEventsCommunity highlightsCommunity by numbersLinks to all communities Users can see top discussions from across all the Power Platform communities and easily navigate to the latest or trending posts for further interaction. Additionally, they can filter to individual products as well.       Users can filter and browse the user group events from all power platform products with feature parity to existing community user group experience and added filtering capabilities.     Users can now explore user groups on the Power Platform Front Door landing page with capability to view all products in Power Platform.    Explore Power Platform Communities Front Door today. Visit Power Platform Community Front door to easily navigate to the different product communities, view a roll up of user groups, events and forums.

Announcement image

Welcome to the Power Apps Community

Welcome! Congratulations on joining the Microsoft Power Apps community! You are now a part of a vibrant group of peers and industry experts who are here to network, share knowledge, and even have a little fun! Now that you are a member, you can enjoy the following resources:   The Microsoft Power Apps Community Forums If you are looking for support with any part of Microsoft Power Apps, our forums are the place to go. They are titled "Get Help with Microsoft Power Apps " and there you will find thousands of technical professionals with years of experience who are ready and eager to answer your questions. You now have the ability to post, reply and give "kudos" on the Power Apps community forums! Make sure you conduct a quick search before creating a new post because your question may have already been asked and answered!   Microsoft Power Apps IdeasDo you have an idea to improve the Microsoft Power Apps experience, or a feature request for future product updates? Then the "Power Apps Ideas" section is where you can contribute your suggestions and vote for ideas posted by other community members. We constantly look to the most voted Ideas when planning updates, so your suggestions and votes will always make a difference.   Community Blog & NewsOver the years, more than 600 Power Apps Community Blog Articles have been written and published by our thriving community. Our community members have learned some excellent tips and have keen insights on building Power Apps. On the Power Apps Community Blog, read the latest Power Apps related posts from our community blog authors around the world. Let us know if you would like to become an author and contribute your own writing — everything Power Apps related is welcome!   Power Apps Samples, Learning and Videos GalleriesOur galleries have a little bit of everything to do with Power Apps. Our galleries are great for finding inspiration for your next app or component. You can view, comment and kudo the apps and component gallery to see what others have created! Or share Power Apps that you have created with other Power Apps enthusiasts. Along with all of that awesome content, there is the Power Apps Community Video & MBAS gallery where you can watch tutorials and demos by Microsoft staff, partners, and community gurus in our community video gallery.   Again, we are excited to welcome you to the Microsoft Power Apps community family! Whether you are brand new to the world of process automation or you are a seasoned Power Apps veteran. Our goal is to shape the community to be your ‘go to’ for support, networking, education, inspiration and encouragement as we enjoy this adventure together!   Let us know in the Community Feedback if you have any questions or comments about your community experience.To learn more about the community and your account be sure to visit our Community Support Area boards to learn more! We look forward to seeing you in the Power Apps Community!The Power Apps Team

Users online (5,231)