cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
seadude
Memorable Member
Memorable Member

Forms + Sharepoint DLP Error?

Hello,

 

I have BOTH Microsoft Forms and Sharepoint listed in the "Business" connector bucket for a given DLP. 

seadude_0-1612413853539.pngseadude_1-1612413871750.png

However, when I try to run a Flow, in the correct environment (DEV in this case), I get a DLP error:

"This action violates your org’s data loss prevention policy (DLP). To make the flow valid, delete the action and remove the connection reference. See your admin for details."

seadude_2-1612413924017.png

How is this possible? They are both in the same business data bucket. 
Thank you,

 

1 ACCEPTED SOLUTION

Accepted Solutions
seadude
Memorable Member
Memorable Member

Now that I'm done:

- Explaining the problem

- Researching and investigating

- Solving the problem

Let me post the solution. 

1. The DLP UI is misleading. This is not true:

  a. The Environments shows as "Added to policy" are in fact EXCLUDED from the DLP

seadude_0-1612538797068.png

2. This is how it should read:

seadude_1-1612538844777.png

seadude_2-1612538867555.png

 

Test:

1. Initial issue reported is present when only DEV env is "Added to Policy"

seadude_3-1612538926178.png

2. Remove DEV env from the "Added to policy" section. Add the other 3 env's to "Added to policy" section as shown above.

  a. Wait ~15-20mins for policy to propagate

  b. Delete Flow AND Connection

3. Test original issue again...

seadude_4-1612539063929.png

 

Now granted, that was only ~2-3 hours of my precious life on earth, but still. I'd appreciate a bit more vetting of the UI AND the docs before releasing something like this in the future. 

 

View solution in original post

6 REPLIES 6
Mira_Ghaly
Dual Super User II
Dual Super User II

@seadude 

Do you have any other data policies on the same environment?

Usually list restrictive policy is applied

 

If this post helps you with your problem, please mark your as Accepted solution.If you like my response, please give it a Thumbs Up.

Blog: here

@Mira_Ghaly ,

Hm... you know, looking back at the policy. I wonder if I have the logic backwards for the "Excluded environments" tab:

seadude_0-1612533306238.png

- The one I "added" is the one I actually WANT the policy to apply to

- Whereas it appears the logic is "add the Environments you want excluded from the policy"

  - (Add the one you want excluded)

I think this would be much simpler IF

  - Add the one you want included . 

  - Its not too often I add -1 to a value in order to subtract!

I think this is the issue. I'll change this and test again. 

seadude
Memorable Member
Memorable Member

Now I'm really confused! I guess the logic is indeed "Add to policy.." sheesh. Still investigating.

seadude
Memorable Member
Memorable Member

@Mira_Ghaly  No other policies applied to the Environment. 

- "dev_dlp_policy" only applies to the DEV env:

seadude_2-1612534030340.png

- "default_env_lockdown" only applies to my default Env. 

seadude_3-1612534068381.png

 

Any other ideas for things I could check for?

seadude
Memorable Member
Memorable Member

Ok! Now I'm convinced that the DLP UI/UX is out to get me!

How confusing is this? 

- Looking at the highlevel view of a DLP, the message says: "Applies to all Environments except 1"

seadude_0-1612536307070.png

- When I open the details of that DLP, it shows the opposite!: "1 Environment added to policy"

seadude_1-1612536353545.png

So which is it?!? Does the DLP apply to all Environments except for 1 or only 1 Environment. 

 

 

seadude
Memorable Member
Memorable Member

Now that I'm done:

- Explaining the problem

- Researching and investigating

- Solving the problem

Let me post the solution. 

1. The DLP UI is misleading. This is not true:

  a. The Environments shows as "Added to policy" are in fact EXCLUDED from the DLP

seadude_0-1612538797068.png

2. This is how it should read:

seadude_1-1612538844777.png

seadude_2-1612538867555.png

 

Test:

1. Initial issue reported is present when only DEV env is "Added to Policy"

seadude_3-1612538926178.png

2. Remove DEV env from the "Added to policy" section. Add the other 3 env's to "Added to policy" section as shown above.

  a. Wait ~15-20mins for policy to propagate

  b. Delete Flow AND Connection

3. Test original issue again...

seadude_4-1612539063929.png

 

Now granted, that was only ~2-3 hours of my precious life on earth, but still. I'd appreciate a bit more vetting of the UI AND the docs before releasing something like this in the future. 

 

Helpful resources

Announcements
Power Platform Conf 2022 768x460.jpg

Join us for Microsoft Power Platform Conference

The first Microsoft-sponsored Power Platform Conference is coming in September. 100+ speakers, 150+ sessions, and what's new and next for Power Platform.

Power Platform Call June 2022 768x460.png

Power Platform Community Call

Join us for the next call on June 15, 2022 at 8am PDT.

PA Virtual Workshop Carousel 768x460.png

Register for a Free Workshop

This training provides practical hands-on experience in creating Power Apps solutions in a full-day of instructor-led App creation workshop.

PA.JPG

New Release Planning Portal (Preview)

Check out our new release planning portal, an interactive way to plan and prepare for upcoming features in Power Platform.

Users online (4,398)