cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Reply
leo85
Super User
Super User

Enforce DLP for Power Automate desktop for private MS account

‎06-22-2022 05:11 AM

Hi,

I'm trying to find out if it is possible to block certain actions in Power Automate Desktop for a whole PC.

DLP policies for Power Automate Desktop are currently in public preview. If I log in to my work account with Power Automate Desktop the policy is being enforced.

But if I can still sign in to PA Desktop with my private MS account, in which case the policy is not enforced. So we have the potential problem that DLP policies are not enforceable for all users, since users can simply create a private MS account and log into Power Automate Desktop with that account. Afterwards they will still have access to all resources on the machine, but without a DLP in place.

 

Is there a way to enforce the DLP policy for all flows on a computer and not only for the signed in user?

 

Best Regards

Labels:
Message 1 of 4
114 Views
0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions
Pstork1
Dual Super User
Dual Super User

‎06-22-2022 06:18 AM

Those DLP polices are stored in your Power Platform environment.  When a Microsoft account logs in to Power Automate Desktop then don't have access to the Power Platform environments in your tenant.  Their flows are stored in consumer OneDrive (not OneDrive for Business). That's why the policies don't apply.  However there is a registry key that can be set on a machine that prevents people from logging in to PAD with a Microsoft account.  In that way the DLP policy will always apply.  You can read about it here: Governance in Power Automate - Power Automate | Microsoft Docs



-------------------------------------------------------------------------
If I have answered your question, please mark your post as Solved.
If you like my response, please give it a Thumbs Up.

View solution in original post

Message 2 of 4
107 Views
3 REPLIES 3
Pstork1
Dual Super User
Dual Super User

‎06-22-2022 06:18 AM

Those DLP polices are stored in your Power Platform environment.  When a Microsoft account logs in to Power Automate Desktop then don't have access to the Power Platform environments in your tenant.  Their flows are stored in consumer OneDrive (not OneDrive for Business). That's why the policies don't apply.  However there is a registry key that can be set on a machine that prevents people from logging in to PAD with a Microsoft account.  In that way the DLP policy will always apply.  You can read about it here: Governance in Power Automate - Power Automate | Microsoft Docs



-------------------------------------------------------------------------
If I have answered your question, please mark your post as Solved.
If you like my response, please give it a Thumbs Up.
Message 2 of 4
108 Views
leo85
Super User
Super User
In response to Pstork1

‎06-22-2022 06:24 AM

Hi @Pstork1 ,

thanks for the answer. Just for clarification: If I set that registry key, users cannot sign in to PAD with the private MS account, but they can still sign in with their work or school account. Is that correct?

Message 3 of 4
106 Views
0 Kudos
Pstork1
Dual Super User
Dual Super User
In response to leo85

‎06-22-2022 06:34 AM

Correct.  That registry key just blocks users from logging in with MS accounts, not Organizational accounts.  The registry key would need to be set on each machine.  That can normally be done using Group policies in your Domain.



-------------------------------------------------------------------------
If I have answered your question, please mark your post as Solved.
If you like my response, please give it a Thumbs Up.
Message 4 of 4
103 Views

Helpful resources

Announcements
Power Automate News & Announcements

Power Automate News & Announcements

Keep up to date with current events and community announcements in the Power Automate community.

Community Calls Conversations

Community Calls Conversations

A great place where you can stay up to date with community calls and interact with the speakers.

Power Automate Community Blog

Power Automate Community Blog

Check out the latest Community Blog from the community!

View All
Top Solution Authors
View All
Top Kudoed Authors
View All
Users online (4,418)