cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
leo85
Super User
Super User

Enforce DLP for Power Automate desktop for private MS account

Hi,

I'm trying to find out if it is possible to block certain actions in Power Automate Desktop for a whole PC.

DLP policies for Power Automate Desktop are currently in public preview. If I log in to my work account with Power Automate Desktop the policy is being enforced.

But if I can still sign in to PA Desktop with my private MS account, in which case the policy is not enforced. So we have the potential problem that DLP policies are not enforceable for all users, since users can simply create a private MS account and log into Power Automate Desktop with that account. Afterwards they will still have access to all resources on the machine, but without a DLP in place.

 

Is there a way to enforce the DLP policy for all flows on a computer and not only for the signed in user?

 

Best Regards

1 ACCEPTED SOLUTION

Accepted Solutions
Pstork1
Dual Super User
Dual Super User

Those DLP polices are stored in your Power Platform environment.  When a Microsoft account logs in to Power Automate Desktop then don't have access to the Power Platform environments in your tenant.  Their flows are stored in consumer OneDrive (not OneDrive for Business). That's why the policies don't apply.  However there is a registry key that can be set on a machine that prevents people from logging in to PAD with a Microsoft account.  In that way the DLP policy will always apply.  You can read about it here: Governance in Power Automate - Power Automate | Microsoft Docs



-------------------------------------------------------------------------
If I have answered your question, please mark your post as Solved.
If you like my response, please give it a Thumbs Up.

Join me at 365EduCon in Chicago on Sept. 26-30 where I'll be presenting on the Power Platform!

View solution in original post

3 REPLIES 3
Pstork1
Dual Super User
Dual Super User

Those DLP polices are stored in your Power Platform environment.  When a Microsoft account logs in to Power Automate Desktop then don't have access to the Power Platform environments in your tenant.  Their flows are stored in consumer OneDrive (not OneDrive for Business). That's why the policies don't apply.  However there is a registry key that can be set on a machine that prevents people from logging in to PAD with a Microsoft account.  In that way the DLP policy will always apply.  You can read about it here: Governance in Power Automate - Power Automate | Microsoft Docs



-------------------------------------------------------------------------
If I have answered your question, please mark your post as Solved.
If you like my response, please give it a Thumbs Up.

Join me at 365EduCon in Chicago on Sept. 26-30 where I'll be presenting on the Power Platform!

Hi @Pstork1 ,

thanks for the answer. Just for clarification: If I set that registry key, users cannot sign in to PAD with the private MS account, but they can still sign in with their work or school account. Is that correct?

Pstork1
Dual Super User
Dual Super User

Correct.  That registry key just blocks users from logging in with MS accounts, not Organizational accounts.  The registry key would need to be set on each machine.  That can normally be done using Group policies in your Domain.



-------------------------------------------------------------------------
If I have answered your question, please mark your post as Solved.
If you like my response, please give it a Thumbs Up.

Join me at 365EduCon in Chicago on Sept. 26-30 where I'll be presenting on the Power Platform!

Helpful resources

Announcements
Power Platform Conf 2022 768x460.jpg

Join us for Microsoft Power Platform Conference

The first Microsoft-sponsored Power Platform Conference is coming in September. 100+ speakers, 150+ sessions, and what's new and next for Power Platform.

New Ideas Forum MPA.jpg

A new place to submit your Ideas for Power Automate

Announcing a new way to share your feedback with the Power Automate Team.

MPA Virtual Workshop Carousel 768x460.png

Register for a Free Workshop

Learn to digitize and optimize business processes and connect all your applications to share data in real time.

Super User 2 - 2022 Congratulations 768x460.png

Welcome Super Users

The Super User program for 2022- Season 2 has kicked off!

Top Solution Authors
Top Kudoed Authors
Users online (2,908)