cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
leo85
Super User
Super User

Enforce DLP for Power Automate desktop for private MS account

Hi,

I'm trying to find out if it is possible to block certain actions in Power Automate Desktop for a whole PC.

DLP policies for Power Automate Desktop are currently in public preview. If I log in to my work account with Power Automate Desktop the policy is being enforced.

But if I can still sign in to PA Desktop with my private MS account, in which case the policy is not enforced. So we have the potential problem that DLP policies are not enforceable for all users, since users can simply create a private MS account and log into Power Automate Desktop with that account. Afterwards they will still have access to all resources on the machine, but without a DLP in place.

 

Is there a way to enforce the DLP policy for all flows on a computer and not only for the signed in user?

 

Best Regards

1 ACCEPTED SOLUTION

Accepted Solutions
Pstork1
Dual Super User
Dual Super User

Those DLP polices are stored in your Power Platform environment.  When a Microsoft account logs in to Power Automate Desktop then don't have access to the Power Platform environments in your tenant.  Their flows are stored in consumer OneDrive (not OneDrive for Business). That's why the policies don't apply.  However there is a registry key that can be set on a machine that prevents people from logging in to PAD with a Microsoft account.  In that way the DLP policy will always apply.  You can read about it here: Governance in Power Automate - Power Automate | Microsoft Docs



-------------------------------------------------------------------------
If I have answered your question, please mark your post as Solved.
If you like my response, please give it a Thumbs Up.

View solution in original post

3 REPLIES 3
Pstork1
Dual Super User
Dual Super User

Those DLP polices are stored in your Power Platform environment.  When a Microsoft account logs in to Power Automate Desktop then don't have access to the Power Platform environments in your tenant.  Their flows are stored in consumer OneDrive (not OneDrive for Business). That's why the policies don't apply.  However there is a registry key that can be set on a machine that prevents people from logging in to PAD with a Microsoft account.  In that way the DLP policy will always apply.  You can read about it here: Governance in Power Automate - Power Automate | Microsoft Docs



-------------------------------------------------------------------------
If I have answered your question, please mark your post as Solved.
If you like my response, please give it a Thumbs Up.

Hi @Pstork1 ,

thanks for the answer. Just for clarification: If I set that registry key, users cannot sign in to PAD with the private MS account, but they can still sign in with their work or school account. Is that correct?

Correct.  That registry key just blocks users from logging in with MS accounts, not Organizational accounts.  The registry key would need to be set on each machine.  That can normally be done using Group policies in your Domain.



-------------------------------------------------------------------------
If I have answered your question, please mark your post as Solved.
If you like my response, please give it a Thumbs Up.

Helpful resources

Announcements
Power Automate News & Announcements

Power Automate News & Announcements

Keep up to date with current events and community announcements in the Power Automate community.

Community Calls Conversations

Community Calls Conversations

A great place where you can stay up to date with community calls and interact with the speakers.

Power Automate Community Blog

Power Automate Community Blog

Check out the latest Community Blog from the community!

Top Solution Authors
Top Kudoed Authors
Users online (4,622)