1. Allow admins to prevent use of selected connectors, by adding connectors to blacklist.
The Data Loss Prevention policy will not prevent usage of a connector, only usage of that connector in combination with another. Admins will want a way of preventing use of a connector entirely. Just because a user has a license and privileges to access a SaaS application user front end, it doesn't mean admins want to allow users to execute Flows against it.
e.g. With Common Data Service connector alone in a DLP, this will not prevent a Flow user from creating a task every time a phonecall is created. Only their CDS/D365CE access and privileges will constrain this. e.g. with D365 and Office 365 Outlook in the same DLP business data category, a user using Flow could export large amounts of data and send themselves an email. This by-passes the security role config Export to Excel disabled for the base user role in CDS/D365CE
2. Blacklist domain credentials
Even if the use of connectors is allowed within the DLP policy, data leakage could still occur because the user could use user credentials outside of the Flow environment domain. My enterprise CDS/D365CE connector in combination with a personal free trial CDS/D365CE could lead to widespread data loss.
e.g. List records against an enterprise valuabledata.crm4 CDS connection, with Apply to each Create a record against personal rippedoffdata.crm11 CDS connection
Instead, allow admins to restrict which domain connection credentials may be used within an allowed DLP connector list. This against Flows created within the environment domain AND Flows created in external environment domains which connect to my enterprise domain