cancel
Showing results for 
Search instead for 
Did you mean: 

Separate Triggers and Actions in Data Loss Prevention Policies

In my company, we use separate Data Loss Prevention Policies in separate environments. We often have the case that we would like to restrict Flow triggers more than flow actions.

E.g. in our default environment we would like to allow only SharePoint triggers but not Outlook triggers, because we suspect misuse of Power Automate as extended personal Outlook rule machine, which could quickly eat up our monthly Flow contingent. Outlook actions, though, should be possible inside a flow to inform people via e-mail.

In another environment - for corporate communication - we would possibly allow Twitter as a trigger to start flows on messages about our company, but we would not allow further Twitter actions, especially not posting to Twitter...

To date this is not possible - if the actions are in "Business Data allowed", the triggers are too. Thus we would like to see a separation between triggers and actions in the Data Loss Prevention Policies.

Status: New
Comments
Microsoft

@lexWeinhthanks for the suggestion. We are actively evaluating directionality support in the connectors to facilitate read actions only vis-à-vis read and write operations. We will add your ask to the product backlog and post back as plans solidify.