Power Platform of Microsoft (Power Apps, Microsoft Flow and Power BI) are tools that will help you, with your digital transformation 4.0.

Microsoft Power Platform

In the coming years, we will look at digital transformation 4.0 to optimize are business processes, production environments, healthcare, …

Currently I hear a lot of customers that are really have the need to start working with these tools and to eliminate daily processes in their company that are time consuming. But they have question about how-to control and protect the company data, when empowering your employees with these powerful tools. Laying this trust in the hands of your employees, is protecting you for persons that have not the intention to be decent for your company. Having the ability to send data to third party application, is one of the biggest concurs that some companies have.

Not allowing the end users to use these tools, can hold or even bring the digital transformation to a stop in your company. In the coming years, we will see a gap arising, between businesses that are empowering these tools and those that don’t embraces them. Do you not want to be a winner?!

Protecting your data and control the environments of your Flows?

This process will be the hardest part of your digital transformation and this is making some decisions about governance and Data loss prevention. There are several steps, like:

  • Team: Defining key users within your company (that can become those Citizen Developers)
  • Control:  Creating a Microsoft Flow environments for Flows personal usage, test and production environment. But also control created environments by none key users. (Deletion of environments that are not supported by the organization)

Below an answer on the question: How can we protect are data?
Using Data Loss Prevention (DLP) policies, to protect your data when using PowerApps and Microsoft Flow. It’s possible.

More detailed information about environments:

Short note about Environments

Environments can be used because of:
Geographic location: Environment can be assigned to a geographic location (region). This means when users are in Belgium with the region defined as Europe. Result in a better performance outcome.
Data Loss Prevention: DLP Policies can be assigned to an environment. In this policy you define which application can used to handle business data.
Isolation boundary: Any resource of a flow in one environment, doesn’t exist in another environment
Common Data Services

How-to create a new environment.

These can be created as such:

Go to the Admin Center

Click «New environment»

New environment

Give a proper name to the environment and select region and type (type is depending on your Microsoft Flow licenses, more about licenses)

In this example we skipped the creation of the database. Next will define a Data Loss Prevention policy into the environment to protect business data.
Go to Data policies.

Create new policy by selecting the New Policy item.

Choose an environment, where a data loss policy need to be activated on.

Define which data applications can be used to handle business data only.
Business data only: This section will contain the apps that are allowed to use with business data. Default this is the default data group. Microsoft recommend this to leave this group as the default group.
No Business data allowed: This section will contain the apps that are not allowed to use with business data. Users that will try to use these apps will get a notification that it’s not allowed to use the selected app in the flow because of a data loss prevention policy.

Click “Save Policy”, to save and activated your DLP – policy.

Creating a Flow example with a connection to Google Drive will have the following result. The user will have a notification that saving of the created flow is not possible because of a Data Loss Prevention Policy. At this moment we protect the business data to be moved outside of the company.

But as example we add the Google Drive connection to the data loss policy. and add the connector to the default group. What will happen?

When the connector has been added to the business data only – default group. The users will have the possibility to save flows with a Google Drive connector at from the moment the policy has been saved.

Removing selected connectors that are allowed to use business data, is very straight forward, by adding the connector back to the “No business data allowed”- group. Flow with the connector that has been moved to this group, will be disabled in the list of flows.

Following notification will be displayed in the users notifications box.

More about environments and Data Loss Policy within Microsoft Flow can be found here:


We don’t need to be afraid of the tools that can help you with optimizing business processes. Controlling the usage with data loss policies for each environment will add an extra layer of control and protects your data being exposed to the outside.

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: