Power Platform - General
Category
Oct 17, 2023
Published date
Text
Article Type
AI Summary
- The article discusses the importance of Data Loss Prevention (DLP) policies in securing Power Platform environments.
- DLP policies can prevent users from using connections from unapproved sources to pull or push data outside of the tenant.
- It is important to maintain different DLPs for different environments and modify them as new requirements arise.
- While DLPs are effective in stopping Power Apps and Power Automate Flows from connecting to different sources, they do not apply to Power Virtual Agent (PVA) bots by default.
- PVA bots have certain features, such as authenticated access and access to Skills, which can be restricted by DLPs.
- The "No Authentication" option in PVA bot configuration allows the bot to be deployed anywhere and accessed by anyone, which can lead to data breaches if sensitive information is involved.
- To disable the "No Authentication" option, the DLP setting called "Chat without Azure AD Authentication in Power Virtual Agents" should be blocked.
- However, before this setting can take effect, the DLP for PVA needs to be enabled, as it is turned off by default.
- The article provides a PowerShell script to enable the PVA DLP enforcement and offers additional scripts to turn DLP enforcement on or off, do a soft turn on, and exclude certain bots.
- Once the PVA DLP enforcement is enabled, it becomes possible to prevent users from creating bots with no authentication and block other actions specified in the DLP policies.
Registered users can view the full text for FREE!
Sign In Now!