As a System Administrator, I would like to create a DLP policy for my environment(s) so I can help protect data in my organization

If you are a Power Platform admin, you can find the relevant information in the following Microsoft article: https://learn.microsoft.com/en-us/power-platform/admin/create-dlp-policy

Unfortunately, it’s not clear from the article how to create a DLP policy as a System Administrator managing just one or multiple environments and not having a Power Platform admin role and superpowers.

This is how it works for a System administrator who is not a Power Platform admin.

As a System admin, I go to the Power Platform Admin center (https://admin.powerplatform.microsoft.com/dlp):

Here I can see tenant-level policies but I can’t edit them.

I click on the New Policy button to launch the wizard:

The experience is slightly different from the tenant admin experience.

On the Environments step I could only see my environments, multiple of them (if I manage multiple) but I can only create a policy for one environment at a time.

Now I can assign/classify connectors. It also says something about custom connectors in the message at the top but I don’t see it’s working maybe because I have no custom connectors on my environment. So will test this later.

And now I can save it.

As you can see my policy is listed under Data policies with the scope Environment.

At last, I have a valid question: can I view, edit, or delete the policy as a Power Platform admin?

And the answer is Yes. As it should be.

Important !!!

You can’t overwrite the tenant-level policies set up by a Power Platform admin via setting up an environment-level policy if your environment is included in the tenant policy scope.

The environment policy will work “your way” if your environment is excluded from the tenant-level DPL policy.

Otherwise – Happy days!