If you are a Power Platform admin, you can find the relevant information in the following Microsoft article: https://learn.microsoft.com/en-us/power-platform/admin/create-dlp-policy
Unfortunately, it’s not clear from the article how to create a DLP policy as a System Administrator managing just one or multiple environments and not having a Power Platform admin role and superpowers.
This is how it works for a System administrator who is not a Power Platform admin.
As a System admin, I go to the Power Platform Admin center (https://admin.powerplatform.microsoft.com/dlp):
Here I can see tenant-level policies but I can’t edit them.
I click on the New Policy button to launch the wizard:
The experience is slightly different from the tenant admin experience.
On the Environments step I could only see my environments, multiple of them (if I manage multiple) but I can only create a policy for one environment at a time.
Now I can assign/classify connectors. It also says something about custom connectors in the message at the top but I don’t see it’s working maybe because I have no custom connectors on my environment. So will test this later.
And now I can save it.
As you can see my policy is listed under Data policies with the scope Environment.
At last, I have a valid question: can I view, edit, or delete the policy as a Power Platform admin?
And the answer is Yes. As it should be.
Important !!!
You can’t overwrite the tenant-level policies set up by a Power Platform admin via setting up an environment-level policy if your environment is included in the tenant policy scope.
The environment policy will work “your way” if your environment is excluded from the tenant-level DPL policy.
Otherwise – Happy days!
1 thought on “As a System Administrator, I would like to create a DLP policy for my environment(s) so I can help protect data in my organization”