Flow – Environments and Data Protection

Microsoft Power Platform

The Power Platform are tools that will facilitate organisations digital excellence journeys.

Organisations have the need to start working with these tools and to eliminate daily processes in their company that are time laborious. The question: how do you control and protect the organisational data, whilst empowering employees with these power tools. Enabling employees without structure, process and governance opens organisational risk. Having the ability to send data to third party application, has been identified as an area of concern from the focus groups I have attended.

Not allowing the end users to use these tools, can hold or even bring the digital excellence journey to a stop. We are seeing now, a gap, between organisations who are empowering their people with the Power Platfom and those that do not.

Protecting your data and control the environments of your Flows

Those who know me, know I am an advocate of process. Process adoption is integral to a successful digital excellence journey. Governance and Data loss prevention will be forefront of any decisions. Considerations:

  • People: Defining key users within your company (that can become those Citizen Developers)
  • Control:  Creating a Microsoft Flow environments for Flows personal usage, test and production environment. Also control created environments by none key users.

How can we protect are data? Using Data Loss Prevention (DLP) policies, to protect your data when using PowerApps and Microsoft Flow. It’s possible.

Environments provide the following benefits:

  • Data locality: Environments can be created in different regions and they’re bound to that geographic location. When you create a flow in an environment, that flow is routed to all datacenters in that geographic location. This also provides a performance benefit. If your users are in Europe, create and use the environment in the Europe region. If your users are in the United States, create and use the environment in the U.S. Important If you delete the environment, then all flows within that environment are also deleted. This applies to any items you create in that environment, including connections, gateways, PowerApps, and more.
  • Data loss prevention: As an Administrator, you don’t want flows that get data from an internal location (such as OneDrive for Business or a SharePoint list that contains salary information), and then post that data publicly (such as to Twitter). Use data loss prevention to control which services can share data within your Microsoft Flow deployment. For example, you can add the SharePoint and OneDrive for Business services to a business data only policy. Any flows created in this environment can use SharePoint and OneDrive for Business services. However, they won’t be able to share data with other services that aren’t included in the business data only policy. Note Data loss prevention is available with some license skus, including the P2 license.
  • Isolation boundary for all resources: Any flows, gateways, connections, custom connectors, and so on reside in a specific environment. They don’t exist in any other environments.
  • Common Data Service: Here are your options if you want to create a flow that inserts data into a service:
    • Insert data into an Excel file, and store the Excel file in a cloud storage account, such as OneDrive.
    • Create a SQL Database, and then store your data in it.
    • Use the Common Data Service to store your data. Every environment can have a maximum of one database for your flows in the Common Data Service. Access to the Common Data Service depends on the license you’ve purchased; the Common Data Service isn’t included with the Free license.

How to: Create an environment

In the Microsoft Flow admin center, select Environments. You’ll see all existing environments:

Select New environment and then provide the required information: Property Description Environment Name Enter the name of your environment, such as Human Resources, or Europe flows. Region Choose the location to host your environment. For the best performance, use a region closest to your users. Environment Type Choose an environment type based upon your license: Production or Trial.

Click Create environment.

You now have an option to Create database or Skip.

If you choose to Create Database, you will be prompted for a Currency and Language for the Database. In addition, you can also choose to have sample apps and data deployed.

You can now add users to the environment.

How to: Create a DLP policy

Prerequisites: To create a DLP policy, you must have permissions to at least one environment.

Follow these steps to create a DLP policy that prevents data in your company’s SharePoint site from being published to Twitter:

  1. Sign into the Microsoft Flow Admin center (Admin center).
  2. Select the Data Policies tab, and then select the New policy link:
  1. Select the Data groups tab.
  2. Enter the name of the DLP policy as Secure Data Access for Contoso in the Data Policy Name label at the top of the page:

Select the environment on the Environments tab.

Note As an environment admin, you can create policies that apply to only a single environment. As a tenant admin, you can create policies that apply to any combination of environments:

Select the Data groups tab:

Select the Add link located inside the Business data only group box:

Select the SharePoint and Salesforce connectors from the Add connectors page:

Select the Add connectors button to add the connectors that can share business data.

Select Save Policy in the top right corner of the screen.

After a few moments, your new DLP policy will be displayed in the data loss prevention policies list:

Optional Send an email or other communication to your team, alerting them that a new DLP policy is now available.

Take out

Embrace technology and tools which will enhance your digital excellence journey. Trust the tools which can help with business process optimisation. Adopt key processes to safeguard, in this scenario, Controlling the usage with data loss policies for each environment will add an extra layer of control and protects your data being exposed without consent.



Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s