Exclude Teams Environments from PowerAPPS DLP policy

I have written the article in June about Issue Reporting Teams APP – app isn’t compliant with the latest data loss prevention policies.

At that time there was no solution about the issue where organization has Default DLP policy where they do not allow CDS

and then user wants to install apps in team that requires CDS which resulted in below error:

 


 

To overcome this Microsoft has provided a PowerShell function that you can schedule it to run on daily basis.

This function will grab all the team environments that are created because of some app installation and will exclude them from default DLP policy or any DLP policy that you want.

Here are the steps that you need to follow:

Create a DLP policy in PowerApps specifically for Microsoft Team, make sure the DLP policy that is created or that you use is scoped to environments.


  1. Install Latest Powerapps Administration module from PowerShell gallery

    Install-Module -Name Microsoft.PowerApps.Administration.PowerShell -Force

  2. Copy the functions mentioned in link UpdatePolicyEnvironmentsForTeams to .ps1 file.


    Note: Copy all the functions, at first, I just copied UpdatePolicyEnvironmentsForTeams and on execution I got the error as it was calling one other function from inside it.

  1. Connect to Powerapps environment (ADD-PowerAppsAccount)


  2. Once connected, dot source the function file.

    . .\UpdatePolicyEnvironmentsForTeams.ps1


  3. Now you will be able to use the UpdatePolicyEnvironmentsForTeams function

We want to add all team environments to Teams Policy that We created and exclude all team environments from the default policy.

We also have some environments that We want to exclude from default policy, so we will add those environments ids in the text file.

$excludeenv = get-content .\Enviornmentstoexclude.txt


UpdatePolicyEnvironmentsForTeams -OnlyEnvironmentsPolicyName 5c002221-b443-455e-9d0c-65555bea36555a4 -OnlyEnvironmentsPolicyDisplayName “Teams Policy” -ExceptEnvironmentsPolicyName 4444443-5e06-4558-a8e8-3044444b168b -ExceptEnvironmentsPolicyDisplayName “Policy 16:11:07 02-12-2018” -ExceptionEnvironmentIds $excludeenv


Note: Policy Name and Policy Display name should be for same policy.

Now if you check the DLP policies you will see Team environments are excluded from default DLP as well as added to their own DLP policy.

You can now schedule it if you want by making a small script.

Reference: Microsoft Dataverse for Teams environment

 

 

Thanks for reading…….

Tech Wizard

https://techwizard.cloud

https://syscloudpro.com/

 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s