I have written the article in June about Issue Reporting Teams APP – app isn’t compliant with the latest data loss prevention policies.
At that time there was no solution about the issue where organization has Default DLP policy where they do not allow CDS
and then user wants to install apps in team that requires CDS which resulted in below error:
To overcome this Microsoft has provided a PowerShell function that you can schedule it to run on daily basis.
This function will grab all the team environments that are created because of some app installation and will exclude them from default DLP policy or any DLP policy that you want.
Here are the steps that you need to follow:
Create a DLP policy in PowerApps specifically for Microsoft Team, make sure the DLP policy that is created or that you use is scoped to environments.
Install Latest Powerapps Administration module from PowerShell gallery
Install-Module -Name Microsoft.PowerApps.Administration.PowerShell -Force
Copy the functions mentioned in link UpdatePolicyEnvironmentsForTeams to .ps1 file.
Note: Copy all the functions, at first, I just copied UpdatePolicyEnvironmentsForTeams and on execution I got the error as it was calling one other function from inside it.
Connect to Powerapps environment (ADD-PowerAppsAccount)
Once connected, dot source the function file.
- Now you will be able to use the UpdatePolicyEnvironmentsForTeams function
We want to add all team environments to Teams Policy that We created and exclude all team environments from the default policy.
We also have some environments that We want to exclude from default policy, so we will add those environments ids in the text file.
$excludeenv = get-content .\Enviornmentstoexclude.txt
UpdatePolicyEnvironmentsForTeams -OnlyEnvironmentsPolicyName 5c002221-b443-455e-9d0c-65555bea36555a4 -OnlyEnvironmentsPolicyDisplayName “Teams Policy” -ExceptEnvironmentsPolicyName 4444443-5e06-4558-a8e8-3044444b168b -ExceptEnvironmentsPolicyDisplayName “Policy 16:11:07 02-12-2018” -ExceptionEnvironmentIds $excludeenv
Note: Policy Name and Policy Display name should be for same policy.
Now if you check the DLP policies you will see Team environments are excluded from default DLP as well as added to their own DLP policy.
You can now schedule it if you want by making a small script.
Reference: Microsoft Dataverse for Teams environment
Thanks for reading…….