Powerapps DLP Policy – Exclude Teams Environments Script

Last month I have shared an article on how to Exclude Teams Environments from PowerAPPS DLP policy

This article is in continuation along the same lines, I am sharing the script that can be utilized to achieve this.

What this script does extra?

  • It will collect all the existing exclusion from the default DLP policy & Store it in the logs folder
  • Collect all the teams only environments & store that as well in the logs folder.
  • Exclude both types from the DLP policy.

This will be running daily so that if any new exclusion (Non-Team) or any new Teams environment gets created you do not have to do any manual work as it will take care of it.

Logs are maintained so you are aware which environments got excluded.

Prerequisites for this solution:

Download and extract the Script Zip from GitHub.

https://github.com/VikasSukhija/Downloads/blob/master/PowerAPPSDLPTeamsEnvExclusions.zip


Next step is to unblock both files if they are blocked.

Now edit the PowerAPPSDLPTeamsEnvExclusions.ps1 and update the below variables:


$countofchanges à this is extra check, just keep it less than the excluded environments (non Teams) that you have in the policy.

For example, I currently have 13 so I added 10, just in case fetching is issue and it fetches less than 10, script will stop without making any changes.

$logrecyclelimit à recycle logs after days (60 means after 60 days delete the log files)

$defaultDLPPolicy à DLP policy id from which you want to exclude the team environments.

$defaultDLPPolicyDisplayanmeà DLP policy Display Name of the policy from which you want to exclude the team environments.

$teamspolicyidà DLP policy id for team environments.

$teamspolicydisplaynameà DLP policy Display Name for team environments.

You can run the script now, first time run it interactively, after that you can schedule it.

Note: Script will auto generate encrypted password first time it is run and save it in the same folder.


Now when you will check Powerapps DLP policy, you will find that DLP policy has been updated with exclusions of Team environments + already excluded Non-Team Environments.

Default DLP


Teams DLP will have all team environments.


This script will assist many of the PowerApps admins that are facing similar issues where they have disabled CDS in default DLP policy.

 

Thanks for reading and downloading…

Tech Wizard

https://techwizard.cloud

https://syscloudpro.com/

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s