Live Publish (02/05/2025 11:00:01 AM)

Author: bishalgoswami

power-platform/admin/TOC.yml

@@ -579,7 +579,11 @@
                       - name: Connector classification
                         href: dlp-custom-connector-parity.md
                     - name: DLP for Power Automate
-                      href: prevent-data-loss.md
+                      items:
+                        - name: Overview
+                          href: prevent-data-loss.md
+                        - name: Identifying blocked flows
+                          href: identify-blocked-flows-data-policies.md
                     - name: DLP for desktop flows
                       href: /power-automate/prevent-data-loss
                     - name: DLP for Copilot Studio

power-platform/admin/connector-action-control.md

@@ -1,9 +1,9 @@
 ---
-title: "Connector action control | MicrosoftDocs"
+title: Connector action control
 description: You can use connector action control to allow or block individual actions within a given connector.
 ms.component: pa-admin
 ms.topic: conceptual
-ms.date: 1/29/2024
+ms.date: 02/05/2025
 ms.subservice: admin
 author: mikferland-msft
 ms.author: miferlan
@@ -23,7 +23,12 @@ search.app:
 
 # Connector action control
 
-You can use connector action control to allow or block individual actions within a given connector.
+You can use connector action control to allow or block individual actions or triggers within a given connector.
+
+> [!IMPORTANT]
+> In February 2025, support for triggers is added to the connector action control. This can be administered through PowerShell. Support for triggers is planned for the Power Platform admin center in the future, as well.
+>
+> Making changes to policies through the Power Platform admin center doesn't remove triggers that were added via PowerShell.
 
 1. Sign in to the [Power Platform admin center](https://admin.powerplatform.microsoft.com) as a System Administrator. 
 1. On the left navigation pane, select **Policies** > **Data policies**.
@@ -47,6 +52,9 @@ You can use connector action control to allow or block individual actions within
 
 ## Known limitations
 
+### Triggers are only supported in PowerShell
+Support for allowing and blocking individual triggers is currently available only via PowerShell. Support is planned for the Power Platform admin center in the future. For an example of how to allow triggers that're already in use by Power Automate flows, see [Identify blocked Power Automate flows](identify-blocked-flows-data-policies.md).
+
 ### Admins need to have maker access to Power Apps
 
 The list of connector actions is retrieved using calls to Power Apps on behalf of the admin. The admin must sign in to [Power Apps](https://make.powerapps.com) and have access to complete the user consent process. If the admin doesn't have access to [Power Apps](https://make.powerapps.com), then the list of connector actions won't be retrieved.

power-platform/admin/dlp-known-issues.md

@@ -2,12 +2,13 @@
 title: Known limitations for data loss prevention (DLP) policies
 description: Learn more about the known limitations when using our suite of data loss prevention (DLP) capabilities.
 ms.topic: conceptual
-ms.date: 11/04/2024
+ms.date: 02/05/2025
 ms.subservice: admin
 author: mikferland-msft
 ms.author: miferlan
 ms.reviewer: sericks
 contributors:
+  - laneswenka
   - mikferland-msft
   - mihaelablendea
   - ChrisGarty
@@ -20,7 +21,8 @@ search.audienceType:
 Below are known limitations to know about when using our suite of data loss prevention (DLP) capabilities:
 
 ## General
-- If you delete an environment and it's still within the 7-day recovery period, you'll still be able to see it in DLP policies when you view them in PowerShell. Once the recovery period ends, the environment is permanently deleted. However, it may take up to 7 days for all references to the environment to be automatically removed from your DLP policies.
+- Runtime enforcement is being allowed across all Power Platform regions. For customers who have used the [connector action control](connector-action-control.md) to block all new actions for a given connector, this could block triggers implicitly.  To identify and resolve any blocked triggers, review [Identify blocked Power Automate flows](identify-blocked-flows-data-policies.md) for a script to review and add to your policies.
+- If you delete an environment and it's still within the seven day recovery period, you can see it in DLP policies when you view them in PowerShell. Once the recovery period ends, the environment is permanently deleted. However, it may take up to seven days for all references to the environment to be automatically removed from your DLP policies.
 - There's limited support for DLP actions in the [Power Platform for Admins connector](/connectors/powerplatformforadmins/). The ability to block a connector is only supported in the DLP actions labeled with "V2" (such as "Create DLP Policy V2"). Connector action control, connector endpoint filtering, and DLP for custom connectors can't be configured using the Power Platform for Admins connector.
 - Tabular functions in the [Power Apps expression language](/powerapps/maker/canvas-apps/formula-reference) can't be governed with DLP.
 - Solution flows need to be activated once, to create a runtime representation, before they can be targeted for DLP enforcement exemption using the [Set-PowerAppDlpPolicyExemptResources cmdlet](/powershell/module/microsoft.powerapps.administration.powershell/set-powerappdlppolicyexemptresources). If activation of the flow isn't allowed as-is because of a current DLP violation, then you could make changes to avoid violations, save, activate, add the exemption, then edit as desired with the exemption active.
@@ -42,5 +44,5 @@ Power Apps treats [Dataverse native](/power-apps/maker/canvas-apps/data-platform
 
 [!INCLUDE[footer-include](../includes/footer-banner.md)]
 
-### See also
+### Related content
 [DLP for desktop flows](/power-automate/prevent-data-loss#data-loss-prevention-dlp-for-desktop-flows-preview)