Microsoft 365 Compliance for Power Platform helps organizations enforce security, data protection, and governance policies across Power Apps, Power Automate, and Power BI. PowerShell allows administrators to manage compliance settings efficiently.
This guide covers:
Connecting to Microsoft Compliance Center using PowerShell
Listing Compliance Policies for Power Platform
Configuring Data Loss Prevention (DLP) Policies
Managing Sensitivity Labels in Power Platform
Auditing User Activities and Security Events
Exporting Compliance Reports
Step 1: Prerequisites
1. Install Microsoft Compliance PowerShell Modules
Ensure you have the necessary Microsoft 365 Compliance and Power Platform Management modules installed.
Install-Module ExchangeOnlineManagement -Scope CurrentUser -Force
Install-Module Microsoft.PowerPlatform.Administration -Scope CurrentUser -Force
Install-Module AzureAD -Scope CurrentUser -Force
2. Connect to Microsoft 365 Compliance Center
Run the following command to authenticate with your Global Administrator or Compliance Administrator account:
Connect-IPPSSession
You are now connected to the Microsoft Compliance Center.
Step 2: List Compliance Policies for Power Platform
To retrieve all compliance policies applied to Power Apps and Power Automate:
Get-DlpCompliancePolicy | Select-Object Name, Description, Mode, Rules
This displays existing Data Loss Prevention (DLP) policies.
Step 3: Create a New Data Loss Prevention (DLP) Policy
To prevent sensitive data from being shared via Power Automate flows, create a DLP policy:
New-DlpCompliancePolicy -Name "PowerPlatform-DLP-Policy" -Mode Enforce -ExchangeLocation All -SharePointLocation All
This enforces a DLP policy across Power Platform.
Step 4: Manage Sensitivity Labels for Power Platform
To list all sensitivity labels applied to Power Apps and Power Automate flows:
Get-Label | Select-Object DisplayName, ContentType
To apply a sensitivity label to a Power App:
Set-Label -Identity "Confidential" -SiteAndGroupSettingsEnabled $true
This ensures Power Apps follow compliance guidelines.
Step 5: Enable Auditing for Power Platform Activities
To enable audit logging for Power Apps, Power Automate, and Power BI:
Set-UnifiedAuditLogRetentionPolicy -Identity "PowerPlatformAudit" -RetentionDuration 365
To retrieve audit logs for Power Platform activities:
Search-UnifiedAuditLog -StartDate (Get-Date).AddDays(-7) -EndDate (Get-Date) -RecordType PowerApps | Export-Csv -Path "C:\PowerPlatform_AuditLogs.csv" -NoTypeInformation
This allows tracking of user activities for security audits.
Step 6: Export Compliance Reports
To export a list of Power Platform security policies for review:
Get-DlpCompliancePolicy | Export-Csv -Path "C:\PowerPlatform_Compliance_Policies.csv" -NoTypeInformation
Use this for compliance audits and reporting.