Power Platform connectors allow apps and flows to integrate with external services. However, unauthorized or misconfigured connectors can pose security risks. Using PowerShell, administrators can list, audit, restrict, and manage connectors to ensure compliance with security policies.
What You’ll Learn:
Connecting to Power Platform using PowerShell
Listing all connectors in an environment
Identifying and restricting high-risk connectors
Auditing connector usage
Managing Data Loss Prevention (DLP) policies for connectors
Step 1: Prerequisites
1. Install Required PowerShell Modules
Before managing connectors, install the necessary PowerShell modules:
Install-Module -Name Microsoft.PowerApps.Administration.PowerShell -Force
Install-Module -Name Microsoft.PowerApps.PowerShell -Force
2. Connect to Power Platform
Authenticate as an administrator to manage connector security:
Add-PowerAppsAccount
Now you can access Power Platform data and security settings.
Step 2: List All Connectors in an Environment
To retrieve a list of all connectors available in your environment:
Get-AdminPowerAppConnector | Select-Object DisplayName, ConnectorId, CreatedTime, IsOnPremises, Category
This command displays:
🔹 Connector Name
🔹 Connector ID
🔹 Creation Date
🔹 On-Premises vs Cloud-based
🔹 Category (Standard/Premium/Custom)
Use this to track all connectors in your organization.
Step 3: Identify and Restrict High-Risk Connectors
Some connectors pose higher security risks, such as:
Social media connectors (Facebook, Twitter)
Unapproved third-party APIs
File-sharing connectors (Google Drive, Dropbox)
To list premium (high-risk) connectors:
Get-AdminPowerAppConnector | Where-Object { $_.Category -eq "Premium" } | Format-Table DisplayName, ConnectorId
To disable a risky connector:
Disable-AdminPowerAppConnector -ConnectorId "CONN-ID"
This prevents unauthorized apps and flows from using risky connectors.
Step 4: Auditing Connector Usage
To list connectors used by Power Apps:
Get-AdminPowerApp | Select-Object DisplayName, AppName, EnvironmentName, ConnectorReferences
To list connectors used by Power Automate flows:
Get-AdminFlow | Select-Object DisplayName, EnvironmentName, CreatedBy, ConnectionReferences
Use this to check if unauthorized apps or flows are using restricted connectors.
Step 5: Managing DLP Policies for Connectors
Data Loss Prevention (DLP) policies control which connectors can be used together.
To list all DLP policies:
Get-AdminDlpPolicy | Select-Object DisplayName, EnvironmentName, CreatedBy, LastModifiedTime
To list connectors restricted by a DLP policy:
Get-AdminDlpPolicyViolation | Select-Object AppName, EnvironmentName, PolicyName, ViolatingConnector
To modify a DLP policy and block a specific connector:
Set-AdminDlpPolicy -PolicyName "Restricted Policy" -BlockedConnectors "CONN-ID"
DLP policies enforce security rules on how connectors interact.
Step 6: Automate Connector Security Reports
To generate a Power Platform connector security report and export it as a CSV file:
$connectorReport = Get-AdminPowerAppConnector | Select-Object DisplayName, ConnectorId, Category, IsOnPremises
$connectorReport | Export-Csv -Path "C:\Reports\ConnectorSecurityReport.csv" -NoTypeInformation
This report helps monitor and audit connector security over time.
Step 7: Schedule Automated Reports
To automate connector security checks daily or weekly, schedule the script using Task Scheduler:
- Open Task Scheduler
- Click Create Basic Task
- Set recurrence to daily or weekly
- Choose Start a Program → PowerShell.exe
- Add script path:
-File "C:\Scripts\ConnectorSecurity.ps1" - Click Finish
Now, Power Platform connector security is automatically monitored.