Power Platform Governance: Create DLP Policy Exception for Apps and Flows

There are always exceptions to the rule and we often experience this when Power Platform data loss prevention policies and apps/flows conflict. No matter how robust your environment/DLP policy strategy is, there will always be an app or flow that doesn't quite fit into your model. In these cases, we have two options:

1. Create a whole new environment or shuffle around your existing DLP policies to make the app/flow fit.
2. Use the new DLP policy exempt resources list

In Power Platform PowerShell, we can now create a list of apps and flows that will be exempted from a DLP policy.

Above: The PowerShell script example for creating an exemption list

Below: Getting my tenant's exemption list for a specified policy. I have one item in my policy's exemption list and the type = Power Apps

Overall, my initial thought here is to use this feature sparingly. Overlapping DLP policies already cause a tangled output of rules. When you add exempt resources from these policies, you add an additional layer of complexity. If you start exempting resources frequently, you should consider either a new environment or a reworking of your existing DLP policies.