Subscribe
Share
Share
Embed
In this episode of FusionTalk, Anouck and Steve return with a lively and humorous discussion about the long-awaited heating in the studio, setting the stage for their exploration of data leakage protection (DLP) in the Power Platform environment. With a mix of personal anecdotes and professional insights, they reflect on the journey of building a podcasting studio and the challenges of home renovations, all while keeping the atmosphere light and engaging.
The duo dives into the complexities of DLP, discussing its critical role in ensuring that sensitive data remains secure within organizational workflows. They share their thoughts on the misconceptions surrounding DLP, emphasizing that it’s not just about security, but about setting up the right governance to prevent unintentional data leaks. Anouck and Steve also touch on the importance of categorizing data and establishing clear policies that empower users while maintaining control over sensitive information.
Listeners will benefit from their insights into the practicalities of implementing DLP, including the need for regular updates and monitoring to keep pace with the rapidly evolving landscape of connectors and triggers in Power Platform. The conversation also highlights the balance between encouraging innovation and enforcing necessary restrictions to safeguard company data.
- The Journey of Building a Podcast Studio
- Understanding Data Leakage Protection (DLP)
- The Role of Governance in Power Platform
- Importance of Categorizing and Monitoring Data
- Encouraging Innovation While Maintaining Control
- Upcoming Presentation Insights from Tunisia
- Understanding Data Leakage Protection (DLP)
- The Role of Governance in Power Platform
- Importance of Categorizing and Monitoring Data
- Encouraging Innovation While Maintaining Control
- Upcoming Presentation Insights from Tunisia
Join Anouck and Steve for this engaging episode filled with laughter, insights, and a shared passion for technology as they navigate the intricate world of data protection in the Power Platform.
Creators and Guests
What is FusionTalk?
FusionTalk is a dynamic podcast where technology, collaboration, and innovation come to life! Hosted by Anouck Fierens, a Microsoft 365 & Power Platform expert, and Steve Dalby, a SharePoint & Teams specialist with a knack for humor, each episode delivers fresh insights, real-world stories, and engaging discussions with industry leaders.
🚀 Topics include:
✅ Modern workplace & collaboration strategies
✅ Practical case studies & expert insights
Join FusionTalk and discover how to work smarter, faster, and more efficiently in today’s tech-driven world! 🎧 #FusionTalk #TechPodcast #Collaboration
Anouk: Welcome m to fusion talk with anouk and steve.
Steve: Yes, we are back.
Anouk: We're back.
Steve: Yeah.
Anouk: You cold?
Steve: No, I'm not cold.
Anouk: Not cold because after nine months, the heating is in the studio.
Steve: Yes, finally. You mentioned to find some time to put in the cables.
Anouk: Yes, yes, I've been doing it for the last four hours. I got heating. I got heating. Ah. Who wants anything more? I'm happy now.
Steve: Maybe I can see people can't see your face. I should have recorded that and put that video on socials.
Anouk: So for those of you that do or don't know, I kind of moved into Antwerp in Belgium, 18 months ago. Yes, it would be about 18 months ago.
Steve: That long ago already?
Anouk: It is, yes, 18 months ago. so. And of course it needed a huge amount of work doing. The first thing it did was build this studio because podcasting was the thing. So we have a soundproof room and you can't.
Steve: Did you build the studio for podcasting or for the big screen that you have over there?
Anouk: podcasting with a side hobby of TV room. Yes. And projector. So, so, so yeah, did all of that. But the house needed new windows, new roof, new heating and everything else. And then I took a load of walls out and turned it into a building site. But today the final heating was added 18 months later. I only ever thought about it in the winter and I went through last winter. So yes. So the studio is now warm.
Steve: You had those mobile heaters all over the place.
Anouk: Yeah. And the bills to actually, prove it as well. So hopefully this won't be slightly more efficient. But it's a super cool system. It's a brand new system. It's not something that you see very often, but it's, it is really very neat. Yeah, very nice. All, right, so anyway, we're warm.
Steve: Yes, we are actually.
Anouk: We're hot, baby. Hot. Because we're going to talk about dlp. Yes. I'm a bit lively today.
Steve: A little bit. Extremely.
Anouk: Well, we've got some cool stuff to do. We're sitting here recording a podcast, which is kind of, you know, close to our favorite thing to do together. other than working, other than designing new applications, other than creating events that don't run, and things like that and eating awesome food together. What else do we do? And then we're going to go and see the Christmasy special exhibition lights at the zoo this evening.
Anouk: So we're going to see, all of the Chinese light show. So yeah, it's good day and I got Heating in. Did I tell you I got heating in hot, baby boy.
Steve: It's going to be an exhausting moment.
Anouk: So we're going to continue on with possibly the last podcast around our presentation, which was.
Steve: Yeah, but we will do that presentation, again very soon in Tunisia.
Anouk: In Tunisia. Next week.
Steve: Next week?
Anouk: Yeah, next week in Tunisia. Okay, cool.
Steve: The 18th or 19th of.
Anouk: Yeah, that's the date of the event, so check it out. If you're going to Tunisia, guys, then great. we will look forward to that seeing you then. and now we're basically going to talk about sort of data leakage in the power platform environment.
Steve: Yes.
Anouk: Of which I'm an expert, so ask me anything you like.
Steve: Do you know what it means in that power platform?
Anouk: I told you I'm an expert. But I keep telling Moraine. Do you know the definition of an expert?
Steve: You know how to find a solution?
Anouk: No.
Steve: Or you know how to find the answer?
Anouk: No.
Steve: You know people who knows the answer?
Anouk: No.
Steve: No. That I don't know.
Anouk: X is an unknown quantity and a spurt is a drip under pressure. Yeah, I know. It's funny. It's funny. It's good. So, anyway, we're going to talk about that because. Because. Why not?
Steve: Because I recently, started building apps for a few of my customers and I noticed that they didn't do anything about it in their environments. So people are not aware of it, don't know it exists, or don't know what they can do?
Anouk: No. And during the session next week, we really deep dive into what people are doing, and we really have a good workshop conversation with everybody, and basically sort of identify, strengths and weaknesses. Because at the end of the day, you don't want to put handcuffs on people so that they have to try and pick a coffee cup up with one hand.
Steve: Maybe you do want to do them.
Anouk: But that's another thing. Yes, all right, I like that. Maybe I do. Nice. but you don't want to basically hold them back from being able to do some of the normal things in life, but you do want to be able to control them so that, you know, basically they're controlled in a nice governance way that supports the business.
Steve: Yes, indeed. and because it's all about security.
Anouk: no, it's not all about security. It's not all about security at all. I thought this woman was clever and intelligent, and then she comes out with, it's all about security. I don't know. How do I say it? Anyway, it's not really about security. security for me, is you either have a key to the door or you don't.
Steve: Yes.
Anouk: Data leakage protection is I have a key for the door and oh, stupid of me. I left it open or I left it unlocked and nobody noticed until somebody walked in and stole something.
Steve: Yes.
Anouk: So that's about data leakage protection. So data leakage protection is like the burglar alarm on the room. So I have a burglar alarm system in the house here. M. And it sits there most of the time doing absolutely nothing.
Steve: That's a good thing.
Anouk: Until I forget to lock the door and somebody walks in who's not supposed to be in and the alarm goes off or the camera records them or does whatever. To me that's dlp. Okay, that make sense?
Steve: It makes sense.
Anouk: Yes, it does. Because basically you're setting a series of rules or policies that will only kick in when somebody makes an error, as opposed when somebody intentionally tries to break in or get past your security. So a bit like emailing a confidential document that shouldn't be emailed out with the right DLP and security policy around labels or whatever, however you tag it, then it will not happen because it says, no, you're not allowed to. I really wish it would be so cool if we could do voice errors on, on these applications.
Steve: Don't go there.
Anouk: Oh, it would be. So this is a great podcast in its own right. One of my favorite things is my headphones that I use at, work, which I believe are, yealink. I think so. And I'm having, I've got them on and I'm listening to a bit of music because, you know, I'm focused on something. And then it says, you have an incoming call from Nick Tiarts. And it tells me that there's a call coming in in teams.
Steve: Yes, but there's something not right in your sentence.
Anouk: Okay, tell me what's not right in my sentence.
Steve: You focusing on just one thing. It can't be possible.
Anouk: That is quite possibly true. Yes. I do tend to jump around and have five or six balls in the air at the same time. But the fact that headphones comes, I think it's so, so cool. So imagine sending an email off instead of a little pop up window that kind of says this is a confidential document in your company's policies. Say it says, hey, stupid, there's some rules around this and you're not allowed to do it.
Steve: Yes, but what if people don't have their Soundtown on or not having, headphones on. how can they know then because.
Anouk: You still get the boring pop up.
Steve: Okay.
Anouk: And anyway, when was the last time you was in an office and people didn't have headphones, on?
Steve: Ah, I sometimes have no headphones on when I'm in the office.
Anouk: That's you. Because you focus on coding, powerapping.
Steve: And because I'm able to block the noises around me when I'm focused.
Anouk: Yeah. So annoying. No, I couldn't believe. Because we've. We've been working in the house today on and off doing various projects and we've had builders in and heating people in, or I've had builders in heat, but we've been able to deal with them. and you just sit there quite happily working away and there's a freaking saw cutting a piece of wood. 25.
Steve: Didn't notice.
Anouk: I know, it's amazing.
Steve: I was focused on my job. I didn't notice that it was happening.
Anouk: Brain says, oh, how can I turn that noise into a piece of music? You know, really weird. I am weird. I AM Weird. Anyway. PowerApps.
Steve: Yes.
Anouk: So data leakage protection for me is about, And the ancuffs are a bad example. But it's not about the ancuffs.
Steve: No. It's about, securing that the rules you set up or the security that you set up is going to be followed.
Anouk: Yeah. And it only gets followed under certain conditions, whereas security is hard and fast. You can do that. You can't do that. You can go there. You can't go there.
Steve: Yeah.
Anouk: Whereas, DLP rules are about, this document. I'm going to email that document out and DLP would kick in and say, what kind of document is it? Do I have any governance rules around that or what do I need to implement?
Steve: True.
Anouk: And in a power platform environment, it's very much similar. Something's going to trigger something. And that trigger may well be to kick off a workflow. and then, the trigger at some point will then look at what you're about to do and make sure that it's within the rules and governance. And what we want to do is to talk about really the kinds of things you will set up to make sure that you are allowing people to be as flexible and as powerful and to use the tools to get real value from them, but in a protected way.
Steve: Yes. the first thing I think people need to know is even if you already have a power platform environment or working with power automate flows or power apps, you can still turn it on. Maybe something is broken and Stopped working. But you can still turn it on. But then you are able to fix things.
Anouk: Yeah, but depending upon what you're doing, it is true. You have to. There are certain things you have to worry about. Not so it's not specifically within dlp, but for example, if you set a rule that says, okay, I've decided that any document that's over three years old, I'm just going to start archiving them and then after a year of archive, I'm going to delete it. Then you set that rule up and it will then go and sort through all of your current content. And if any document is over three years old, it will apply the rule.
Steve: Yes.
Anouk: And of course you could. And once you've run those rules, it's dead. And. And you can't go. But anyway, we're talking about documents which DLP and our platform governance are easy compared to power platform.
Steve: Yes.
Anouk: Because everything is so fluid and flexible and actionable in the power platform.
Steve: That's one. And it's still so fast changing.
Anouk: Yeah.
Steve: one of the things people do the most with the DLP is telling to environments which trigger they can have and can't have in their environment. Like an example, you build an app that is for your entire organization that's business critical. You don't want people to use the Twitter, connector in there unless it's.
Anouk: A social media app.
Steve: Depends. But yeah, but you don't want maybe that trigger in there or that connector in there. So. So you can block it. But because there are coming so many triggers and connectors every single day, you need to be aware that you can stay up to date with it.
Anouk: I can't remember the number now, but I know, I think about 18 months, two years ago, it was like 1800 connectors that you could choose from.
Steve: Let's see how many connectors there are.
Anouk: Okay, here we go. She's focused again now. So she's not listening to a word I'm saying. She's got a phone in her hand. She's sitting there looking to find out how many connectors are. I, could have just asked Holly and got the answer by now. And the answer is it's not even.
Steve: Giving me an answer in here.
Anouk: The number is so huge.
Steve: All right, ask Ollie.
Anouk: That would mean I need to have my phone with me.
Steve: All right, then I will ask ChatGPT.
Anouk: Cop out your chat. GPT has also got a name.
Steve: True. Amy.
Anouk: Amy. And why Amy? Hello, Amy. How many connectors are there on Power Platform?
Steve: Yep, he's searching. It doesn't give me a correct number. Has over thousand connectors available. Yes. But the exact number, it's.
Anouk: There are. There are numerous ones.
Steve: Yeah. And it's changing so fast. And, I think that's also. If you start DLP and blocking connectors, you need to update regularly and check regularly to be sure that it's still with the guides that you set up and still following it.
Anouk: Yes and no.
Steve: You don't agree?
Anouk: No, I do agree, but I think that there are different techniques. So one of the things, depending on where you're at. but one of them is, I'm going to ban all connectors except those in the allowed list. And then it doesn't matter if new ones turn up. Unless they're in the allowed list, they'll never actually be available for people to use.
Steve: True. But some of the noose can be something you would like to allow.
Anouk: Yes, but then it's a positive action. You're not suddenly ending up with a connector on there that, is causing, you a problem.
Steve: True.
Anouk: So it's there for a purpose. And here's the really interesting cool thing about all of this stuff. You're basically going to create an environment. And we've talked about environments before. Okay. so you have a default environment, which is set up in a certain kind of way. and you've just yawned, which means that I'm going to yawn as well.
Steve: I'm sorry.
Anouk: I know. That's okay. and so that default environment doesn't have any connectors to it. Well, it does, actually. It has one or two of the Microsoft ones set up, but not so many. So then you decide, I'm going to set a new environment up for something. But you've got so many options to choose from. You can't just sit there and go, hey, I'm going to create a new document library. Click, click, click. Done. You really have to think about what your, security posture is going to be for that particular power application.
Steve: Yes. And that's a big job to do.
Anouk: It is not easy. I accept that. On M M365 distilled, we had a podcast about 100 episodes ago called where we looked at baseline governance. And ideally you should have a baseline governance set up for your environment so that you can do it quickly. Hey, baseline governance is no connectors, except for outlook, except for SharePoint, except for Dynamics, if you're a sales organization and you say, that is our baseline. And our baseline is two owners. and, only Active, directory group access. So it's not fully open to everybody. That might be your baseline and then you can script that. So somebody says, hey, I need a new environment or I need to build a new application. You go bang, bang, boom. There's your baseline in place and then you can customize it on top of that. or of course you can then spend several weeks working on a more solid governance plan default template, which might include a lot more. Like you might include applications that you know you have in your organization. You might decide it needs to have a database attached to it or it needs to have purview for control of something or it needs to. You can decide what that posture is. But rather than delaying the rollout of power platform, come up with something simple and safe that you can customize per environment.
Steve: Yes. And then it gives you time to. It gives people the chance to get started and to do the basic things they would like to start doing.
Anouk: Yes, I agree entirely. So you do need to be able to get started. Why are we yawning here? Because it's the end of a long day.
Steve: It's the heating.
Anouk: It's the heating. Because it's all cuddly and warm. so maybe we should build a scenario. So let's say this is. I'm going to test you now. Of course, what I'm doing is helping you pass the exam this time. That was subtle, wasn't it? Now everybody's going, oh, what exam did you fail actually? That must have been frustrating to heck.
Steve: Two points, two points short.
Anouk: Oh, well. But yeah. So I know you're gonna go and do that again.
Steve: I didn't study for it. Or I almost didn't study for it.
Anouk: There's the ego again. I knew it was going to come out, but I wondered how.
Steve: No, no, no.
Anouk: it was a test.
Steve: Yeah. It was just for me to know what I need to type divid into and that I know now.
Anouk: So yeah, no, that's good. Sorry, I couldn't resist it. It flew into my head and went, oh, I'm gonna go there.
Steve: You know you get that back once.
Anouk: Yeah, it's worry I won't know when, but it will be there one day. Okay. So, yes. So testing you there. So let's assume, it decide they are going to putting a bit of governance around this and data leakage protection. so they are going to. They want to be able to allow people to create power apps and power flows, with access to Microsoft only components. but also they want to be able to potentially, create API calls into some kind of Microsoft Resource or.
Steve: Company resource, Graph API for example.
Anouk: But exactly something like that. How do you go about building it and what components typically would you want to configure in your environment? I know, it's a tough one. I'm not. I mean, we'll probably both work on it eventually.
Steve: Yeah, yeah, of course you will allow all of the, needed Microsoft components and connectors.
Anouk: Yeah.
Steve: To get started. And then there is also an API call connector. But then you are creating your custom connectors, so you need to allow the custom connectors as well so that you can do API calls.
Anouk: But for example, if you're running a system, a production system for your environment, you would want to be able to do something like that and allow people to use it.
Steve: Yes, allow, people to use it. Maybe not everyone to create it.
Anouk: No, I know, but you're going into dev mode again. You did this earlier, before we started. You're instantly jumping to some conclusions. We're not going to let people create their own API, otherwise you don't have any governance.
Steve: Yeah, but that's the thing. I'm not sure if you allow Graph API connectors or allow, the connector to create your custom connectors and custom API calls. I'm not sure if you can then, block off Allow Graph and block off other ones.
Anouk: Okay, I don't think we're down here to do a technical discussion. I do understand that. But your governance will describe what you want to allow them to do and nothing more and nothing less. So then you're going to go and find out what is actually and what isn't possible. But I'm, fairly soon that if you put an API call into Graph, or if you put a connector into Graph, you're going to have to put a bunch of variables in to get the input out. The context of that variable call is going to be based upon the account you have, which again is also part of the governance. So that account would not be allowed access to confidential, sensitive, private information. So then you're protecting that workflow from using anything that the user using that workflow is not allowed to or the account using that workflow is not allowed to. So a lot of that is already built into place through Compliance center and that kind of stuff.
Steve: Yeah, but people need to think about it and find a way to implement it.
Anouk: But that's, I think, the point. If you have a solid baseline governance kind of process, people don't need to make that decision. You're saying, hey, you can create a workflow, this is what you can do, this is what you can't do. So you can never do a workflow which actually uses information that's tagged as confidential or sensitive. It's the rule. Now if you do have to build a workflow that wants to, then there's a different set of governance around it, but that takes more time. So hey, this can only be accessed or created by HR people where you have normal access to sensitive or this, this workflow, or power app or whatever is specifically for C level individuals to discuss strategic goals and objectives for 2029 and 202032 or whatever. So then you can open up those things. but for general people, you obviously don't have access.
Steve: Yes.
Anouk: Now the reason that you might not do that is shadow it.
Steve: Indeed, it depends on what, you mean with shadow it? If your company agrees that people use retransfer is it then shadow agree? Shadow it?
Anouk: No.
Steve: So I think that's a definition that.
Anouk: Needs to be, that's easy definition. Shadow it is when end users do something that you don't want them to do and they find a way.
Steve: They will always find a way.
Anouk: Yes. So then what you need to be able to do is to give them.
Steve: The right set of tools in the environment, in the space that you want to give them.
Anouk: I don't think it's about tools. You want to give them an environment where you encourage them to work within a set of variables. So for example, I know an organization very close to my heart, that doesn't really have a governance for power platform or power apps or flows. but we have a number of key users that find a way. And because we don't have a governance or process to, allow them access to corporate data, they just run a report in Excel, load Excel onto their file share or their OneDrive, and then they use that file to connect in the power platform. And that's what they do. because they find a way, because there is no encouraging way of allowing them to work.
Steve: Is it in Shadow It?
Anouk: Yes, absolutely. Shadow it is where the user base gets around your rules and regulations to do what you had not planned for them to do. The bastards.
Steve: Not planned or not thought about?
Anouk: No. The thing is, we're in a different IT era than we were 20 years ago when you were just a little snippet of a young girl running around in the playground. But at that point it was, it was so much more easier and it was new. I mean when you interviewed people 20 years ago, you said things like, do you use Ms. Word? Do you. Have you created a PowerPoint? Do you know what email is? Well, maybe 20 years is a bit too small, but maybe 30. Whatever. But it was a question you asked at interviews because you didn't suddenly want to have to train people on how to do some basic stuff on computers. Now, of course they already know that stuff and they want to use it to save them time and everything else. And with Copilot, it's even potentially more of a risk. So you want to be able to give them the environment that they can work within and they're encouraged to innovate. And if they're encouraged to innovate, then they're basically encouraged to research and find out what it is they.
Steve: Yes, and they will find it out and they will find their way. And then, maybe you need to have other guidelines or other set of rules when you figure out what they are doing.
Anouk: Maybe that is true, but m. Just.
Steve: To have a conversation with people can help and can make sure that you find the right information.
Anouk: We need a gap.
Steve: We need a gap. So I need to keep on talking because you need, you need to say goodbye to somebody. Ah, somebody was at the door. So, yes, while he is, going to see who's at the door. DLP is one thing to set up, in Power platform I think we need to do. A lot of organizations don't have it yet. You can ruin apps and flows when you set it up, but that can be a good sign as well because it can give you more security and it can give you more protection about your sensitive data or your business. Data is getting out. I'm guessing he's almost back. He's on his way again. I've been talking a while. Yes.
Anouk: Oh, excellent.
Steve: You need to listen to it.
Anouk: I will. When I mix it down later, I will absolutely do that. But now this is where you've sat there and said things about me, haven't you?
Steve: I wouldn't there you.
Anouk: Would you. Would you sit there and go, hey, he doesn't know this, but when he listens to this. In a minute. yeah, that would be too obvious a thing for you to miss Big T's.
Steve: Yes.
Anouk: So, first of all, it's a little earlier than we would normally record, so people are wandering past, but we've had people going down the road scratching the cars, so the police did everything. And a gentleman that parks his car, a neighbor parks his car here. He's got a Flat tire. So he's trying to find out whether or not, it was vandalism or not. So of course he knows I've got the camera.
Steve: Oh, yeah.
Anouk: So I will need to go searching through those and find out whether that's the case.
Steve: Good luck.
Anouk: Yes. It's a bit slow, but there you go. So what did you say then? So what did I miss?
Steve: Listen to the recording.
Anouk: Oh, okay, that's fine. So we can go on to a different question then.
Steve: Yes.
Anouk: All right. It's another one then. around this. Is it worth the money of putting the time and resources in to create governance?
Steve: Yes.
Anouk: Why?
Steve: it's protecting your own data and your users. Maybe if you left everything open, there's much more risk that sensitive data or other data is getting out there that you don't want.
Anouk: So let's assume that, we take 50 companies that are actively working in the Microsoft workspace. How many of them have a power apps governance policy?
Steve: I hope all 50.
Anouk: Reality check. How many customers do you have? 10.
Steve: Something like that.
Anouk: How many of them have got active governance on PowerApps? 9. 9. So the one you mentioned earlier happened to be the one that doesn't have a governance. I don't believe.
Steve: No. Really? Nine.
Anouk: I don't believe you. I really, really don't.
Steve: They do then.
Anouk: You're weird. You pick. You obviously pick only special customers.
Steve: No, they just do very much with the power platform and they want to protect everything.
Anouk: So what sort of governance? Nicely documented, fully updated, assessed.
Steve: A SharePoint site that is going as reviewed every six. Wow.
Anouk: I am truly amazed. Truly, truly amazed.
Steve: And some of them, it's not a SharePoint site, but it's a document that is reviewed every year as well. So it's going, it's up to date.
Anouk: So they have processes for creating new environments. Wow. Blown away. Do Those people have SharePoint governance as well?
Steve: Yes.
Anouk: Wow. Do you actually interview these customers before you decide to work for them?
Steve: I, have a conversation with them about what they want to do and, where I can help. But I don't ask that special specific, you know.
Anouk: So here's the thing. Why are we then talking about this? Because it seems to be the normal.
Steve: It seems to be with my customers. Yes, but even then there are still a lot of other places where you don't see it.
Anouk: But 90% of your customers have got it.
Steve: They do.
Anouk: You can understand why I'm skeptical about this, can't you? It is truly amazing. Well done.
Steve: It's rare. It's rare. I know, because at a lot of places you don't see it.
Anouk: So do they all have sensitivity labels enabled?
Steve: one of them is rolling it out at the moment.
Anouk: Ah. So actually then, am I about to say a statement that's true or not? I don't know whether I want to say this or not. I don't think I want to do I want to ask a different question then. So for those other 8 out of 10.
Anouk: What does their governance entail?
Steve: they have to set up of rules and processes for environment creation. dlp, how they need to configure it and which environment they can have what they have.
Anouk: you got to stop saying dlp because it's not dlp. If these companies don't have sensitivity labels or their content clarified about, then it's not dlp. I think that power platform have just stolen the word. But it's not dlp.
Steve: But that's the only. Or that's the term in the power platform.
Anouk: Yeah, they stole it.
Steve: But you don't want to confuse our listeners.
Anouk: Yeah, but they're going to get confused anyway. That's what I'm trying to avoid. Data leakage protection and connectors. get the connection. It's not the same. It is confusing, but so going. Yeah. This is such a complex thing and as you start to think it through, I suddenly.
Steve: Ye.
Anouk: Yeah, but I don't. Oh, no, no, that would make sense. No, no, actually I get that. That would make sense too. Yeah.
Steve: All right.
Anouk: No, I give in. I like it. I am now slightly, blown away by this. Blown away, that is because DLP has to, on its basis say this is the content I can share and this is the content I can't share.
Steve: Yeah.
Anouk: So if you have not tagged that content or identified that content, then you're leakage protection.
Steve: That's based on the content.
Anouk: But of course it's all based on content.
Steve: In the power platform, they say you try to get content somewhere but you're not allowed to get it from there.
Anouk: That's not data leakage protection. It's not data leakage protection. You're talking about incoming data or an outgoing.
Steve: So you try to go to Twitter to get information in there and you want to store that in a document. You are not allowed to get your information in Twitter, so you're not storing it in the document. But what you also can't do is you have a document and you want to have some information in it and you want to send it to Twitter. You're not allowed to send that information to Twitter either.
Anouk: Still not data leakage protection. the reason I'm saying it can't be because you're basically saying you are not allowed to create a tweet from a workflow.
Steve: Yes.
Anouk: So that's not data leakage protection, it's a restriction on your access. Data leakage protection, actually by its own default, says this data can be shared, this data cannot be shared, and my data leaker protection will make sure that that data is not shared. by policy. This is in the policy, this is outside the policy. But without some classification on your data, then you can never work out whether it can be or cannot be leaked. So we're talking about two different things. I think we're talking about power. PowerApps governance at the baseline level. So hey, we're not allowing people to read Twitter, into our network, which I think is silly, but that's fine. But, but that's just me because I don't see what. It's public knowledge, so why would you not want to bring it in? And it's text, so it's not like it's gonna have a virus in it or anything. But it's all right. You may be that you don't want to flurry the network, but, and that's just a set of governance rules about, you know, we don't want people collecting a lot of data and putting it where we want. That's a choice.
Steve: But maybe Twitter is not the right example. Find a different one then connecting with SAP.
Anouk: Complaining with what?
Steve: Connecting with an S. With, SAP system. So you want to all connect your M3.6 environment with SAP, but you're not allowed to get information from SAP or send back to SAP.
Anouk: But that's about master data. That's not about data leakage protection because one assumes that, you have good security on your SAP systems, so you just want to make that data pure and keep it clean. That's okay. I'm not suggesting for one second, by the way, that you're wrong, but I.
Steve: Just think you don't understand the name, why they use.
Anouk: Yeah, it seems that the terms. It's saying so many different things to me.
Steve: Yep.
Anouk: But that doesn't take anything away here. So ignore DLP for the time being as a term. But let's just talk about the fact that what we want is our users to be able to work safely in power platform doing things that they want to do with their permissions of content they're allowed to do it with.
Steve: Yep.
Anouk: And move IT around and do whatever they want to do with it to support some process within the business.
Steve: Yes.
Anouk: and we don't want them to have a free for all to connect to anything or everything else. And that's really what our governance is supposed to do?
Steve: Yes.
Anouk: And that's what our policy would define.
Steve: Yes.
Anouk: And then the processes we build from that policy will be the rules that we stick into play.
Steve: Yes. Cool.
Anouk: It's easy then, isn't it? Told you it was easy. No, I think that, the really difficult bit is, is managing it and actually the processes around it a bit like the onboarding off boarding. Oh, it's easy. Somebody comes in the company, you're giving them account, blah, blah, blah, they leave the company, you take it all away, yet it gets chaotic and never works smoothly because of all the areas it is.
Steve: And also, every environment can have different kind of sets of rules and regulations and it's not for all of your environments the same.
Anouk: Agreed. But one assumes that if somebody says, I am going to build a power app that is going to take information from SAP and it's then just going to filter out the information around this product and then it's just going to give us a list of any product that's been reported as a fault so that we can start a category on that product. So then that environment, you would say, I need an environment that will give me access to SAP. Yes, but it's part of a small process. You might have a hundred different kinds of governance environments, but you just choose the one you want. Very good. That's easy then. So we've sorted that out. So how do you know that somebody is not abusing that situation? So, for example, John Smith says, I want to be able to get some SAP data and I want to put it into an Excel spreadsheet and then I want to be able to send it to my client. And so we don't allow that by definition that you're not allowed to repurpose data into something else just so that you can forward it on an email.
Steve: Yeah.
Anouk: So they, they request a governance environment that has access to SAP, and then you just say, there you go, off you go. And so that person is now able to do whatever he wants. So he can now set up a workflow that basically says, run this query on SAP, bring that these results, stick it into the spreadsheet and email that spreadsheet to this account. Yes, but everything so far has been done to satisfy your governance is not wrong. Unless you're in some way Monitoring and.
Steve: Realizing people are doing m. Yeah. So there are tools to monitor it, and to check things regularly. They are quite new, but yeah, you always need to have somebody that is doing checks and see what people are doing to keep control. If you want that. Or, you maybe just want to give them some more freedom, your users to. And hope they use sensitivity labels the way they should, use them.
Anouk: Yeah.
Steve: I mean, what is blocking them, sending them out the information.
Anouk: But we don't want anybody to be able to have free for all to do what they want. We have to have restrictions due to why you have so many different governance policies. In this particular case, DLP type rules sensitive Content Compliance center would stop them taking that data from SAP.
Steve: Yep.
Anouk: but if you don't have those compliance rules in place, basic governance won't stop them doing it.
Steve: No.
Anouk: Which basically means somebody has to approve that workflow. I suppose. I don't know. It's a great question.
Steve: It is a great question. I need to think about it as well. Maybe something we need to work out, by next week.
Anouk: when we go to Tunisia and we do the next presentation. Yes. I should dig out those slides and go through them. It's not the circus one, is it? No, the circus.
Steve: No. This one is the one with the heels and the bike.
Anouk: Oh, heels on the bike. Yes, I remember. I remember this very well. Yes. And the playground. Yep. All right, Good, good. The 10 rules for setting up your basic governance governance bin should be at 150 rules. Now, we've done three podcasts.
Steve: you can have so many rules, you can have so many changes in it. So.
Anouk: You'Re right. But there has to be a way of reducing that down.
Steve: It's the same thing like in SharePoint. So many years ago, if you had governance around SharePoint, there were so many rules as well. Yeah.
Anouk: But what you could basically do with that is work out what the site was going to be used for and then adjust the sites accordingly. So I'm guessing you could do the same thing with an environment, with the flow. What's the flow for? What's its purpose, and then set up the environment for it. It's still a recipe for disaster. Still something that you need to try and work out. Still the rules you need to put into play. But that's the whole point of it.
Steve: That's the whole point of covenants, I'm guessing.
Anouk: Yeah, I agree entirely. All right, well, anyway, guys, if you want to hear more, then come, to Tunisia next week.
Steve: Yep.
Anouk: to collab days Tunisia Days, whatever they renamed it to ea. You can come and challenge us. AI. It's just AI.
Steve: Is it AI Conference Tunisia or something like that?
Anouk: Okay, dead collab days on this page you showed me today when we were looking at the lineup.
Steve: Can be.
Anouk: Yeah, that's true. So we'll work really, really hard when we're in Tunisia for about two hours. And the rest of the time it's going to be sunshine and play and rain and a trip in the desert.
Steve: Maybe for you. Yeah, but not for me.
Anouk: Why?
Steve: On Wednesday, I have a meeting of three hours.
Anouk: And on Thursday, that's a work day. We know we're working remotely.
Steve: And, Thursday morning I have a meeting of one and a half hours.
Anouk: Are you actually trying to make me feel sorry for you? Just a second.
Steve: No, I wouldn't dare.
Anouk: You have got meetings on Thursday. That's against the rules.
Steve: Why?
Anouk: Because it is.
Steve: Why?
Anouk: I'm not going to go into it. I'll slap you about it later.
Steve: I will sit there in my room doing my meeting while the conferences are going on downstairs, and I will come downstairs when my meeting is done.
Anouk: Fine. That's fine. So there'll be no preparing on Friday. Thursday then. For our session.
Steve: We will be ready. We have done this together before.
Anouk: You say this all, right. You're always so confidence. Oh, doesn't matter. So, anyway, she'll be, working, and I guess I'll be having a nice long breakfast and sitting at the bar and, and enjoying myself. Might even have my swimming trunks on.
Steve: Sitting in the bar? In the water?
Anouk: Yes. They should have a bar with a swimming pool around it.
Steve: There is.
Anouk: That's fine. That's where I'll be while you're working. All right, guys, look, this has been a bit hit or miss. we accept that because it is such a huge, complicated subject.
Steve: It is.
Anouk: And maybe we should have tried to break it down a little bit. but there's a couple of three things I think we've said that are important. one is DLP requires you to categorize your data. You need to know what you can work with and what you're restricted to work with. And you also then need to be able to work out which roles in the organization can get to the more sensitive data. You need to know that. Then, of course, you can work out what you want people to be able to do. That's the other criteria you need to decide, can anybody create any workflow anywhere, any place or whatever, and then again, apply those policies, processes around that, and then monitoring, I guess, making sure that people are not abusing your great governance definitions for the wrong purpose.
Steve: Maybe that's a session that we need to create. How to monitor your Microsoft 365 power platform.
Anouk: I think that's a good one. Yes, I'll do that while I'm relaxing in the swimming pool. When you're working on Thursday, I'll have the agenda set up by lunchtime.
Steve: I will have a lot of questions afterwards then. Can we do this? Can we do that? Where do we do that?
Anouk: Yep, exactly. I look forward to those questions. All right, cool. Well, have fun. I'm guessing this will be the last one from us before Christmas.
Steve: Yes, I think so.
Anouk: So we wish all listeners, all 73,000 of you, the most fun over the holiday period. And, absolutely the best for 2027.
Steve: 2026.
Anouk: No, I was wishing for the whole year and 2027. And I was, funny enough, I was about to say, isn't it amazing how quickly this year has gone? And I'm already wishing 2026 away. But, yes, 2026. But no, it has gone quick. All of a sudden, Christmas is here again. But that's okay. All part of family. But now I have heating.
Steve: Yeah, you do.
Anouk: I do. All, right, guys, I'm gonna go and play with my heating. Bye for now.
Steve: All right. Merry Christmas, everyone.