#Policies

In EnPower, you can define policies and apply them to your cloud resources to monitor their compliance and ensure any violations can be detected and reported or fixed in time.

Currently, you can create policies to apply to Power Platform environments to restrict the DLP policy setting, the flow action settings, and the security group settings of an environment.

To create an EnPower policy, complete the following steps:

1. On the Policies page, click Create to go to the Create policy page.

2. Complete the basic settings of the policy, including:

   • Name – Enter the name of the policy.

   • Description – Enter the description for the policy.

   • Tenant – Select the tenant that the policy belongs to. You can only apply the policy to environments in the same tenant.

   • Settings to monitor – Select the settings in the environments that you want to monitor with this policy. You can select from the DLP policy setting, the Flow action settings, and the Security group settings. The configuration for the selected settings can be completed in the following steps.

3. Configure the DLP policy settings if selected. You can select the DLP policy that must be applied to environments applied with this policy.

   Select Send email notifications of the violations to enable automatic notification when a DLP policy violation is detected. After the selection, you will also be able to select an email template to specify the notification recipients.

4. Configure the flow action settings if selected. This configuration monitors the actions of flows in the environments. You can configure the following fields:

   • Select Only allow or Do not allow – If Only allow is selected, the specified actions in this policy will be the only allowed actions in the environment. If Do not allow is selected, the specified actions in this policy will be the actions that are not allowed to be added to the environment.

   • Add actions – Click Add to add actions under specific connection types that are allowed or not allowed in the environment.

     You can also manually add connections to include relevant actions. Click Manually add connections to include actions and enter the connection type and action to specify the actions to restrict.

   • Select Send email notifications of the violations to enable the automatic notification when an out-of-policy flow is detected in the environment. After the selection, you will also be able to select email template that specifies the notification recipients.

5. Configure the security group settings if selected. This configuration monitors the security group member in the environment. You can configure the following fields:

   • Select Only allow or Do not allow – If Only allow is selected, only the specified users can be added to the security group of the environment. If Do not allow is selected, violations will be reported if specified users are added to the security group of the environment.

   • Select users – You can select specific users to monitor. Or you can configure users who meet specific conditions to monitor.

     • Select Users who meet the configured conditions, and then you will be able to add and configure the conditions. The available conditions include Department, Company name, City, and Country or region.

     • Select Specified users, and you will be able to specify users to be added to this policy.

   • Select Send email notifications of the violations to enable the automatic notification when an out-of-policy security group member is detected in the environment. After the selection, you will also be able to select email template that specifies the notification recipients.

6. Click Save to save the policy.

For more information on applying EnPower policies to Power Platform environments and viewing or fixing the detected violations, refer to Environments.

Refer to the following table for details on the supported environment settings to monitor in EnPower policies, along with their available violation fixing actions.