Power Automate and PowerApps
This page will list security settings and configurations that is advisable to implement in your environment.
Each environment is different where I believe the below settings are easy to setup and provides a way to get to a more mature security level.
Power Automate and PowerApps DLP
Power Automate and PowerApps both have a data loss/leak prevention functionality which can be implemented when you have Flow or PowerApps Plan 2. You can use connectors in these products to connect to Office 365, Gmail or other third-party connectors. Users can create workflows which sends an email to Gmail after being received in Outlook which are uncontrollable.
An administrator can define “business data only” and “no business data allowed” to prevent users from creating flows and apps that combine connectors from these data groups.
How will this impact my users?
Users are unable to use for example the Outlook connector with the Gmail connector or with any third-party connector.
There is currently no PowerShell command to set this policy