![Power Platform admin center – Advanced connector policies [MC1403390]](https://mwpro.co.uk/wp-content/uploads/2025/06/steel-4856024_1920-1024x683.webp "Power Platform admin center – Advanced connector policies [MC1403390] 1")
We are announcing the ability to use advanced connector policies (ACP) to govern which connectors, connector actions, and Model Context Protocol (MCP) servers are permitted across your environments in Power Platform admin center. This feature reached general availability on June 4, 2026.
How does this affect me?
ACP replaces the Business/Non-Business/Blocked classification model of classic data loss prevention (DLP) policies with a single default-deny allowlist, and is off by default until explicitly activated by an administrator. ACP currently applies to certified connectors only (including MCP connectors); continue using DLP policies for custom connectors. This feature includes the following capabilities:
- Default-deny allowlist: All certified connectors and actions are blocked unless explicitly added. New connectors are blocked by default until an administrator reviews and allows them. Business and non-business classifications have been removed for connectors and actions to improve clarity.
- Design-time and runtime enforcement: Makers now get immediate feedback while authoring an app, flow, or agent, not only at runtime when data is changing. Makers are blocked from adding restricted connectors or actions while authoring, and the platform performs a last-mile check at runtime.
- Govern AI tools: Admins can block an MCP server just like any other connector or action.
- Action-level control: Allow a connector while disabling specific risky, deprecated, or internal actions. Triggers, internal, and deprecated actions are clearly tagged.
- Automatic scaling: Because ACP is native to environment groups, the right policy follows each environment created through personal developer environments and routing, no environment-by-environment overhead is required.
- ACP-only mode: Optionally skip classic data policy evaluation entirely for a clean governance posture.
What action do I need to take?
This message is for awareness, and no action is required.
To enable ACP in your environment, navigate to the Power Platform admin center and complete the following steps.
- Review inventory. Use Power Platform inventory (preview) under Manage > Inventory to see connector and operation usage across apps, flows, and agents so you can anticipate impact before activating ACP.
- Test on a single environment. Apply ACP under Security > Data and privacy in the Power Platform admin center. No Managed Environments are required for a single environment. The policy remains off until you activate it.
- Build your allowlist. Starting from default-deny, add the certified connectors and actions your teams require. New connectors are blocked by default, so plan for ongoing allowlist reviews.
- Scale with environment group. Applying ACP across an environment group requires Managed Environments. Configure on the group’s Rules tab.
- Run hybrid with DLP. Keep existing DLP policies in place for custom connectors, HTTP connectors, and scenarios not yet at parity while you migrate to ACP.
- Evaluate ACP-only mode. Test it in public preview to prepare for migration off of DLP policies.
Source: Microsoft
Latest Posts
- Microsoft Viva: Agent flexible query in Analytics Workbench [MC1403410]
- Update to Microsoft Enterprise Content Delivery Network (eCDN) analytics data retention (360 days to 180 days) [MC1403404]
- Microsoft Purview compliance portal: View-only role management enhancements [MC1403403]
- Microsoft Copilot Studio – Evaluate AI action outcome in workflows [MC1403393]
![Data Privacy: Microsoft Online Services Subprocessor Disclosure [MC1403210]](https://mwpro.co.uk/wp-content/uploads/2024/08/pexels-paduret-1193743-150x150.webp "Data Privacy: Microsoft Online Services Subprocessor Disclosure [MC1403210] 7")