Category
stayInformed
Severity
normal
Major change
False
Last modified
2026-07-13 20:36:12
Summary source
Azure OpenAI (gpt-4.1)
Action by (Graph)
—
Action by (AI)
—
Services
Power Platform
Tags
Updated message, Feature update
Master tags
Admin, Compliance
Roadmap IDs
One-line summary
Advanced connector policies (ACP) now generally available in Power Platform admin center, enabling granular control over connectors and actions with default-deny allowlist and improved governance.
Similar updates
More like thisMC1194585 Power Platform – Power Platform Environment Settings app
MC1197917 Power Platform admin center – Review security role descriptions and definitions
MC1191203 Power Platform inventory to include agents, apps, and workflows from Microsoft 365 Copilot, agent flows, and cloud flows
MC1198705 Microsoft 365 Copilot: Nine new connectors now generally available
MC1137593 (Updated) Restrict new file creation in Office desktop apps to Cloud Locations
MC1190207 Manage Non-Microsoft Generative AI Usage Across Your Organization
Details
Body (from Message Center)
Update: Design-time enforcement functionality of this feature has been re-enabled within Power Apps.
We are announcing the ability to use advanced connector policies (ACP) to govern which connectors, connector actions, and Model Context Protocol (MCP) servers are permitted across your environments in Power Platform admin center. This feature reached general availability on June 4, 2026.
How does this affect me?
ACP replaces the Business/Non-Business/Blocked classification model of classic data loss prevention (DLP) policies with a single default-deny allowlist, and is off by default until explicitly activated by an administrator. ACP currently applies to certified connectors only (including MCP connectors); continue using DLP policies for custom connectors. This feature includes the following capabilities:
What action do I need to take?
This message is for awareness, and no action is required.
To enable ACP in your environment, navigate to the Power Platform admin center and complete the following steps.
We are announcing the ability to use advanced connector policies (ACP) to govern which connectors, connector actions, and Model Context Protocol (MCP) servers are permitted across your environments in Power Platform admin center. This feature reached general availability on June 4, 2026.
How does this affect me?
ACP replaces the Business/Non-Business/Blocked classification model of classic data loss prevention (DLP) policies with a single default-deny allowlist, and is off by default until explicitly activated by an administrator. ACP currently applies to certified connectors only (including MCP connectors); continue using DLP policies for custom connectors. This feature includes the following capabilities:
- Default-deny allowlist: All certified connectors and actions are blocked unless explicitly added. New connectors are blocked by default until an administrator reviews and allows them. Business and non-business classifications have been removed for connectors and actions to improve clarity.
- Design-time and runtime enforcement: Makers now get immediate feedback while authoring an app, flow, or agent, not only at runtime when data is changing. Makers are blocked from adding restricted connectors or actions while authoring, and the platform performs a last-mile check at runtime.
- Govern AI tools: Admins can block an MCP server just like any other connector or action.
- Action-level control: Allow a connector while disabling specific risky, deprecated, or internal actions. Triggers, internal, and deprecated actions are clearly tagged.
- Automatic scaling: Because ACP is native to environment groups, the right policy follows each environment created through personal developer environments and routing, no environment-by-environment overhead is required.
- ACP-only mode: Optionally skip classic data policy evaluation entirely for a clean governance posture.
What action do I need to take?
This message is for awareness, and no action is required.
To enable ACP in your environment, navigate to the Power Platform admin center and complete the following steps.
- Review inventory. Use Power Platform inventory (preview) under Manage > Inventory to see connector and operation usage across apps, flows, and agents so you can anticipate impact before activating ACP.
- Test on a single environment. Apply ACP under Security > Data and privacy in the Power Platform admin center. No Managed Environments are required for a single environment. The policy remains off until you activate it.
- Build your allowlist. Starting from default-deny, add the certified connectors and actions your teams require. New connectors are blocked by default, so plan for ongoing allowlist reviews.
- Scale with environment group. Applying ACP across an environment group requires Managed Environments. Configure on the group's Rules tab.
- Run hybrid with DLP. Keep existing DLP policies in place for custom connectors, HTTP connectors, and scenarios not yet at parity while you migrate to ACP.
- Evaluate ACP-only mode. Test it in public preview to prepare for migration off of DLP policies.
Raw JSON (for debugging)
Expand/collapse the full payload below.
Show/hide raw
{
"snapshot_item": {
"action_required_by": null,
"ai_action_required_by": null,
"ai_actions": [
"Review connector usage inventory",
"Test ACP in a single environment",
"Build allowlists for required certified connectors/actions",
"Plan for ongoing allowlist reviews and maintenance",
"Apply at environment group level if using Managed Environments",
"Maintain DLP policies for custom connectors during migration",
"Evaluate ACP-only mode in preview"
],
"ai_master_tags": [
"Admin",
"Compliance"
],
"ai_model": "gpt-4.1",
"ai_summary": "Advanced connector policies (ACP) now generally available in Power Platform admin center, enabling granular control over connectors and actions with default-deny allowlist and improved governance.",
"ai_topics": [
"Power Platform",
"Power Apps"
],
"category": "stayInformed",
"details_map": {},
"id": "MC1403390",
"importance": 1,
"is_major_change": false,
"last_modified": "2026-07-13T20:36:12Z",
"ms_products": [
"Power Platform"
],
"platforms": null,
"roadmap_ids": [],
"services": [
"Power Platform"
],
"severity": "normal",
"tags": [
"Updated message",
"Feature update"
],
"title": "Power Platform admin center \u2013 Advanced connector policies"
}
}