Your finance team built an expense approval flow over a weekend. It pulls from SharePoint, posts to Teams, and forwards data to a personal Outlook account. No ticket. No review. No security team in the loop. This is Power Platform working exactly as Microsoft designed it.

The platform that promised to democratize automation also democratized your attack surface.

The default that nobody changes

Every Microsoft 365 tenant ships with a Default Environment. Every licensed user is a maker in it. They can build apps, create flows, and connect to anything the connector library offers. There is no approval workflow, no naming standard, no owner accountability.

Most security teams find out Power Platform exists when something breaks or someone leaves. By then the tenant has hundreds of apps, thousands of flows, and connection references nobody can map back to a human.

The five risks that compound

The Default Environment as a free-for-all. New users get maker rights automatically. Sensitive data flows are built in the same environment as someone's grocery list reminder. Isolation is impossible after the fact.

Connectors as data exfiltration paths. Power Platform ships with 1,000+ connectors. Twitter, Gmail, Dropbox, and arbitrary HTTP all sit next to SharePoint and Dataverse. A maker can move regulated data to a personal Gmail in three clicks. No DLP alert by default.

Connection references tied to a person. Citizen developers connect with their own credentials. When they leave, the flow keeps running on cached tokens, or it breaks production. Either outcome is bad. Worse, ownership of those connections rarely transfers cleanly.

Embedded credentials in flow definitions. API keys, webhook secrets, and HTTP basic auth values get pasted into actions and stored as plaintext in the flow JSON. Anyone with read access to the flow has the secret.

Bypassed approval workflows. The SOX-approved expense process exists in SAP. The flow that actually moves the money lives in Power Automate, built by an analyst, reviewed by nobody. Auditors do not look there. Until they do.

The DLP gap nobody configures

Power Platform has a built-in DLP model: connectors get classified as Business, Non-Business, or Blocked. Flows cannot combine connectors across the Business and Non-Business groups. Configured properly, it stops most cross-boundary exfiltration patterns.

Configured properly is the catch. In most tenants, every connector sits in the same group, which means the DLP policy enforces nothing. The setting exists. Nobody owns it.

What to do this month

Lock down the Default Environment. New makers go into a dedicated Personal Productivity environment with restricted connectors. Production work moves to environments with explicit owners and change control.

Define an environment strategy. At minimum: Default, Personal Productivity, Development, Production. Each with its own DLP policy. Production environments require admin approval to create.

Configure tenant-wide DLP. Move external storage, social, and arbitrary HTTP connectors into the Blocked group unless there is a business reason. Sensitive Microsoft 365 connectors stay in Business. Personal connectors stay in Non-Business. Test before publishing.

Adopt the CoE Starter Kit. The Center of Excellence kit from Microsoft surfaces orphaned apps, inactive flows, and high-risk connectors. It is not optional for tenants with serious Power Platform use.

Turn on Managed Environments for production. You get sharing limits, weekly digests, solution checker enforcement, and IP cookie binding. The license cost is lower than one breach response retainer.

Review quarterly. Pull every flow with a Premium or external connector. Pull every app shared with more than 20 users. Pull every connection older than 90 days. Owner-less assets get reassigned or removed.

Why this gets worse with Copilot

Copilot Studio agents run on the same connector model. Citizen developers are now building AI agents that read SharePoint, query Dataverse, and respond in Teams. The attack surface multiplies because the data the agent touches multiplies. If your Power Platform governance is weak, your Copilot governance is already broken.

The line you are defending

Citizen development is not the problem. Ungoverned citizen development is. The same tools that let a finance analyst automate a reconciliation also let them build a credential harvester that looks like a SharePoint form.

SecValley CSPM monitors Power Platform tenant settings, DLP policy coverage, environment isolation, and connector inventory as part of 500+ controls across Microsoft 365, Microsoft Entra ID, and Azure. Drift gets flagged the day a new environment opens up, not the quarter after an auditor finds it.

The line between productivity and breach runs through your tenant settings. Draw it before someone else does.