Flow and Powerapps are two most powerful tools in office 365 arsenal and can automate IT, business processes and can create applications in no time.
With that being said Power Users that become fluent in using these can easily move data around and can connect to hundred of third-party application which your security department may not allow.
To apply these restrictions you can apply Data Policies in PowerApps Admin center:(This applies to both FLOW and PowerAPPS)
Before creating the policy, you should first extract the report on what is being used in your environment so that you are aware about what will be impacted after implementation.
To get the report --> go to Environments --> Select environment --> Resources
Download List.(See last Column for connections used)
Now you know which PowerAPPs are using which different connectors.
I am not able to find a similar way to extract different flow connections.
Lets create the Data Loss Prevention Policy now.
Hit --> New Policy
You can select Apply to ALL environments or selected , I am applying to ALL environments.
ADD all Office 365 tool set to Business data Only.(along with some others as per your requirements for example: I selected Content conversion)
Non office 365 apps will automatically be there in No Business data allowed group.(as this is default group where all apps are grouped initially)
Finish this policy, what I have seen that it is immediately applied and flows that are not abiding by the policy will be suspended.
You can see this policy as groupings where one group is isolated from other, you can not have application is one group to connect to application in another group.
Go to --> Quotas and extract the CSV file to check which flows got suspended because of this policy.
You can also update the Policy later and enable the flows that are suspended(ones policy is updated) as a admin or contact users to aware them about it.
Note: Some of the functions I performed above requires PowerApps P2 license.
Thanks for reading