Cloud FlowEmail & Graph APIIntermediate

DLP Violation Maker Notification

Reads a Dataverse log of DLP violations, looks up the maker via Office 365 Users, and sends a personalized Outlook email with the policy violated, affected flow name, and remediation steps.

Microsoft DataverseOffice 365 UsersOffice 365 Outlook

Unique name

flowLibsDlpViolationMakerNotification

Publisher

FlowLibs (flowlibs)

Version

1.0.0.1

Components

3 env vars + 1 cloud flow

Request access

Provided as-is, without warranty of any kind. Review and test each pattern in a non-production environment before deploying it to live automations. See our Terms.

What it does

Overview

This flow monitors Dataverse logs for Data Loss Prevention policy violations and automatically notifies the maker via personalized email with violation details and remediation steps. The flow runs daily at 8:00 AM, resolves each maker's profile via Office 365 Users, and sends both a High-importance maker notification and a Normal-importance admin copy before marking the violation as notified.

Why you'd use it

Use Case

Organizations using Power Platform Data Loss Prevention policies need to notify makers when their flows or apps violate a policy. Rather than relying on manual review, this flow automates notification: it reads from a Dataverse log table, resolves each maker's identity, and sends a professional HTML email explaining what was violated, which resource triggered it, and how to remediate. An admin copy ensures governance teams stay informed.

The flow is ideal for teams that:

Automated DLP violation notification loop — no manual emails needed
Personalized messages to makers with their specific violation details
Admin copy ensures governance and compliance visibility
Prevents repeat violations through targeted maker education
Configurable schedule and policy documentation URL
Tracks notification state to prevent duplicate emails

Step-by-step

Flow Architecture

Recurrence

Schedule - Recurrence

Runs daily at 8:00 AM to scan Dataverse for new DLP violations that have not yet been notified.

Initialize varDlpEntityName

Initialize Variable

Sets varDlpEntityName from env var flowlibs_DlpViolationEntityName — Dataverse table logical name.

Initialize varAdminEmail

Initialize Variable

Sets varAdminEmail from env var flowlibs_AdminNotificationEmail — receives admin copies of every notification.

Initialize varPolicyDocUrl

Initialize Variable

Sets varPolicyDocUrl from env var flowlibs_DlpPolicyDocUrl — link for remediation.

List Unnotified DLP Violations

Dataverse ListRecords

Queries the configured Dataverse table for violation rows where flowlibs_notificationsent is false.

For Each DLP Violation

Apply to each

Sequential loop over each unnotified violation. For each item: gets the maker profile, sends the maker notification email, sends the admin copy, and marks the violation as notified.

Get Maker Profile

Office 365 Users - Get user profile (V2)

Looks up the maker by UPN/email from the violation row and returns display name and email used to personalize the message.

Send Maker Notification Email

Office 365 Outlook - Send an email (V2)

High-importance email with violation name, affected flow, and remediation steps sent to the maker.

Send Admin Copy

Office 365 Outlook - Send an email (V2)

Solution config

Environment Variables

Schema name	Type	Default	Description
flowlibs_DlpViolationEntityName	String	<configure>	Logical name of the Dataverse table holding DLP violation records (e.g., flowlibs_dlpviolation).
flowlibs_AdminNotificationEmail	String	alerts@yourcompany.com	Email address that receives admin copies of every DLP violation notification.
flowlibs_DlpPolicyDocUrl	String	<configure>	URL to your organization's DLP policy documentation for inclusion in maker notification emails.

Auth dependencies

Connectors & Connections

Connector	API name	Actions used
Microsoft Dataverse	shared_commondataserviceforapps	ListRecords (List Unnotified DLP Violations) UpdateRecord (Mark Violation As Notified)
Office 365 Users	shared_office365users	UserProfile_V2 (Get Maker Profile — resolves UPN to display name and email)
Office 365 Outlook	shared_office365	SendEmailV2 (Send Maker Notification Email) SendEmailV2 (Send Admin Copy)

Note — All connections are referenced as solution connection references; the flow is portable between environments as long as a connection is mapped at import time.

Tweaks & variations

Customization Guide

Almost every realistic variant of this flow can be implemented by changing environment variable values. A few cases require small edits inside the flow definition — those are called out explicitly below.

Deploying to Another Environment: Import the solution into the target environment, update each environment variable with your organization's values, bind the Office 365 Outlook and Office 365 Users connection references to your tenant's connections, bind the Microsoft Dataverse connection to the target environment's Dataverse instance, then turn the flow on.
Change check frequency: Edit the Recurrence trigger to run more or less often (e.g., every 4 hours instead of daily at 8 AM).
Customize email template: Edit the Send Maker Notification Email and Send Admin Copy actions to change HTML body, subject line, or importance level.
Add extra metadata: Append violation category or severity to the maker email by adding new Dataverse columns and referencing them in the compose actions.
Exclude certain makers: Add a Filter Array before the ForEach loop to exclude system accounts or non-human makers.
Add Teams notification: Insert a Teams Post Message action parallel to Send Maker Email to post violation alerts in a security channel.
Implement retry logic: Wrap the ForEach body in a Scope with Configure Run After to handle transient failures gracefully.

Helpers & literals

Key Expressions

The flow is intentionally light on Power Fx / WDL gymnastics — the heaviest expressions are the branch-name concatenation and the approval outcome check. They are listed below in the order they appear in the flow.

EXPR.01Get maker email from violation

Reads the maker's email column from the current violation row inside the ForEach loop.

workflow definition language

items('For_Each_DLP_Violation')?['flowlibs_makeremail']

EXPR.02Get violation name

Reads the violation name column from the current violation row.

workflow definition language

items('For_Each_DLP_Violation')?['flowlibs_violationname']

EXPR.03Compose violation subject line

Builds the email subject line by appending the violation name.

workflow definition language

concat('DLP Policy Violation: ', items('For_Each_DLP_Violation')?['flowlibs_violationname'])

EXPR.04Get admin email from variable

Reads the admin notification email initialized from the env var.

workflow definition language

variables('varAdminEmail')

EXPR.05Get policy doc URL from variable

Reads the DLP policy documentation URL initialized from the env var.

workflow definition language

variables('varPolicyDocUrl')

EXPR.06Get violation ID for update

Gets the unique row ID used to mark the violation as notified.

workflow definition language

items('For_Each_DLP_Violation')?['flowlibs_dlpviolationid']

EXPR.07Set notified flag to true

Update payload that flips the notification-sent flag on the violation row.

workflow definition language

@{flowlibs_notificationsent: true}

Overview

Use Case

Flow Architecture

Recurrence

Initialize varDlpEntityName

Initialize varAdminEmail

Initialize varPolicyDocUrl

List Unnotified DLP Violations

For Each DLP Violation

Get Maker Profile

Send Maker Notification Email

Send Admin Copy

Environment Variables

Connectors & Connections

Customization Guide

Key Expressions

EXPR.01Get maker email from violation

EXPR.02Get violation name

EXPR.03Compose violation subject line

EXPR.04Get admin email from variable

EXPR.05Get policy doc URL from variable

EXPR.06Get violation ID for update

EXPR.07Set notified flag to true

Mark Violation As Notified

Comments