Forum Discussion
Lockdown owerApps HTTP Conector
I have been asked to apply data security control over the PowerApps HTTP connector by either whitelisting the URI that it can access or applying block control based on content inspection.
Can that be done using Defender for Cloud Apps, Purview Compliance DLP or another product?
thanks
Graham
1 Reply
AS1522Microsoft
You cannot whitelist specific URIs nor do deep content inspection on the Power Apps “HTTP” connector with Defender for Cloud Apps (MCAS) or Purview Compliance DLP.
The right way to lock it down is Power Platform DLP policies (to allow/block the HTTP connector) and route any allowed HTTP calls through a controlled gateway (e.g., Custom Connector + Azure API Management) where you can enforce host/URI allow‑lists and content filters.Power Apps itself won’t parse/inspect the payload for you. Put inspection in APIM:
APIM policies (XML) to:
Validate request/response size and schema. Redact sensitive fields. Block patterns (regex for credit cards/SSNs if applicable).
If you need deeper inspection (e.g., DLP signatures):
Call out from APIM to an inspection microservice (Azure Functions/Container Apps) that runs your rules (including Luhn checks, keyword proximity, etc.).
Return allow/block to APIM, which then allows or rejects the call
This centralizes policy and keeps makers from bypassing controls.
Does that helped you if already tried
Which environments (names) are currently using the HTTP connector, and do you have Azure API Management (or another gateway) already in place?