Need help with configuring DLP policies for Flow in O365

Hi Pooya Obbohat - so, your assumption is correct regarding the relationship between the two groups, that is "you can't create flows by combining connectors from the two groups (Business data only & No business data allowed)."  But as for your objectives, let's walk through them:

1. Allow users to create Flows by combining Office 365 connectors (business data stays within the company)

RECOMMENDATION: Add the O365 connectors to the "Business data only" group.  See attachment for how this might look. 

With that in place, users can create Flows with connectors from the O365 group that can interact with one another, but they cannot create Flows that interact with those on the "no-Business data allowed" group.

2. Allow users to create Flows where info from the outside world is stored within the O365 environment (e.g. save Tweets with specific hashtag in Teams)

NOT POSSIBLE: The DLP engine is bi-directional, so when you add connectors in to a group, the data can go in both directions. To use your example, if you add Twitter to the "Business data only" group, you can achieve the requirement to save Tweets based on a specific hashtag to Teams, but you can also send data out to Twitter too, which from your requirements you don't wish to do. I have had discussions with the product group on the idea of uni-directional policies, but nothing has been committed to at this time.

3. Don't allow business data to leave the company (e.g. copy O365 Outlook meetings to Google calendar)

RECOMMENDATION: See point 1. above, but you probably know that based on what I shared above. Like us you would like all 3 scenarios to be possible, while protecting your data. The solution is not quite there yet.