Microsoft 365 compliance (Preview)
The Microsoft Purview compliance portal is home to integrated solutions for protecting and governing data, mitigating risks, and more. Simplify tasks across these solutions so you can focus on your compliance posture.
This connector is available in the following products and regions:
Service | Class | Regions |
---|---|---|
Power Automate | Premium | All Power Automate regions except the following: - China Cloud operated by 21Vianet |
Power Apps | - | Not available |
Contact | |
---|---|
Name | Microsoft |
URL | https://support.microsoft.com/microsoft-365 |
Connector Metadata | |
---|---|
Publisher | Microsoft |
Website | https://compliance.microsoft.com/ |
Privacy policy | https://privacy.microsoft.com |
Categories | Security |
Microsoft 365 compliance solutions help you discover, protect, and govern your data, address regulations and standards, and mitigate insider risks. The Microsoft 365 compliance connector allows you to automate actions for many of these compliance solutions.
Prerequisites
Subscriptions and required permissions vary depending on the compliance solutions where this connector will be used. To learn which subscriptions and permissions are required for compliance solutions, review the Microsoft 365 compliance documentation.
How to get credentials?
Visit https://docs.microsoft.com/en-us/microsoft-365/compliance/?view=o365-worldwide for additional details on Microsoft 365 compliance solutions and subscriptions.
Creating a connection
The connector supports the following authentication types:
Default | Parameters for creating connection. | All regions | Not shareable |
Default
Applicable: All regions
Parameters for creating connection.
This is not shareable connection. If the power app is shared with another user, another user will be prompted to create new connection explicitly.
Throttling Limits
Name | Calls | Renewal Period |
---|---|---|
API calls per connection | 500 | 60 seconds |
Actions
Add insider risk management case note |
Adds a note to the insider risk management case |
Add privacy management case note |
Adds a note to the privacy management case |
Apply a Retention Label on the item |
Apply a Retention Label on the item. |
Deletes the item |
Deletes the items. |
Get communication compliance violation metadata |
Get Violation Metadata |
Get insider risk management alert |
Get insider risk management alert. |
Get insider risk management alerts for a case |
Get insider risk management alerts for a case. |
Get insider risk management case |
Get insider risk management case. |
Get insider risk management user |
Get insider risk management user. |
Get privacy management case |
Get privacy management case. |
Get tagged privacy files |
Get a list of tagged privacy files. |
Get translated message Id |
Get translated message Id. |
Relabel an item at the end of retention |
Relabel an item at the end of retention. |
Trigger a new instance of the flow if an item can’t be located |
If an item can't be located (for example, if it was moved or renamed), this action attempts to find the item using its ID. If the item is found, the flow's settings are reset and a new instance of the flow will be triggered the next time the retention service runs. |
Add insider risk management case note
Adds a note to the insider risk management case
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Case ID
|
Case_Id | True | string |
The unique identifier of an insider risk management case |
Note content
|
content | string |
The content of the case note. |
Returns
Add privacy management case note
Adds a note to the privacy management case
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Case ID
|
Case_Id | True | string |
The unique identifier of an privacy management case |
Note content
|
content | string |
The content of the case note. |
Returns
Apply a Retention Label on the item
Apply a Retention Label on the item.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Site Address
|
SiteUrl | string |
SharePoint / OneDrive site url. Example: https://contoso.sharepoint.com/sites/sitename |
|
Label name
|
LabelName | string |
Label name to update the item with. |
|
ListItem Id
|
ListItemId | integer |
SharePoint list item id not GUID. |
|
Folder Path
|
FolderPath | string |
Document folder path. |
Returns
Deletes the item
Deletes the items.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Site Address
|
SiteUrl | string |
SharePoint / OneDrive site url. Example: https://contoso.sharepoint.com/sites/sitename |
|
Site Id
|
SiteId | string |
SharePoint site id. |
|
Web Id
|
WebId | string |
SharePoint web id. |
|
List Id
|
ListId | string |
SharePoint list id. |
|
Item Unique Id
|
ItemUniqueId | string |
SharePoint item unique Guid or mail internet message Id. |
|
Existing Label Id
|
ExistingLabelId | string |
The existing label id on the item. |
|
Workload name
|
ContentSourceApplication | string |
SharePoint, OneDrive or Exchange |
|
User Id
|
UserId | string |
User external directory id. |
Returns
Get communication compliance violation metadata
Get Violation Metadata
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Case id
|
caseId | True | string |
Communication compliance case id |
Workingset id
|
workingsetId | True | string |
Communication compliance working set id |
Document id
|
docId | True | string |
Communication compliance document id |
Flow name
|
flowName | True | string |
Communication compliance flow name |
Returns
Name | Path | Type | Description |
---|---|---|---|
id
|
id | string |
The unique identifier for remediation action |
policyName
|
policyName | string |
The name for the policy which capture the items |
violationTime
|
violationTime | string |
The time when the item happened |
violationSource
|
violationSource | string |
The source through which the item was sent |
violatedUserEmail
|
violatedUserEmail | string |
User email address who sent this item |
Get insider risk management alert
Get insider risk management alert.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Alert ID
|
Alert_Id | True | string |
The unique identifier of the insider risk management alert. |
Returns
Name | Path | Type | Description |
---|---|---|---|
Alert severity
|
severity | string |
The severity of the alert. |
Alert name
|
name | string |
The name of the alert. |
Alert status
|
status | string |
The status of the alert. |
Time to resolve in hours
|
resolutionTimeInHours | float |
The total time elapsed in hours to resolve the alert. |
Alert ID
|
id | string |
The unique identifier of the alert. |
Alert creation time
|
createdDateTimeUtc | string |
The timestamp in UTC when alert was generated. |
Case ID
|
assignedCase.caseId | string |
The unique identifier of the case associated with alert. |
Case name
|
assignedCase.name | string |
The name of the case associated with alert. |
Case status
|
assignedCase.status | string |
The status of the case associated with alert. |
Matched policy ID
|
violatedPolicy.policyId | string |
The unique identifier of the policy associated with alert. |
Matched policy name
|
violatedPolicy.policyName | string |
The name of the policy associate with alert. |
User ID
|
riskyUser.riskyUserId | string |
The unique identifier of the user associated with the alert. |
User principal name
|
riskyUser.userPrincipalName | string |
The UPN of the user associated with the alert. |
Get insider risk management alerts for a case
Get insider risk management alerts for a case.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Case ID
|
Case_Id | True | string |
The unique identifier of the case. |
Returns
Name | Path | Type | Description |
---|---|---|---|
value
|
value | array of object | |
Alert severity
|
value.severity | string |
The severity of the alert. |
Alert name
|
value.name | string |
The name of the alert. |
Alert status
|
value.status | string |
The status of the alert. |
Resolution reason
|
value.closureReason | string |
The closure reason associated with the alert. |
Time to resolve in hours
|
value.resolutionTimeInHours | float |
The total time elapsed in hours to resolve the alert. |
Alert ID
|
value.id | string |
The unique identifier of the alert. |
Tenant ID
|
value.tenantId | string |
The unique identifier of the organization. |
Alert created timestamp
|
value.createdDateTimeUtc | string |
The UTC timestamp identifying the creation time of the alert. |
Case ID
|
value.assignedCase.caseId | string |
The unique identifier of the case associated with alert. |
Case name
|
value.assignedCase.name | string |
The name of the case associated with alert. |
Case status
|
value.assignedCase.status | string |
The status of the case associated with alert. |
Matched policy ID
|
value.violatedPolicy.policyId | string |
The unique identifier of the policy associated with alert. |
Matched policy name
|
value.violatedPolicy.policyName | string |
The name of the policy associated with alert. |
User ID
|
value.riskyUser.riskyUserId | string |
The unique identifier of the user associated with alert. |
User principal name
|
value.riskyUser.userPrincipalName | string |
The UPN of the user associated with alert. |
Get insider risk management case
Get insider risk management case.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Case ID
|
Case_Id | True | string |
The unique identifier of insider risk management case. |
Returns
Name | Path | Type | Description |
---|---|---|---|
Case name
|
name | string |
The name of the case. |
Case status
|
status | string |
The status of the case. |
Case resolution time
|
resolutionTimeInHours | float |
The time elapsed in hours to resolve the case. |
Created by
|
createdBy | string |
The identifier for the user who created the case. |
Case ID
|
id | string |
The unique identifier of the case. |
Tenant ID
|
tenantId | string |
The unique identifier of the organization. |
Case created timestamp
|
createdDateTimeUtc | string |
The timestamp in UTC corresponding to the time when the case was created. |
Content labels
|
riskyContentInfo.labels | array of |
The list of content labels associated with the case. |
Sensitive info types
|
riskyContentInfo.dlpSensitiveTypes | array of |
The list of DLP sensitive info types associated with the case. |
SharePoint sites
|
riskyContentInfo.spoSites | array of |
The list of SharePoint sites associated with the case. |
Resolution reason
|
closingNote.closingStatus | string |
Resolution status when case closed. |
Action taken
|
closingNote.actionTaken | string |
The action taken when case closed. |
User ID
|
riskyUser.riskyUserId | string |
The unique identifier user associated with the case. |
User principal name
|
riskyUser.userPrincipalName | string |
The UPN for the user associated with the case. |
Teams ID
|
teamInfo.id | string |
The Teams ID associated with the case. |
Teams name
|
teamInfo.displayName | string |
Teams display name. |
Teams URL
|
teamInfo.webUrl | string |
URL for Teams. |
Teams status
|
teamInfo.status | string |
Status of Teams. |
Get insider risk management user
Get insider risk management user.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
User ID
|
RiskyUser_Id | True | string |
The unique identifier of the insider risk management user. |
Returns
Name | Path | Type | Description |
---|---|---|---|
Risk level
|
riskLevel | string |
The risk level associated with the user. |
User principal name
|
userPrincipalName | string |
The UPN of the user. |
User status
|
status | string |
The status of the user. |
User ID
|
id | string |
The unique identifier of the user. |
Case ID
|
assignedCase.caseId | string |
The unique identifier of the case associated with the user. |
Case name
|
assignedCase.name | string |
The name of the case associated with the user |
Case status
|
assignedCase.status | string |
The status of the case associated with the user |
Get privacy management case
Get privacy management case.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Case ID
|
Case_Id | True | string |
The unique identifier of privacy management case. |
Returns
Name | Path | Type | Description |
---|---|---|---|
Case name
|
name | string |
The name of the case. |
Case status
|
status | string |
The status of the case. |
Privacy case type
|
privacyCaseType | string |
The type of the case. |
DSR type
|
dsrType | string |
The DSR Type of the case. |
DSR source
|
dsrSource | string |
The DSR source of the case. |
DSR regulation
|
dsrRegulation | string |
The DSR regulation of the case. |
Case impact summary
|
impactSummary | string |
The impact summary of the case. |
Case severity
|
severity | string |
The severity of the case. |
Created by
|
createdBy | string |
The identifier for the user who created the case. |
Case ID
|
id | string |
The unique identifier of the case. |
Tenant ID
|
tenantId | string |
The unique identifier of the organization. |
Case created date
|
createdDateTimeUtc | string |
The timestamp in UTC corresponding to the time when the case was created. |
Case due date
|
dueDateTimeUtc | string |
The timestamp in UTC corresponding to the time when the case is due. |
Case closed date
|
closedDateTimeUTC | string |
The timestamp in UTC corresponding to the time when the case was closed. |
Files count
|
insight.filesCount | integer |
Files count insight. |
File locations count
|
insight.fileLocations | integer |
File locations count insight. |
Files size
|
insight.filesSize | integer |
Files size insight. |
File need review count
|
insight.needReview | integer |
File need review count insight. |
Last update time
|
insight.lastUpdateTimeUtc | string |
The timestamp in UTC corresponding to the time when the case was last updated. |
documentSourceCount
|
insight.documentSourceCount | array of object | |
Document source count key
|
insight.documentSourceCount.key | string |
Document source count key. |
Document source count value
|
insight.documentSourceCount.value | integer |
Document source count value. |
conflictTypeCount
|
insight.conflictTypeCount | array of object | |
Conflict type count key
|
insight.conflictTypeCount.key | string |
Conflict type count key. |
Conflict type count value
|
insight.conflictTypeCount.value | integer |
Conflict type count value. |
reviewStatusCount
|
insight.reviewStatusCount | array of object | |
Review status count key
|
insight.reviewStatusCount.key | string |
Review status count key. |
Review status count value
|
insight.reviewStatusCount.value | integer |
Review status count value. |
Privacy admin user ID
|
privacyAdmin.userObjectId | string |
The unique identifier of the privacy admin user. |
Privacy admin user UPN
|
privacyAdmin.userPrincipalName | string |
The User Principal Name of the privacy admin user. |
Alert information
|
alertInformation | array of |
Alert information of the case. |
stages
|
stages | array of object |
Stages of the case. |
Case stage ID
|
stages.id | string |
The unique identifier of the case stage. |
Case stage status
|
stages.status | string |
The case stage status. |
Data subject ID
|
dataSubject.id | string |
The unique identifier the data subject. |
Data subject last name
|
dataSubject.lastName | string |
The last name of the data subject. |
Data subject first name
|
dataSubject.firstName | string |
The first name of the data subject. |
Data subject residency
|
dataSubject.residency | string |
The residency of the data subject. |
Data subject email
|
dataSubject.email | string |
The email of the data subject. |
Data subject address
|
dataSubject.address | string |
The address of the data subject. |
Is existing data subject
|
dataSubject.existingDataSubject | boolean |
Is an existing data subject. |
Teams ID
|
teamInfo.id | string |
The Teams ID associated with the case. |
Teams name
|
teamInfo.displayName | string |
Teams display name. |
Teams URL
|
teamInfo.webUrl | string |
URL for Teams. |
Teams status
|
teamInfo.status | string |
Status of Teams. |
Get tagged privacy files
Get a list of tagged privacy files.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Case Id
|
caseid | True | string |
The unique identifier of privacy management case. |
Tag Name
|
tagName | True | string |
The name of a tag for privacy file. |
Page Index
|
pageIndex | True | integer |
The page index of the search for tagged privacy files. |
Page Size
|
pageSize | integer |
The page size of the search for tagged privacy files. |
Returns
Name | Path | Type | Description |
---|---|---|---|
value
|
value | array of object | |
File ID
|
value.id | string |
The unique identifier of an tagged file. |
Immutable ID
|
value.immutableId | string |
The immutable id of an tagged file. |
File workload
|
value.workload | string |
The workload of the tagged file. |
File size
|
value.size | integer |
The size of the tagged file. |
File name
|
value.fileName | string |
The name of the tagged file. |
File type
|
value.fileType | string |
The file type of the tagged file. |
Title
|
value.title | string |
The title of the tagged file. |
Subject title
|
value.subjectTitle | string |
The subject title of the tagged file. |
Native size
|
value.nativeSize | integer |
The native size of the tagged file. |
Document Url
|
value.documentUrl | string |
The document Url of the tagged file. |
File class
|
value.fileClass | string |
The file class of the tagged . |
Extracted content type
|
value.extractedContentType | string |
The extracted content type of the tagged file. |
File path
|
value.filePath | string |
The file path of the tagged file. |
File item Url
|
value.itemUrl | string |
The item Url of the tagged file. |
Recorded doc actions
|
value.docActions | string |
DocAction for the file. |
Remediation actions
|
value.remediationActions | string |
RemediationActions for the file. |
Annotations
|
value.annotations | string |
Annotations for the file. |
File created date
|
value.createdDateTimeUtc | string |
The timestamp in UTC corresponding to the time when the file was created. |
File last modify date
|
value.lastModifiedDateTimeUtc | string |
The timestamp in UTC corresponding to the time when the file was last modified. |
author
|
value.author | array of string |
Author of the file. |
The sender of the email.
|
value.sender | string |
The sender of email. |
Site property path
|
value.sitePropertyPath | string |
The file path in site property. |
Compound path
|
value.compoundPath | string |
The file compound path. |
The internet message id
|
value.internetMessageId | string |
The internet message id for exchange item. |
Get translated message Id
Get translated message Id.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Case ID
|
Case_Id | True | string |
The unique identifier of the case. |
Immutable Id
|
immutableId | True | string |
The immutable Id for translation. |
Mail Address
|
mailAddress | True | string |
Mail Address of the exchange mail. |
Returns
Name | Path | Type | Description |
---|---|---|---|
Message Id
|
value | string |
The message Id. |
Relabel an item at the end of retention
Relabel an item at the end of retention.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Site Address
|
SiteUrl | string |
SharePoint / OneDrive site url. Example: https://contoso.sharepoint.com/sites/sitename |
|
Site Id
|
SiteId | string |
SharePoint site id. |
|
Web Id
|
WebId | string |
SharePoint web id. |
|
List Id
|
ListId | string |
SharePoint list id. |
|
Item Unique Id
|
ItemUniqueId | string |
SharePoint item unique Guid or mail internet message Id. |
|
Workload name
|
ContentSourceApplication | string |
SharePoint, OneDrive or Exchange |
|
Label Id
|
LabelId | string |
Label Id to update the item with. |
|
User Id
|
UserId | string |
User external directory id. |
Returns
Trigger a new instance of the flow if an item can’t be located
If an item can't be located (for example, if it was moved or renamed), this action attempts to find the item using its ID. If the item is found, the flow's settings are reset and a new instance of the flow will be triggered the next time the retention service runs.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Site Id
|
SiteId | string |
SharePoint site id. |
|
Web Id
|
WebId | string |
SharePoint web id. |
|
List Id
|
ListId | string |
SharePoint list id. |
|
Item Unique Id
|
ItemUniqueId | string |
SharePoint item unique Guid or mail internet message Id. |
Returns
Triggers
For a selected communication compliance item |
This trigger allows you to start a flow when a Communication Compliance item is selected in Microsoft 365 compliance center (Available only for Power Automate.) |
For a selected insider risk management case |
This trigger allows you to start a flow when an insider risk management case is selected in Microsoft 365 compliance center (Available only for Power Automate.) |
For a selected insider risk management user |
This trigger allows you to start a flow when an insider risk management user is selected in Microsoft 365 compliance center (Available only for Power Automate.) |
When an item reaches end of its retention period |
Triggers when a SharePoint, OneDrive or Exchange item (which has a retention label applied to it ) reaches the end of its established retention period. When using this trigger, the retention label configuration must be set to trigger this action at the end of the period as well. |
When an item violates a DLP policy |
Triggers when a SharePoint, OneDrive or Exchange item violates a DLP Policy which is configured with Power Automate Flow Action. |
For a selected communication compliance item
This trigger allows you to start a flow when a Communication Compliance item is selected in Microsoft 365 compliance center (Available only for Power Automate.)
Returns
For a selected insider risk management case
This trigger allows you to start a flow when an insider risk management case is selected in Microsoft 365 compliance center (Available only for Power Automate.)
Returns
For a selected insider risk management user
This trigger allows you to start a flow when an insider risk management user is selected in Microsoft 365 compliance center (Available only for Power Automate.)
Returns
When an item reaches end of its retention period
Triggers when a SharePoint, OneDrive or Exchange item (which has a retention label applied to it ) reaches the end of its established retention period. When using this trigger, the retention label configuration must be set to trigger this action at the end of the period as well.
Returns
Name | Path | Type | Description |
---|---|---|---|
Site Address
|
SiteUrl | string |
SharePoint / OneDrive site url. Example: https://contoso.sharepoint.com/sites/sitename |
List Name
|
ListName | string |
SharePoint list name. |
Folder Path
|
FolderPath | string |
Document folder path. |
Document Name
|
DocumentName | string |
Document name. |
Site Id
|
SiteId | string |
SharePoint site id. |
Web Id
|
WebId | string |
SharePoint web id. |
List Id
|
ListId | string |
SharePoint list id. |
Item Unique Id
|
ItemUniqueId | string |
SharePoint item unique Guid or mail internet message Id. |
ListItem Id
|
ListItemId | integer |
SharePoint list item id not GUID. |
Library Name
|
LibraryName | string |
SharePoint library name. |
Workload name
|
Workload | string |
SharePoint, OneDrive or Exchange. |
Existing Label Id
|
ExistingLabelId | string |
The existing label id on the item. |
User Id
|
UserId | string |
User external directory id. |
When an item violates a DLP policy
Triggers when a SharePoint, OneDrive or Exchange item violates a DLP Policy which is configured with Power Automate Flow Action.
Returns
Name | Path | Type | Description |
---|---|---|---|
Power Automate Flow ID
|
FlowId | string |
Represents the ID of the Power Automate Flow triggered |
Item ID
|
ItemId | string |
ID of the email, file, or item matching the DLP policy. |
Operation
|
Operation | string |
Operation that triggered the workflow |
Item created on (UTC)
|
CreationTimeUTC | string |
Time the detected item was created |
Item last modified on (UTC)
|
LastModifiedTimeUTC | string |
Time the item was last modified |
Actor
|
Actor | string |
The user or service principal that performed the action. |
Data source
|
Workload | string |
Data sources where the activity occurred |
Recipients
|
SharedWith | array of string |
Users who the item was shared with |
Sensitivity label
|
SensitivityLabels | array of string |
Sensitivity labels applied to matching email, file, or item. |
Matched policy name
|
PolicyName | string |
Name of the DLP policy that detected the user activity triggering this workflow. |
Matched policy ID
|
PolicyId | string |
GUID of the DLP policy that detected the user activity triggering this workflow. |
Matched rule ID
|
RuleId | string |
GUID of the DLP rule that detected the user activity triggering this workflow. |
Matched rule name
|
RuleName | string |
Name of the DLP rule that detected the user activity triggering this workflow. |
Item size
|
ContentSize | integer |
Size (in bytes) of the email, file, or item matching the DLP policy. |
Email subject
|
ExchangeMetadata.Subject | string |
Subject of the email message. |
Attachments
|
ExchangeMetadata.Attachments | array of object |
The list of attachments associated with the matched item |
Name
|
ExchangeMetadata.Attachments.Name | string |
Name of the attachment |
Size
|
ExchangeMetadata.Attachments.Size | integer |
Size of the attachment |
Sensitivity labels
|
ExchangeMetadata.Attachments.Labels | array of string |
Sensitivity labels applied to attachment. |
ID
|
SharepointMetadata.SiteId | string |
ID of the SharePoint site or OneDrive account |
URL
|
SharepointMetadata.SiteUrl | string |
URL of the SharePoint site or OneDrive account |
Folder URL
|
SharepointMetadata.FolderUrl | string |
URL of the folder containing the item |
File name
|
SharepointMetadata.FileName | string |
Name of the file violating the policy on SharePoint or OneDrive |
File ID
|
SharepointMetadata.FileId | string |
A guid that identifies the file |
File URL
|
SharepointMetadata.FileUrl | string |
SharePoint or OneDrive URL of the file that matched the DLP policy. |
List item id
|
SharepointMetadata.ListItemId | integer |
An integer identifier for the item within the containing list |
Message type
|
TeamsMetadata.MessageType | string |
Teams message type |
Message ID
|
TeamsMetadata.MessageId | string |
Teams chat or channel message ID |
Channel ID
|
TeamsMetadata.ChannelId | string |
A unique identifier for the channel |
Device ID
|
EndpointMetadata.MachineId | string |
Unique ID of device where activity was detected by DLP policy |
File name
|
EndpointMetadata.FileName | string |
Name of file on device that matched the DLP policy |
File path
|
EndpointMetadata.FilePath | string |
Local path to the file on a device that matched the DLP policy |
User activity
|
EndpointMetadata.Operation | string |
User activity detected on device that matched the DLP policy |
Evidence URL
|
EndpointMetadata.EvidenceUrl | string |
Evidence URL if configured in the policy |
Destination
|
EndpointMetadata.Destination | string |
Target path |
UPN
|
EndpointMetadata.UPN | string |
User principal name |
Action enforced
|
EndpointMetadata.EnforcementMode | string |
DLP action enforced on user activity |