Missing data policy (Data Loss Prevention)
Without a data policy, users/makers can use every connector to send/receive data in the Power Platform environment and their configured Power Apps. This can lead to data exfiltration or usage of unwanted services. The default environment with default permissions (every user has maker permissions) should be hardened extra tight.
Create a data policy and think about configuring for example:
- Block new connectors in environments
- Limit makers to prebuilt connectors
- Limit custom connectors
For details see Secure the default environment - Power Platform | Microsoft Learn.
For data policy creation hints see https://learn.microsoft.com/en-us/power-platform/admin/prevent-data-loss.