Maybe this post will save someone else 3+ months of back and fro with Microsoft support to finally get an answer.
Users are creating Power Automate flows via Teams. They wanted me to whitelist a few connectors, so I modified our DLP policy to exclude this Teams environment from the default, and create a new policy specifically targetting this Teams environment and allowing these connectors. Simple task, you’d think that’s enough to get the job done… but nope!
The Flow kept complaining about connectors being blocked. Interestingly, creating the same Flow via https://make.powerautomate.com in that Teams environment works; but doing so via Teams itself doesn’t (that’s a big clue there to the issue!)
Turns out its a bug in Teams.
Or to put it another way, whatever Flows you create from within Teams are created in the Default environment and so the DLP policies don’t apply. So always ask users to create Flows via https://make.powerautomate.com in the Teams environment if you do any DLP exclusions.