Blocking Microsoft Flow’s access to your Office 365 tenant

Did you know that any user in your organisation can sign into Microsoft Flow with their personal account and create a flow that connects to your organisation’s Office 365 tenant?
This means that an employee can (even accidentally) create a flow that monitors a SharePoint site (obviously they need to have access to the site) and posts the contents to Twitter, Dropbox or any other external service.
The bad news is that as the Office 365 tenant admin we have no way of blocking this in the UI. The good news is that Microsoft can. So raise a service request with them and ask them to disable ‘Cross tenant Flow creation’. This will force all of your data to stay within your tenant and prevents data loss.

Blocking Microsoft Flow’s access to your Office 365 tenant