Microsoft Graph Data Connect onboarding experience

Microsoft Graph Data Connect has a simplified onboarding experience that features an enhanced app registration and app authorization experience.

This article describes the simplified onboarding experience, in which data transfers are authorized before the pipelines run. Customers who currently use the Privileged Access Management (PAM) authorization model can migrate to the simplified experience; for details, see Existing customer migration.

The following are the steps to onboard:

1. Your global administrator enables Microsoft Graph Data Connect in the Microsoft 365 admin center.

2. Create a new Microsoft Entra app.

3. Register the app with Data Connect in the Data Connect app registration portal, and specify the data that is required for the application. For details, see app registration.

4. Your global administrator authorizes the app in the Data Connect app authorization portal. For details, see app authorization.

5. You can now run existing pipelines without delays caused by runtime authorization. Pipelines are created and run via Azure Data Factory or Azure Synapse.

Simplified onboarding experience

The simplified Data Connect onboarding experience includes process efficiencies and improved developer workflows, as well as Azure portal improvements that further enable a more intuitive and informative developer experience:

• Authorization is provided before any pipeline runs. If authorization isn't granted, the pipeline fails right away. This eliminates extra runtime, which incurs ADF runtime costs and waiting on manual approval, and minimizes runtime authorization creation failures.

• Service principal owner licenses aren't required. This removes requirements for service principal owners to be Microsoft 365 users with an E5 license, and removes license requirements. Microsoft Entra application ownership is required to update and delete app registrations with Data Connect.

• Admins don't need an E5 license. A user authorizing an app is required to be a global admin to access the Data Connect app registration portal, and approve apps for Data Connect.

• The Microsoft 365 admin center experience for authorizing apps is enhanced.

• Data Connect is evolving to a per-app authorization model, which functionally means one admin authorization per customer scenario. A single app registration encapsulates all datasets that an app requires, along with per dataset controls for columns and scopes. This also means that a single authorization is required to enable a scenario.

• You can renew an app authorization before the expiry date. This isn't supported in Privileged Access Management (PAM).

• Multitenant apps can initiate cross-tenant data movement with Data Connect. This enables ISVs to make use of Data Connect to extract Microsoft 365 data to bring value to customers.

Confirm your tenant experience

If your tenant enabled Data Connect in the Microsoft 365 admin center after August 17, 2023, your organization is successfully enrolled in the simplified onboarding experience. To confirm this, request that someone in your company with a Global Reader or Global Administrator-assigned role access the Data Connect admin authorization portal.

If you're able to access the experience and you don't see the following warning text, you don't need to take any further action: You are still using the legacy Privileged Access Management Microsoft Graph Data Connect consent experience. Please enable the new consent experience for MGDC enterprise apps.

If your tenant isn't yet using the simplified experience, for details about how to migrate, see Migrate to the updated Microsoft Graph Data Connect onboarding experience.