Azure Data Lake Storage Gen2 Microsoft Graph connector

Article
07/05/2023

The Azure Data Lake Storage Gen2 Microsoft Graph connector allows users in your organization to search for files stored in Azure Blob Storage and Azure Data Lake Gen 2 Storage accounts.

Note

Read the Setup your Microsoft Graph connector article to understand the general connectors setup instructions.

This article is for anyone who configures, runs, and monitors an Azure Data Lake Storage Gen2 connector. It supplements the general setup process, and shows instructions that apply only for the Azure Data Lake Storage Gen2 connector. This article also includes information about Limitations.

In the article, we use Azure Storage as a generic term for Azure Blob Storage and Azure Data Lake Gen 2 Storage.

Step 1: Add a connector in the Microsoft 365 admin center

Add Azure Data Lake Storage Gen2 connector

(See general setup instructions for more details)

Step 2: Name the connection

Follow the general setup instructions.

Step 3: Configure the connection settings

Enter your primary storage connection string. This string is required to allow access to your storage account. To find your connection string, go to the Azure portal and navigate to the Keys section of your relevant Azure Storage account.

If you prefer not to provide the AccountKey (a parameter in the primary storage connection string), grant access to the Microsoft Graph connectors service for the following roles:

Storage Blob Data Reader
Storage Queue Data Contributor
Storage Blob Delegator

Navigate to the Access Control tab of your Azure Storage account, and follow the instructions there to grant access to the following app:

First Party App ID: 56c1da01-2129-48f7-9355-af6d59d42766
First Party App Name: Graph Connector Service

Storage account and queue notifications (Optional)

Support to process changes in real time in the Graph Connectors Service might be added in the future. In that case, we'll monitor Azure Storage change notifications stored in a queue. You'll need to create a queue in the same account as your Azure Storage account.

After you create a queue, go to the Events tab on the queue page to configure Event Subscription. Choose all the Blob events that the queue will receive, and connect the queue to the Azure Storage account.

Test the connection

Test the connection by clicking the Test Connection button

Note

The Test Connection must succeed before you can move to the next configuration section. The ADLS gen 2 enabled storage account MUST have a Container AND at least one file within it as a minimum for the Test Connection to succeed. A connection error will be raised if the content does not exist.

Step 4: Assign property labels

You can assign a source property to each label by choosing from a menu of options. While this step isn't mandatory, having some property labels will improve the search relevance and ensure better search results for end users.

Step 5: Manage schema

On the Manage Schema screen, you can change the schema attributes associated with the properties, the options are Query, Search, Retrieve, and Refine. You also can add optional aliases, and choose the Content property.

Step 6: Manage search permissions

Azure Data Lake Gen 2

You can choose to ingest the Access Control Lists (ACLs) from your Azure Data Lake Gen 2 Storage account. When these search permissions are set, search content is trimmed based on the permissions of the user signed in Azure Active Directory. Alternatively, you can choose to make all the content indexed from your storage account visible to everyone in your organization. In this case, everyone in your organization will have access to all the data in your storage account.

The Azure Data Lake Storage Gen2 connector supports search permissions visible to Everyone, or Only people with access to this data source. Indexed data that appears in the search results could be visible to users in the organization who have access to each item.

Azure Blob Storage

For a connection to Azure Blob Storage, all the content indexed from the configured source is visible to everyone in your organization. Access control lists aren't supported at Blob level in Azure Blob Storage.

Step 7: Set the refresh schedule

On the Refresh Settings screen, you can set the incremental crawl interval and the full crawl interval. The default intervals for the Azure Data Lake Storage Gen2 connector are 15 minutes for an incremental crawl and one week for a full crawl.

Step 8: Review connection