SDS is a free service in Microsoft 365 Education that reads the rosters from your Student Information System (SIS) / Student Management System (SMS). It creates classes for Microsoft Teams, Intune, and third-party applications. Microsoft Teams brings conversations, content, and apps together in Microsoft 365 for Education.
What SIS/SMS vendors does SDS support?
SDS supports importing data in CSV (Comma Separated Value) files therefore it supports virtually every SIS / SMS on the market. SDS also supports importing roster data via the industry standard OneRoster API (Application Programming Interface).
SDS is currently available in all regions worldwide except for China and Germany.
Sync runs continuously after the connect data configuration is created.
For OneRoster API, the connection to the SIS is continuous and always polling for changes in data to be synced.
For CSV, changes within your data can be synchronized by uploading new CSV files that contain the data changes.
What apps work with SDS?
SDS imports organization, users, user role association to organizations, and roster data from a SIS / SMS to Microsoft 365 so numerous first party and third party applications can use it. To see a list of the third party education apps that use Microsoft 365 and SDS data for single sign-on and Rostering integration, visit https://sds.microsoft.com.
Will SDS automatically synchronize changes, or do we have to restart sync to synchronize changes as they occur?
If you're synchronizing via API, an automated run occurs every 12 hours.
If you're synchronizing via CSV file, a run occurs upon the initial upload, and triggers a run again when new CSV files are uploaded. Keep in mind that an automated run every 12 hours still occurs to process Microsoft Entra ID changes or to support Insights and Analytics scenarios.
For more information monitoring and handling of data errors, warnings, and troubleshooting see Health and Monitoring
What are the permission requirements for accessing and managing SDS?
To access and manage SDS, your account must be a global administrator within the tenant. The global administrator should also have either SDS Plan 1 (A1) or SDS Plan 2 (A3/A5) license assigned to their user profile.
How can we export data from our SIS / SMS to Microsoft’s required CSV format?
Since each SIS/SMS is different, we encourage SDS customers to contact their SIS/SMS vendor for support and assistance with building the appropriate export. SDS V2.1 CSV file format.
What is the proper format for the StartDate and EndDate values?
SDS requires data values to be in ISO 8601 format (YYYY-MM-DD).
What is the proper format for the Phone or SMS values?
SDS requires Phone and SMS to be in E.164 and + must be included (+1234567890).
Can I export the errors / warnings generated by School Data Sync?
Yes, you can export the list of errors and warnings generated from a run within the SDS UI. For more information monitoring and handling of data errors, warnings, and troubleshooting, see Health and Monitoring
Does Microsoft provide extractor tools for my SIS/SMS data?
Microsoft doesn't build or maintain extractor tools for any SIS/SMS vendor. Many SIS’s/SMS’s have data extraction tools built into the SIS/SMS already. If your SIS/SMS doesn't include an extraction tool, and you need assistance extracting data from your SIS/SMS into our SDS V2.1 CSV file format, contact your SIS/SMS vendor for support.
Why is there a character limitation on email addresses (or username values that are email addresses) in SDS?
Email addresses for all objects in Microsoft 365 must adhere to several RFC standards for internet email addressing. SDS is aligned to the character limitations within each of the core Microsoft 365 services, including SharePoint Online, Exchange Online, and Microsoft Entra ID.
What special characters aren't supported by School Data Sync?
There are several special characters that aren't supported within School Data Sync when provisioning data to Microsoft Entra ID. Unsupported special characters found is replaced with an “_”. Learn about unsupported characters see Restrictions and limitations in OneDrive and SharePoint.
This handling happens automatically.
How many Connect Data configurations do I need to create when setting up School Data Sync?
SDS today supports a single SIS/SMS Connect data configuration per tenant, by default.
More than 2 million rows in a csv file – SDS no longer has the limit that SDS (Classic) had with ingesting source data that contains over 2 million rows in a csv file.
Multiple sync methods or source directories - If you have multiple SIS/SMS sources going into the same tenant, review connect data for multiple sources in single tenant for expectations and limitations. Contact our team to request review of your proposed configuration.
Single source directory that needs to go to multiple tenants - If you have single SIS/SMS source going into multiple tenants, then you need to perform some preprocessing before making the data available to SDS for import. Contact our team.
Multiple domains for user identity matching – When configuring SDS you must match users from your source directory to users in Microsoft Entra ID. See User Identity Rules.
Mix of "create new users" and "sync existing users" – As part of managing users between your source data and Microsoft Entra ID and the mix can be done with a single Microsoft 365 managed users provisioning configuration.
Matching existing users occurs as part of connect data from the SIS/SMS and is written to the data cache. Until you create a Microsoft 365 managed users provisioning configuration, this link isn't pushed to Microsoft Entra ID.
When setting up your Microsoft 365 managed users provisioning configuration by default, all matched users have the link between the source user and Microsoft Entra written to the users Microsoft Entra object. If you wish to also create unmatched users, you can enable the option and specify the user creation rules.
In SDS (Classic) I also needed to upload empty classes and enrollment CSV files if only synchronizing users. Is this still true?
For SDS v2.1 CSV: If you're only synchronizing users, you only need to provide the organizations (orgs.csv), users (users.csv), and user role and associations to organizations (roles.csv) files. See SDS V2.1 CSV file format. After connecting your data, set up yourMicrosoft 365 managed users provisioning configuration.
For SDS v1 CSV: If you're only synchronizing users, you only need to provide the organizations (school.csv) and users (student.csv & teacher.csv) files. See SDS v1 CSV format. After connecting your data, set up yourMicrosoft 365 managed users provisioning configuration.
Not all fields are supported to bring data into the new SDS experience based on the SDS v1 CSV format. You find them noted in SDS v1 CSV File Format under column Required? as data not supported.
Also, Grade values and Course Subject values passed must align to their corresponding List of Values (ENUM) codes.
If needed, use Managing List of Values to expand Grade and Course Subject to support code values not supported by default.
Can I have extra headers and columns in my CSV files beyond what I intend to sync?
As part of basic validation, when the file names and headers are validated, the files must be formatted correctly.
Each CSV file must contain data for the fields noted 'Yes' under 'Required', the fields noted 'No' are 'Optional' data.
The field headers marked as 'Required' must exist in the supplied files or they won't be accepted.
The field headers marked as "Optional' aren't required to be present in the files if not passing the corresponding optional data.
If the proper field headers aren't found, the UI won't allow progression through the connect data scenarios based on the CSV format.
If automating the CSV upload, the files will be rejected and not moved over for SDS to pick up for the next run. They'll be removed from the cache after two days.
What happens if I select or upload other files beyond what the CSV format needs?
These files will be ignored and not moved over for SDS to pick up for the next run. They'll be removed from the cache after two days.
I use the SDS (Classic) Power Automate CSV Upload, with there be an update to support SDS?
Yes, you can automate CSV Upload with Power Automate. This provides the ability for IT admins to automate CSV uploads from exports from their SIS / SMS. Instead of manually uploading data changes from source data, a Power Automate template is available to assist with uploading those data changes to SDS.
In SDS (Classic) I only needed to upload CSV files that have data changes in them. Is this still the same in SDS?
No. You MUST upload all the same files that were provided with prior uploads. If not the data associated with the missing files and their records will be identified 'no longer active' for the current academic session in the next run. (If you need to, you can upload all data files again to process for the next run to reactivate the data).
If we manually remove a user or section, will they reappear when we synchronize again?
It’s a best practice to make changes in your connected source data instead of directly changing it in Microsoft 365 groups or Teams. SDS can overwrite manually updated class rosters.
If you delete roster members directly from Microsoft 365 groups or Teams, SDS may may add them back unless they are also removed from the connected source data.
Reset or delete and new creation of the Microsoft 365 groups and Teams provisioning configuration always reprocesses all data from the connected source data. Data may also be reprocessed at other times.
Example 1:
A class is synchronized with a teacher and students
The teacher goes to add a coteacher to the class
The class is later synchronized with no changes to teacher enrollment
(Correct behavior) The coteacher's membership is unaffected
The class is later synchronized with the coteacher added
(Correct behavior) the coteacher's membership is unaffected
The class is later synced with the coteacher removed
(Correct behavior) The coteacher is removed from the class
Example 2:
A class is synchronized with a teacher and students
The teacher goes to remove a student from the class
(Correct behavior) The student may be added back on a subsequent sync, unless the student is also removed from the connected source data
The class is later synced with the student readded
(Correct behavior) The student is readded to the class
What do Microsoft Entra Connect and SDS do and how can they work together?
Microsoft Entra Connect syncs on-premises Microsoft Entra users, groups, and objects to Microsoft Entra ID in Microsoft 365.
SDS synchronizes other student and teacher attributes from the Student Information System (SIS) with existing users already synchronized and created by Microsoft Entra Connect. Adding student and teacher attributes evolves the identity and enables apps to provide richer user experiences based on these distinguishable attributes and education personas. SDS allows you to automatically create class groups and Teams within Teams for Education, OneNote Class Notebooks, and class rostering for third party application integration. Microsoft Entra Connect and SDS will never conflict, as SDS won't synchronize or overwrite any attribute managed by Microsoft Entra Connect. SDS also provides the option to create new users. If you don't want to synchronize and create them with Microsoft Entra Connect from your on-premises AD you can use SDS to synchronize and create them directly from your SIS/SMS data.
I'm not seeing my data for the next academic year. Is there anything I need to do?
When it's time to transition to the next academic school year you need to start the transition process. These steps are similar to when you initially on boarded and created your prior connect data configuration.
The process doesn't require you to re-create new Microsoft 365 managed data configurations. The existing configurations will persist after the transition steps have been completed for the next academic school year or session. The next run will start processing the new academic session data.
In SDS (Classic) I currently use the SDS V1 file format, can I still use it with SDS?
Ability for IT admins to provide SDS v1 CSV file format to upload to the new SDS experience natively. This feature also allows the ability for a tenant that is using SDS just for user management scenarios, and not class groups, you only need to provide the organizations (school.csv) and users (student.csv & teacher.csv) files.
Transitioning to the new SDS experience should only be performed as part of back-to-school or academic session transition events and shouldn't be done within an active school year to avoid potential user disruptions.
Not all fields are supported to bring data into the new SDS experience based on the v1 format. You find the unsupported fields noted in SDS v1 CSV File Format under column Required? as data not supported. Also, Grade values and Course Subject values passed must align to their corresponding List of Values (ENUM) codes.
I noticed that SDS does not support all the (Classic) formats. What format options do I need to move to?
Customers using other SDS (Classic) formats need to move to supported formats:
In SDS (Classic) I currently use the SDS v1 file format, UK file format, and/or Clever file format. I want to move to SDS with SDS v2.1 CSV. What should I do?
Switching between formats should only be performed as part of back-to-school or academic session transition events and shouldn't be done within an active school year to avoid potential user disruptions.
User matching for existing users is done as part of the connect data configuration and not immediately written to the Microsoft Entra user object, follow the steps for Data Ingestion with SDS v2.1 CSV
In SDS (Classic) I currently use the SDS V2 file format. I want to move to SDS with SDS V2.1 CSV. What should I do?
To transition from V2 CSV to V2.1 CSV, tenants should provide data in the SDS V2.1 CSV file format.
Configure Manage data as needed based on the scenarios you need SDS to support.
Can I transition to the new experience during the middle of the school year?
It is recommended that transitioning to the new experience should only be performed as part of back-to-school or academic session transition events and shouldn't be done within an active school year to avoid potential user disruptions.
I currently use the Sync Profile Management APIs available through Education Graph API. Will there be a replacement supporting SDS?
Support for onboarding, monitoring, and management of SDS is available through the IndustryData Graph API.
Does SDS support ability to reuse a class between academic sessions or academic years?
There's support but there are limitations and caveats.
For the subscription there can only be a single active Academic Year configured and associated with the active connect data configuration.
Data in the data cache for Roster data is segmented with at least an Academic Year association based on the Admin configured Academic Year for the active connect data configuration.
Academic Session data, for example, Fall Semester / Spring Semester, is linked to the Admin configured Academic Year for the active connect data configuration.
Supplied Academic Session data and dates, from the source data, is parented with the defined Academic Year. Manipulation of Academic Session dates outside of the bounds of the active Academic Year could have unsupported downstream effects.
If the source system supplies the same sourcedId value for a Class between Academic Sessions and / or Academic Years, SDS reuses the same Microsoft Entra group, as long as the Classes Microsoft Entra group hasn't been archived / processed to mark Classes expired with Group / Section cleanup options.
When SDS creates and manages the Class / Microsoft Entra group, based on the supplied Class record from the source, the Microsoft Entra group attribute is stamped with the SIS ID value that matches the sourcedId value for the corresponding Class record. This allows SDS to link the Class to reuse the same Microsoft Entra group.
As Class Group Memberships / Enrollments are processed during the same SDS Academic Year, changes are processed as data is supplied.
If any manual changes are made to memberships that are not present / managed by the source data, those memberships are retained only in the Microsoft Entra group membership data and not be reflected in the data cache for Roster data.
If the Classes Microsoft Entra groups are archived / process to mark the Classes as expired, with the Group / Section clean up options, SDS recognizes the Class as being new and create a new Class / Microsoft Entra group in the subsequent run.
As Class Group Memberships / Enrollments are processed when transitioning to a new SDS Academic Year, any manual changes made, and weren't recognized in the data coming from the source system data, won't be recognized in the data cache for Roster data and reflects what is defined in the source system. The manual membership changes are retained in the Microsoft Entra group membership data.
It's always recommended that the source system contains all the membership changes and are processed through SDS rather than relying on performing them manually.
If the need is to have the Class Group Memberships / Enrollments managed from the source system, and not persisted from one Academic Year to the next, for a Class / Microsoft Entra group, the source data must stop providing the enrollments records. The Class Group Memberships / Enrollments must not exist in the supplied source data to be processed before the SDS connect data configuration expires for the active Academic Year.
If not the Admin needs to manually remove the records from the Microsoft Entra group.
Some of my students and staff are enrolled in two academic units. How do I make sure that their data is reflected in both units, especially for Education Insights experiences?
With SDS V2.1 CSV format and OneRoster API, a user can be associated with more than one organization unit (for example, students who are registered in a special program at another facility). For SDS V2.1 CSV format, the tenant needs to provide two lines in the roles.csv file for that student – one for each organization association.
SDS V2.1 CSV format also supports users that have different roles at different organizations. Provide two lines in the roles.csv for the user, organization, and role combination and mark one of the roles as isPrimary = true.
In SDS (Classic) Settings page there are toggle options to manage Insights data. Where are these managed now?
In SDS (Classic) there were two toggle options available, under the Manage Education Insights section. One for Collect activity data for Insights and the other Allow Advanced Inferences. Both toggles are moved from managed as part of SDS to the Teams Admin | Insights Admin experience.
How is the isPrimary value processed with the connect data configuration?
For SDS V2.1 CSV
isPrimary indicates if this role is the primary (true) or secondary (false) role for that organization. Default value is false.
If passing multiple roles, for the same user and same org, there should be one ‘active’ primary role for the organization.
If isPrimary is set to true on multiple records (same user, multiple roles, same organization).
Write the data as received but identify the records as warnings.
If tenant doesn't like the handling, they need to provide the desired isPrimary role / record from the source data.
If multiple roles are passed for the same organization, and isPrimary isn't set to ‘true’ for one of the roles.
Write the data as received but identify the records as warnings.
If tenant doesn't like the handling, they need to provide the desired isPrimary role / record from the source data.
OneRoster v1.1 API
Specification only allows passing one role per user.
They can pass in the same role for a user to multiple organizations.
Since one role per organization then records is marked as isPrimary ‘True’.
How are user identity match rules determined when multiple roles and/or organizations are associated to a user?
When a user has multiple roles, the following rules are used to determine what staff or student match rules should be used between the user record and the Microsoft Entra user object.
If isPrimary is set for all student roles, even if association to a staff role exists, the match is made based on the student role.
If isPrimary is set for any staff role, even if association to a student role exists, the match is made based on the staff role.
If isPrimary is set for both staff and student role, the match is made based on the staff role.
If isPrimary isn't set for any roles, especially with a mix for both staff and student roles, the match is based on the staff role.
If the user is also associated with multiple organizations, the following is also used to determine the value when writing the role to the Microsoft Entra user object.
Utilize the Organization Role Sort Order value for the highest organization role to set to the Microsoft Entra user object.
Today, when I set up OneRoster in SDS (Classic) there is an option to select schools. I do not see this in SDS. Will there be equivalent support added to limit user and class group data that is managed to Microsoft 365?
To improve data acquisition speed and reduce load on OneRoster API providers environments, SDS has made improvements to how it acquires connected data and no longer performs intensive data looks ups by school.
To prevent certain schools from being included in the data being provided from the SIS to SDS, you need to work with your Provider for how to configure what schools are included for the connection / credentials being used to link SDS to your SIS.
SDS includes support for Organization Filters as part of the managed data configurations. When enabling the Managed data provisioning type scenarios, you can provision a subset of the users or classes ingested from the connected data, by picking which organizations you provision forward into Microsoft Entra ID. This will allow all the users and classes within other organizations to be ignored for provisioning.
Today I use PowerSchool Rest API, via Plugin, to connect data with SDS (Classic). Are there plans for Rest API or equivalent support with SDS?
The legacy PowerSchool Rest Plugin used with the School Data Sync (Classic) experience will be sunset beginning July 1, 2024. Data access using this method is not available in the new School Data Sync experience.
School Data Sync supports data ingestion for PowerSchool customers through import of CSV files formatted SDS v2.1 CSV schemas.
As a PowerSchool SIS customer, you will need to adopt SDS CSV file upload in SDS v2.1 CSV format (SDS v1 CSV is not recommended). For more information on how to extract CSV files from your PowerSchool SIS, see Export Data Using the Data Export Manager found in PowerSchool docs.
Today in SDS (Classic) I can provide guardian integration through CSV data even though my user and class data are provided by OneRoster API. Am I still able to provide data via CSV or does my provider need to support providing the data through the API?
We call this slide loading, and this won't be supported with the new SDS experience.
We have communicated guidance for general OneRoster API support to all current providers. You can help by following up and asking your provider to include support for including contacts data as part of their data integration. Share Onboarding Guidance for OneRoster API Providers for SDS article with your provider so they can update support and work with the SDS Deployment Engineering team to validate support and update their Profile.
Why am I seeing errors and/or warnings raised in SDS from data runs?
The Education Data Lake Export is showing 'Critical error' for the status. What should I do?
If the Education Data Lake Export status card shows 'Critical error' for the status, this means there's a problem when processing data. If it's been more than 24 hours and you continue to see the same status, contact support.
I configured Manage data right after setting up my connect data configuration, but the managed data sync status shows 'Skipped'. What does this mean?
If you see a status of Skipped, it means that the configuration wasn't included in the current or last Run. This scenario is seen when there's an active run and a request was made to add or update your configuration. The new Manage data configuration will be included in the next sync run.
In SDS (Classic) I could delay student access until a date specified when creating the Sync Profile. I do not see that option in SDS. How do we now delay student access to their classes?
While “delay enrollment” is not an explicit checkbox/option in new SDS (as it was in Classic), the functionality is still easily available.
To delay enrollment for students, configure the Class Group / Enrollment roles as follows:
Navigate to Configuration -> Manage Class Group Details -> Enrollment Roles
Set these values for the following roles:
Owners: Teacher
Members: (none)
When you are ready to publish schedules to students, return to this page and set the Members value to include Students.
How can I delay student access to Teams prior to start of school?
School Data Sync and Microsoft Teams for Education has improved this process to empower educators to control the timing when students have access to Class Teams. When using SDS to automate the creation of the Class Team, educators have early access to the Class Teams.
When the educator is ready, they can activate the class to allow students and other group members access.
Team creation: If Checked, when the Class group is created a request is sent for Teams to create a Class Team based on the Class group.
If option is Checked:
For Educators, or group owners that are using the created Class Teams from SDS they have early access before the students and other group members. When the educator is ready, they can select Activate to allow students and other group members access.
If option is Not Checked:
For Educators, or group owners, where SDS isn't creating Class Teams, they can create Class Teams from SDS Groups. When the educator is ready, they can select Activate to allow students and other group members access.
I see a prompt for 'Ready for next academic session?'. Can I create a new Manage data configuration?
Ability to Create new configuration button will be enabled only after completing the steps to get ready for the next academic session. Select Ready for next academic session when you're ready with your new SIS data for the next academic session.
After I onboarded to SDS and created a Managed data configuration, why are my SDS (Classic) sync profiles stopped?
Sync Profiles are stopped to prevent issues where both SDS and SDS (Classic) are managing a tenants Microsoft 365 users, groups and class Teams. Not doing so would result in creating data conflicts or overwriting data. The system detects if there are active SDS (Classic) sync profiles and will stop them from running. Additionally the ability to interact with the SDS (Classic) sync profiles is prevented. The only interactions that are allowed are to select and view and SDS (Classic) sync profile and delete.
I have onboarded SDS and want to delete my SDS (Classic) sync profiles, but I see portions of the interface don't allow for any interactions. How do I delete them?
There are two ways to delete your SDS (Classic) profiles. This process doesn't interact with SDS or the data that SDS is managing in any way.
After navigating to SDS (Classic), you can navigate to each sync profile individually by using the navigation on the left. Select a sync profile and a dialog box is presented with an option to delete the sync profile. Select the option and follow the remaining prompts to complete the process. Repeat the step for each of your SDS (Classic) sync profiles.
After navigating to SDS (Classic), you can navigate to the Settings page. A dialog box is presented with an option to delete all SDS (Classic) sync profiles. Select the option and follow the remaining prompts to complete the process.
How can I use SDS Security Groups to create a Conditional Access Policy to block students from using third party apps?
Important
SDS (Classic) TRANSITION CUSTOMERS: Based on the group splits selected, SDS may not bind to (Classic) Security Groups and associate memberships. You may need to review and apply any configuration settings based on your previous (Classic) Security Groups to the new ones created by SDS. The check and updates will need to happen after the first run has completed for the Security Groups flow as part of your transition steps.
For Assignments->Users and Groups, select the security group you created from School Data Sync.
For Assignments->Cloud Apps, include “All cloud apps” and exclude “Microsoft applications”
For Access Controls-> Conditions, select “Block Access”
Select Enable Policy
Select Save
You may customize this conditional access policy to allow the group of students to also use specific third-party applications. Go to Assignments -> Cloud Apps -> Exclude Select the third party applications you want to allow, then save the policy.
How can I use SDS Administrative Units to allow teachers password administration role to reset student passwords in Microsoft 365 Admin Portal?
First, enable the Administrative units provisioning with the option selected for Organizations + Role Groups. During the subsequent run, SDS creates Administrative Units by Organization + Role Group combination. The option allows the ability for permitted teachers to perform delegated IT administration for students of the school administrative unit.
How do I 'Mark students as minors' for only a subset of students?
The instructions to enable the option during User provisioning to Mark students as minors apply to all users with organization role of student. If you prefer to apply these protections to a subset of your students, use PowerShell and Microsoft Entra ID. The outcome sets the AgeGroup and ConsentProvidedForMinor user properties. The net result of setting the two properties is the attribute of LegalAgeGroupClassification set to MinorWithParentalConsent.
Create a list of the students you want to mark as minors
You can use any method to create this list. For your convenience, Microsoft has provided a script that creates a list of all users with a Microsoft 365 Education for Students license.
Mark these students as minors
You can mark these students as minors so that Microsoft and third-party applications can treat them as such. Microsoft has provided a script to mark the list of students you generated previously as minors.
What happened to the academic year prompts when connecting data?
For customers onboarding or transitioning from (Classic) the platform hardcodes the Academic Year value to 2025. As such, the system behaves as it did prior with associations for Section and Section Session. SDS will continue to work this way to support customers who are actively using Education Data Lake Export feature.
This module teaches education partners about more advanced School Data Sync features in preparation for the SDS Professional assessment. Part of the Partner Success Series.