Share via

Import organizational data with Azure Blob Storage connector

In this document, you'll learn how to import organizational data into the Microsoft 365 environment with Azure Blob Storage.

With an Azure Blob Storage connector, your Azure Administrator creates a blob container on the Azure portal, and the Organizational Data Source Administrator configures a periodic export from the data source system to the blob container's location. Then, in the Microsoft 365 admin center, the Organizational Data Source Admin sets up the Azure Blob Storage connector to regularly poll the container and pull new .csv files containing the organizational data.

To set up an Azure Blob Storage connector there are five steps you must follow:

  1. Download the .csv template
  2. Set up your Azure Blob Container
  3. Authorize Service Principal
  4. Set up Periodic Exports to Azure Blob Storage
  5. Set up Your Azure Storage Connector in the Microsoft Admin Center

There's an additional service principal provisioning required for Organizational Data Source Administrators to use Azure Blob Storage connectors. This provisioning must be completed by a Microsoft 365 Global Administrator. If service principal provisioning hasn't been completed, you'll see this notification when you select the connection type:

A screenshot shows the notification if service principal provisioning hasn't been completed.

Ask a global admin to log into Organizational Data in Microsoft 365 and the provisioning will begin automatically. Once complete, you'll be able to use this connection type.

Step 1: Download the .csv template

Applies to: Organizational Data Source Administrator

  1. Sign in to the Microsoft 365 admin center as a user with Organizational Data Source Administrator permissions.

  2. On the Organizational Data in Microsoft 365 page (under Setup > Migration and imports), select Get started (if this is the first time you're importing data) or New import.

  3. On the Select connection type page, select Start Blob Storage setup.

  4. Select the apps and services with which to share data, and select Next to move forward.

  5. On the Preparation and set up overview page, select Download template.

Step 2: Set up your Azure blob container

Applies to: Azure Administrator

Ask your Azure admin to create a secure blob container on the Azure portal. The blob store location should be secure for sensitive organizational data, and it needs to be set up in your Azure subscription.

  1. Open a browser and sign in to your organization's Azure portal.
  2. Under Azure services, select Storage accounts.
  3. Under Storage accounts at the top left, select Create to set up a new storage account.
  4. Under Project details, use the default settings.
  5. Under Instance details, enter a storage account name and select your region. For Primary service, use a Gen 2 Storage account that supports hierarchical namespace.
  6. For Performance and Redundancy, you can use the default settings unless you need to make changes.
  7. At the bottom, select Next to go to Advanced section.
  8. On the Advanced page, select Require secure transfer for REST API operations and Enable storage account key access. For "Minimum TLS version," select at least Version 1.2. Select Enable hierarchical namespace.
  9. For all other Advanced settings, you can use the default settings unless you need to make changes.
  10. At the bottom, select Next: Networking.
  11. Under Network connectivity, select Enable public access from all networks.
  12. Under Network routing, select your routing preference.
  13. At the bottom, select Next: Data protection.
  14. On the Data protection page, you can use the default settings unless you need to make changes.
  15. At the bottom, select Next: Encryption.
  16. On the Encryption page, you can use the default settings unless you need to make changes.
  17. At the bottom, select Next: Tags.
  18. Optional: Add tags to the account.
  19. At the bottom, select Next: Review.
  20. Review your selections. Then, at the bottom left, select Create.
  21. On the next page, a message will appear that says, "Deployment is in progress." Once deployment is complete, your storage account and its settings will appear.
  22. On the left, under Data storage, select Containers.
  23. To create a new container, at the top, select Container. Then, on the right, enter a name for the container. At the bottom, select Create.

See more detailed information about how to set up a blob container.

Step 3: Authorize service principal

Applies to: Azure Administrator, Microsoft 365 Global Administrator, Organizational Data Source Administrator

Once the blob container is set up, follow these steps:

  1. Service principal provisioning must be completed in the Microsoft 365 admin center.
  2. The Azure admin authorizes the service principal and securely shares the blob URL with the organizational data source admin.

To complete service principal provisioning in the Microsoft 365 admin center, follow these steps:

  1. Log into the Microsoft 365 admin center with a global admin account.
  2. Under the navigation on the left, select Setup.
  3. Under Setup, select Migration and imports.
  4. In the Tools to migrate or import data table, select Organizational Data in Microsoft 365.
  5. Select Get started to advance through the screens.
  6. Once you've finished, select Start an upload. Your tenant will start to provision. This can take up to 15 minutes.
  7. Once provisioning is complete, you'll be automatically redirected to Select connection type. A banner will confirm service principal provisioning has been completed.

Once the service principal provisioning is complete in the Microsoft 365 admin center, the Azure admin authorizes the service principal and securely share the blob URL with the organizational data source admin.

  1. Open a browser and sign in to your organization's Azure portal.
  2. Navigate to the storage account and container you created in Step 2: Set up your Azure blob container.
  3. On the left panel, select Access Control.
  4. At the top, select Add, then select Add role assignment.
  5. In the list of roles, find and select Storage Blob Data Reader.
  6. Next to Members, select Select members. In the search field on the right, enter Organizational Data in Microsoft 365, and select it. If you can't find the app in the list, that means you haven't yet completed the service principal provisioning with this tenant in the Microsoft Admin Center. Complete those steps and wait for about 10 minutes before trying again.
  7. At the bottom left, select Review + assign.
  8. On the left panel, under Data storage, select Containers.
  9. Select the storage container you created in the above steps.
  10. On the left panel, under Settings, select Properties.
  11. Copy and securely share the URL with the organizational data source admin.
  12. Let the source system admin know, who will populate the data in this container. They'll need Storage Blob Data Contributor access.

Learn more about how to authorize a service principal.

Step 4: Set up periodic exports to Azure Blob Storage

Applies to: Organizational Data Source Administrator

  1. To ensure you have fresh data sent to Microsoft from your HRIS system, set up periodic exports from Azure Blob Storage to Microsoft.
  2. Before exporting your data, prepare your file with all the required and reserved attributes you want.
  3. Send your data to the Azure Container created in Step 2.

Step 5: Set up your Azure storage connector in the Microsoft 365 admin center

Applies to: Organizational Data Source Administrator

Once you've (1) set up the Azure Blob Container, (2) the service principal has been authorized (the blob URL has been shared with the organizational data source admin), and (3) you've configured the periodic exports, it's time to finish setting up the connector in the Microsoft 365 admin center.

  1. Start the import from the Data Connections page on the Organizational Data in Microsoft 365 page (Home > Setup > Migration and imports > Organizational Data in Microsoft 365 > Data Connections).
  2. Select Get started (if this is the first time you're importing data) or New import (if you haven't yet imported data).
  3. On the Select connection type page, select Start Blob Storage setup.
  4. Select the apps and services with which to share data, and select Next to move forward.
  5. On the Setup and preparation page, select Next to move forward.
  6. On the Azure Blob Storage connection page, enter a connection name, and the Azure blob authentication URL that was shared with you.
  7. Select Next.
  8. Follow the on-screen prompts to import attribute headers, map attributes, and give attribute access. Select Next to move forward.
  9. Review your connection details, then select Connect.

Note

If you set up periodic exports, your data will be validated for Viva and Microsoft 365 services requirements. If you haven't configured periodic exports, the connector will be set up, but data won't be pulled into the system to be validated. Instead, you'll see an "Awaiting connection" status on the Data connections tab in the Microsoft 365 admin center. Selecting that connection shows that the data source admin hasn't configured the periodic exports. You'll be prompted to reach out to them to get that process started.

Subsequent uploads

Azure blob storage connectors check every 15 minutes if there's new data available to import.

If there aren't any changes to the attributes you're importing -- only new rows of data -- you don't need to do anything for this data to be imported, validated, and shared. The connector takes care of this process automatically, and any validation errors are flagged. You should check back in periodically if you notice anything unexpected with your data to see if there are validation errors.

There are two ways to import new attributes.

Option 1

Follow the steps described above in the View attribute mapping section for Azure Blob connectors.

Option 2

  1. In the Microsoft 365 admin center, under Settings on the left, select Setup.

  2. Under Setup, select Migration and Imports.

  3. Under the Tools to migrate or import data table, select Organizational Data in Microsoft 365.

  4. On the Organizational data in Microsoft 365 page, select Data connections.

  5. On Data connections, select New import.

  6. On Select connector type, select Start Blob Storage setup.

  7. When you're asked to edit your existing connection, select Edit connection.

    A screenshot shows the notification when you're asked to edit your existing connection.

  8. Follow the on-screen prompts to make your changes, using the same process for the first upload described above.

    Note

    For the Azure Blob connector, under the attribute mapping step, Imported attributes shows all attributes imported through this connector, not just the attributes included in the .csv file.

FAQ

How long does it take to set up the Azure Blob Container Connector?

Once you've (1) set up the Azure Blob Container, (2) the service principal has been authorized (the blob URL has been shared with the Microsoft 365 global admin), (3) the periodic exports have been configured, and (4) the Connector has been set up in the Microsoft 365 admin center, validation will start. Validation takes a few hours; however, it can take up to three days for your complete data upload to be available in the profile store.

  • Last updated on