New admin role in Microsoft Entra ID: Microsoft Graph Data Connect Administrator

Microsoft has added a new admin role to Entra ID: Microsoft Graph Data Connect Administrator

Until now, users have sometimes needed the Global Administrator role to perform tasks with Microsoft Graph Data Connect.

You can use Microsoft Graph Data Connect to access your Microsoft 365 data for enterprise analytics. Data Connect provides secure, scalable access to relevant Microsoft 365 datasets in Microsoft Fabric, Azure Synapse, and Azure Data Factory.

For example, I am using Graph Data Connect to import OneDrive Sync Health information into Azure Synapse, as described by Jose (a very good description).

The new Microsoft Graph Data Connect Administrator role is designed for users responsible for managing and overseeing all aspects of Microsoft Graph Data Connect within a Microsoft 365 tenant. This role grants full administrative access, allowing users to configure, control, and govern the use of Microsoft Graph Data Connect services.

Key responsibilities of this role include managing the tenant-level settings for Microsoft Graph Data Connect, such as enabling or disabling the service entirely and configuring dataset workload selections. Administrators can also set up and manage cross-tenant data movement, which involves regulating how data can flow between different Microsoft 365 tenants.

Additionally, users with this role have the authority to view, approve, or deny application authorization requests, ensuring that only trusted apps can access Microsoft Graph Data Connect data. They also have control over application registrations, with the ability to view, create, update, or delete these registrations as needed for data access and integration.

Microsoft Graph Data Connect Administrator
Assign the Microsoft Graph Data Connect Administrator role to users who need to do the following tasks:

• Access the full set of administrative capabilities of Microsoft Graph Data Connect
• Manage Microsoft Graph Data Connect settings in a tenant
• Enable or disable the Microsoft Graph Data Connect service
• Configure dataset workload selections in Microsoft Graph Data Connect
• Configure cross-tenant data movement settings in Microsoft Graph Data Connect
• View, approve, or deny application authorization requests for Microsoft Graph Data Connect
• View, create, update, or delete application registrations for Microsoft Graph Data Connect

The template ID is ee67aa9c-e510-4759-b906-227085a7fd4d.