web
You’re offline. This is a read only version of the page.
close
Skip to main content

Notifications

Announcements

Welcome to the Power Platform Communities
Season of Giving Solutions is Here!
Explore Copilot Studio Forums, Blogs & Galleries!
News and Announcements icon
Community site session details

Community site session details

Session Id :
Power Platform Community / Forums / Power Automate / Azure AD connector
Power Automate
Unanswered

Azure AD connector

(0) ShareShare
ReportReport
Posted on by Preddy 16

Team, Need your help on using the Azure AD connector and the appropriate permissions to assign both at a connector level in my team's dedicated DLP policy and also in Azure AD.

 

The user case is to retrieve specific information (employee id) from the user's profile from a Power Automate Flow. Questions

 

* When enabling the connector in my team's DLP policy, can we only enable the "Get User" action and disable all other actions  such as "Update user", "Create user" and so on.

* And what minimum permissions need to be granted in Azure AD to use the "Get User" action. 

 

Thanks in advance!

 

Regards,

Preddy

 

 

Categories:
Using connectors
I have the same question (0)
  • v-chengfen-msft Profile Picture
    v-chengfen-msft on at

    Hi @Preddy ,

    To answer your questions:

    1. Yes, you can enable only the "Get User" action and disable all other actions in your team's DLP policy. To do this, follow these steps:

      • Go to the Data Loss Prevention page in the Microsoft 365 compliance center.
      • Select your team's DLP policy and click Edit.
      • In the Policy settings section, click Azure AD connector.
      • In the Connector settings section, under Actions, select only the "Get User" action and unselect all other actions.
      • Click Save to save the changes.

    2. To use the "Get User" action in Power Automate, you need to have the following minimum permissions in Azure AD:

      • Directory.Read.All: This permission allows you to read all the properties of all users in the organization.
      • User.Read.All: This permission allows you to read all the properties of a specific user in the organization.

    You can grant these permissions by following these steps:

    • Go to the Azure portal and sign in with your administrator account.
    • Go to the Azure Active Directory page.
    • Click App registrations and select the app registration that you're using for the Azure AD connector.
    • Click API permissions and then Add a permission.
    • Select Microsoft Graph and then Application permissions.
    • Select Directory.Read.All and User.Read.All permissions and then click Add permissions.
    • Click Grant admin consent for [your tenant name] to grant the permissions to your app registration.

    Once you have granted these permissions, you can use the "Get User" action in your Power Automate flow to retrieve the employee ID from a user's profile.

    I hope this helps! Let me know if you have any further questions.

     

    Best Regards

    Cheng Feng

  • Verified answer
    Preddy Profile Picture
    Preddy 16 on at

    Thank you @v-chengfen-msft  You made my day!

     

    Greatly appreciate your inputs. This was exactly what I was looking for. 

     

    Thanks again!

     

    Regards,

    Preddy

  • Preddy Profile Picture
    Preddy 16 on at

    @v-chengfen-msft Thank you.

     

  • Preddy Profile Picture
    Preddy 16 on at

    @v-chengfen-msft Just another quick follow up question. Is Directory.Read.All still required if the requirement is to only read specific user's profiles? Thanks!

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

News and Announcements

Welcome to the Power Platform Communities
Season of Giving Solutions is Here!
Explore Copilot Studio Forums, Blogs & Galleries!

Quick Links

Forum hierarchy changes are complete!

In our never-ending quest to improve we are simplifying the forum hierarchy…

Ajay Kumar Gannamaneni – Community Spotlight

We are honored to recognize Ajay Kumar Gannamaneni as our Community Spotlight for December…

Congratulations to the November Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Power Automate

#1
Michael E. Gernaey Profile Picture

Michael E. Gernaey 522 Super User 2025 Season 2

#2
Tomac Profile Picture

Tomac 364 Moderator

#3
abm abm Profile Picture

abm abm 243 Most Valuable Professional

Last 30 days Overall leaderboard

Featured topics

Share your ideas and struggles with building Power Automate flows!
Survey: Power Automate mobile app
How to Ask for Help with Your Power Automate Workflow
Flows are not visible for users who sign in with their personal accounts
Start and wait for an approval action
Restore a deleted flow
List of actions cheat sheet for Power Automate Desktop
Question for everyone : How are you using Create Text GPT in AI Builder?
Welcome to the Power Automate forum!

Product updates

Microsoft Power Platform Community release plans