Skip to main content
News and Announcements icon
Community site session details

Community site session details

Session Id :
Power Platform Community / Forums / Power Automate - Using Connectors / Azure AD connector
Power Automate - Using Connectors
Answered

Azure AD connector

(0) ShareShare
ReportReport
Posted on by Preddy 16

Team, Need your help on using the Azure AD connector and the appropriate permissions to assign both at a connector level in my team's dedicated DLP policy and also in Azure AD.

 

The user case is to retrieve specific information (employee id) from the user's profile from a Power Automate Flow. Questions

 

* When enabling the connector in my team's DLP policy, can we only enable the "Get User" action and disable all other actions  such as "Update user", "Create user" and so on.

* And what minimum permissions need to be granted in Azure AD to use the "Get User" action. 

 

Thanks in advance!

 

Regards,

Preddy

 

 

  • Preddy Profile Picture
    Preddy 16 on at
    Re: Azure AD connector

    @v-chengfen-msft Just another quick follow up question. Is Directory.Read.All still required if the requirement is to only read specific user's profiles? Thanks!

  • Preddy Profile Picture
    Preddy 16 on at
    Re: Azure AD connector

    @v-chengfen-msft Thank you.

     

  • Verified answer
    Preddy Profile Picture
    Preddy 16 on at
    Re: Azure AD connector

    Thank you @v-chengfen-msft  You made my day!

     

    Greatly appreciate your inputs. This was exactly what I was looking for. 

     

    Thanks again!

     

    Regards,

    Preddy

  • v-chengfen-msft Profile Picture
    v-chengfen-msft on at
    Re: Azure AD connector

    Hi @Preddy ,

    To answer your questions:

    1. Yes, you can enable only the "Get User" action and disable all other actions in your team's DLP policy. To do this, follow these steps:

      • Go to the Data Loss Prevention page in the Microsoft 365 compliance center.
      • Select your team's DLP policy and click Edit.
      • In the Policy settings section, click Azure AD connector.
      • In the Connector settings section, under Actions, select only the "Get User" action and unselect all other actions.
      • Click Save to save the changes.

    2. To use the "Get User" action in Power Automate, you need to have the following minimum permissions in Azure AD:

      • Directory.Read.All: This permission allows you to read all the properties of all users in the organization.
      • User.Read.All: This permission allows you to read all the properties of a specific user in the organization.

    You can grant these permissions by following these steps:

    • Go to the Azure portal and sign in with your administrator account.
    • Go to the Azure Active Directory page.
    • Click App registrations and select the app registration that you're using for the Azure AD connector.
    • Click API permissions and then Add a permission.
    • Select Microsoft Graph and then Application permissions.
    • Select Directory.Read.All and User.Read.All permissions and then click Add permissions.
    • Click Grant admin consent for [your tenant name] to grant the permissions to your app registration.

    Once you have granted these permissions, you can use the "Get User" action in your Power Automate flow to retrieve the employee ID from a user's profile.

    I hope this helps! Let me know if you have any further questions.

     

    Best Regards

    Cheng Feng

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

News and Announcements

Now Available: 2025 Release Wave 2
Welcome to the Power Platform Communities

Quick Links

Paul Stork – Community Spotlight

We are honored to recognize Paul Stork as our July 2025 Community…

Congratulations to the June Top 10 Community Leaders!

These are the community rock stars!

Announcing the Engage with the Community forum!

This forum is your space to connect, share, and grow!

Leaderboard > Power Automate

#1
Michael E. Gernaey Profile Picture

Michael E. Gernaey 497 Super User 2025 Season 1

#2
David_MA Profile Picture

David_MA 436 Super User 2025 Season 1

#3
Riyaz_riz11 Profile Picture

Riyaz_riz11 244 Super User 2025 Season 1

Last month Overall leaderboard

Featured topics

Product updates

Microsoft Power Platform Community release plans