| title | description | audience | ms.date | author | ms.topic | ms.custom |
|---|---|---|---|---|---|---|
Monitor data consent requests with Microsoft 365 Admin Center and PowerShell |
In this section, you will configure your Microsoft 365 tenant and enable it to use Data Connect. |
Developer |
04/30/2021 |
fercobo-msft |
tutorial |
scenarios:getting-started, languages:ASP.NET |
A Microsoft 365 administrator has the ability to approve or deny consent requests. This can be done via the Microsoft 365 Admin Center or programmatically via PowerShell.
-
Open a browser and go to your Microsoft 365 Admin Portal.
-
To approve or deny consent requests, go to Privileged Access.
-
Select a pending Data Access Request.
-
In the Data Access Request call out, select the Approve button.
-
Open Windows PowerShell.
-
Ensure that your PowerShell session has enabled remotely signed scripts.
Set-ExecutionPolicy RemoteSigned -
Connect to Exchange Online.
-
Obtain a sign in credential by executing the following PowerShell. Sign in using a different user than one that created and started the Azure Data Factory pipeline, who has the Global administrator role applied, who is a member of the group that has rights to approve requests to data in Microsoft 365, and has multi-factor authentication enabled.
$UserCredential = Get-Credential
-
Create a new Exchange Online PowerShell session and load (import) it.
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.protection.outlook.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection Import-PSSession $Session -DisableNameChecking
[!IMPORTANT] After you are finished with this session, be sure you you disconnect from the session using the PowerShell command
Remove-PSSession $Session. Exchange Online only allows for three open remote PowerShell sessions to protect against denial-of-service (DoS) attacks. If you simply close the PowerShell window, it will leave the connection open.
-
-
Get a list of all pending data requests from Microsoft Graph data connect by executing the following PowerShell.
Get-ElevatedAccessRequest | where {$_.RequestStatus -eq 'Pending'} | select RequestorUPN, Service, Identity, RequestedAccess | fl
-
Examine the list of data access requests returned. In the following image, notice there are two pending requests.
-
-
Approve a data access returned in the previous step by copying the Identity GUID of a request by executing the following PowerShell.
[!NOTE] Replace the GUID in the following code snippet with the GUID from the results of the previous step.
Approve-ElevatedAccessRequest -RequestId fa041379-0000-0000-0000-7cd5691484bd -Comment 'approval request granted'
-
After a few moments, you should see the status page for the activity run update to show it is now extracting data.
-
This process of extracting the data can take some time depending on the size of your Microsoft 365 tenant.
-
Open a browser and go to your Azure Portal.
-
Sign in using an account with Global administrator rights to your Azure and Microsoft 365 tenants.
-
On the sidebar navigation, select the All resources menu item.
-
In the list of resources, select the Azure Storage account you created previously in this tutorial.
-
On the sidebar navigation menu, select Blobs from the Azure Storage account blade.
-
Select the container created previously in this tutorial that you configured the Azure Data Factory pipeline as the sink for the extracted data. You should see data in this container now.
