M365 Changelog: Microsoft Graph connectors: Sync your non-Azure AD users and groups to support search permissions

MC262401 – Microsoft Graph connectors for Microsoft Search now supports syncing of non-Azure AD users/groups from your external data source with your Azure AD users/groups so that your end users can see search results permissioned to them.

The following Microsoft-built connectors support this functionality:

During the connection configuration process, you can choose Only people with access to this data source on the Manage search permissions screen. For the ServiceNow and Salesforce connectors, you may have to provide a set of mapping rules to map your non-Azure AD users to your Azure AD users. At the end of connection setup, your non-Azure AD users/groups will sync with your Azure AD users/groups along with your content. This will ensure that your end users see searched content permissioned only to them. 

This message is associated with Microsoft 365 Roadmap ID 82051

When this will happen

Microsoft expects the standard release rollout to being early July and expect the rollout to be completed by late July.

How this will affect your organization

If your organization has non-Azure AD users and/or groups used to permission your connector content for ServiceNow, Azure DevOps, or Salesforce, you can now benefit from syncing your non-Azure AD users and groups to support search permissions on your external content.

What you need to do to prepare

If you would like to sync your non-Azure AD users and groups with your Azure AD users and groups to support search permission for Graph connectors, go to the Data sources tab in the M365 admin center to configure your Graph connector and surface external content in Microsoft Search results. If you already have an existing ServiceNow, Azure DevOps, and/or Salesforce connector, you must delete and recreate the connection with the appropriate configuration in order to sync your non-Azure AD users/groups.