Setting Up Azure Synapse Link with Managed Identity

Following up on my previous post, "Stepping Up the Game: Exporting Dataverse Tables to Azure Data Lake Gen2," this time, we’ll explore setting up Azure Synapse Link using Managed Identities.

Prerequisites

Install Required Modules

Install-Module -Name Az -AllowClobber -Force

Disable Execution Policy (if necessary):

Set-ExecutionPolicy -Scope Process -ExecutionPolicy Bypass

Login to Azure

az login

Select the appropriate subscription:

az account set --subscription "<your-subscription-name>"

Step-by-Step Setup

1. Register Subscription for Power Platform

Before proceeding, download and review the official documentation from Microsoft: Azure Synapse Link Managed Identity. Run the following script to register the subscription:

powershell -ExecutionPolicy Bypass -File "RouteToDownloadPath\Common\SetupSubscriptionForPowerPlatform.ps1"

This ensures that your Power Platform environment is properly linked to Azure.

2. Create an Enterprise Policy for Identity

Once the subscription setup is complete, execute:

powershell -ExecutionPolicy Bypass -File "RouteToDownloadPath\Common\Identity\CreateIdentityEnterprisePolicy.ps1"

This script will:

• Set up the Enterprise Policy for Power Platform.
• Configure Managed Identity authentication.
• Assign permissions necessary for the integration.

3. Verify Policy Creation

After running the script, confirm the policy exists using Azure Resource Graph Explorer:

resources | where type == 'microsoft.powerplatform/enterprisepolicies'

You should see an output listing your Enterprise Policies, including their regions and associated managed identities.

Once identified our new Enterprise Policy, go all the way to the left, click on "See details" and a side panel will open on the right. To perform the final step of this setup, we will be using the "id" field, which happens to be the first one on this new list. Make sure to copy this id somewhere safe since we will be using it in the next step.

Note: Supported Azure Regions are only the listed below as per Feb 2025:

Azure Synapse Link with Managed Identity supports the following regions:

unitedstates, southafrica, uk, japan, india, france, europe, germany, switzerland, canada,
brazil, australia, asia, uae, korea, norway, singapore, sweden, centraluseuap,
eastus2euap, unitedstateseuap, eastus, westus, centralus

Ensure your resources are deployed in one of these regions.

5. Linking the Enterprise Policy

Once the policy is created, link it to your environment using:

powershell -ExecutionPolicy Bypass -File "RouteToDownloadPath\Common\Identity\LinkIdentityEnterprisePolicy.ps1"

After executing, verify the response:

{
  "StatusCode": 202,
  "StatusDescription": "Accepted"
}

This confirms that the policy was successfully linked.

Final Verification

To ensure the integration is complete, check the linked policies in Azure Resource Graph Explorer or via Power Platform Admin Center.

For further details, refer to Microsoft's official documentation: Azure Synapse Link Managed Identity