Share via

AzureDataLakeStore does not support MSI authentication in data flow.

Roby Saldana 0 Reputation points Microsoft Employee
2026-05-11T19:06:19.0966667+00:00

We are using MSI in Azure data but when we make a change to this pipeline even if not related (triggers) we are always seeing the same issue: AzureDataLakeStore does not support MSI authentication in data flow.

Would it be possible to make a change to that validation?

Azure Data Factory
Azure Data Factory

An Azure service for ingesting, preparing, and transforming data at scale.

0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. SAI JAGADEESH KUDIPUDI 3,215 Reputation points Microsoft External Staff Moderator
    2026-05-11T21:03:18.2166667+00:00

    Hi Roby Saldana,
    it looks like you’re running into a by-design limitation in mapping data flows:

    • The AzureDataLakeStore (Gen1) connector in data flows only supports service principal (app-ID/secret) or account-key authentication.

    • System-assigned or user-assigned managed identities (MSI) aren’t supported for the Gen1 connector, so every time you publish or validate you’ll hit that “does not support MSI” error.

    Right now you can’t override that validation. You have a couple of options:

    1. Switch your ADLS Gen1 linked service to use a service principal (app ID + secret) or an account key.
    2. Upgrade to Azure Data Lake Storage Gen2 (AzureBlobFS) – the Gen2 connector in mapping data flows does support MSI auth.

    If Gen1 + MSI in data flows is a hard requirement, you can submit a feature request on the Azure feedback site, but today the validation can’t be changed.

    Let me know if you need a hand converting your linked service or moving to Gen2!

    Microsoft Reference Links:

    ADLS Gen1 connector auth: https://docs.microsoft.com/azure/data-factory/connector-azure-data-lake-storage?tabs=data-factory#linked-service-properties

    ADLS Gen2 (AzureBlobFS) MSI support: https://docs.microsoft.com/azure/data-factory/connector-azure-data-lake-storage?tabs=data-factory#system-assigned-managed-identity

    Synapse/MSI overview: https://docs.microsoft.com/azure/synapse-analytics/security/synapse-workspace-managed-identity

    Hope this helps. If you have any follow-up questions, please let me know. I would be happy to help.

    Was this answer helpful?

  2. Amira Bedhiafi 42,046 Reputation points MVP Volunteer Moderator
    2026-05-11T19:12:58.84+00:00

    Hello Roby !

    Thank you for posting on MS Learn Q&A.

    This is related to the AzureDataLakeStore linked service which is the connector for Azure Data Lake Storage Gen1 not Gen2.

    ADLS Gen1 was retired on February 29, 2024, and you need to migrate to the Azure Data Lake Storage Gen2 connector.

    The validation is most likely triggered because ADF validates the pipeline flow definitions when publishing or deploying change even if the change is not directly related to that data flow.

    So a trigger only change can still fail if an existing data flow references an unsupported auth combination.

    For Mapping Data Flows, you need to move the source or sink to ADLS Gen2 using the AzureBlobFS / Azure Data Lake Storage Gen2 linked service.

    The Gen2 connector supports Mapping Data Flow as source or sink and the connector supports managed identity authentication.

    If you must continue using ADLS Gen1 for now, as a workaround you need to avoid MSI for that data flow and use SP auth on the AzureDataLakeStore linked service.

    https://learn.microsoft.com/en-us/answers/questions/771401/adf-how-to-connect-to-azure-data-lake-gen-1-to-acc

    Was this answer helpful?

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.