Share via

Unable to connect Azure Blob Storage using Service Principal authentication in ADF Sink configuration (Connection failed)

Jang Seongwon 0 Reputation points
2025-10-21T09:11:43.8+00:00

Hello Support Team,

I’m currently configuring a Microsoft Graph Data Connect (MGDC) pipeline in Azure Data Factory, and I’m encountering a persistent connection issue when trying to link Azure Blob Storage as the Sink destination.

After completing the Microsoft 365 connection setup, I moved to the Sink tab and configured Azure Blob Storage with the following parameters:

  • Authentication type: Service Principal

Azure subscription: (Selected correctly)

Storage account name: linqalphamgdc

Tenant ID: 58debe...d58a89

Service principal ID (Client ID): a3ad2ea7-5cb9-409b-a5dc-354e7bec794d

Service principal key: (Valid client secret value)

However, when I click Test connection, it consistently shows:

Connection failed

Even though:

  • The service principal has Storage Blob Data Contributor permissions on the storage account.
  • The tenant ID, client ID, and client secret are all verified and correct.
  • Public network access is enabled on the storage account.

Could you please help identify what could be causing the connection failure in this setup?

Here’s a screenshot of my configuration screen for reference (attached).

Google Chrome 2025-10-21 18.08.41

error details: Fail to connect to https://linqalphamgdc.blob.core.windows.net/: Error Message: The remote server returned an error: (403) Forbidden. (ErrorCode: 403, Detail: This request is not authorized to perform this operation using this permission., RequestId: 597ece48-d01e-002c-0d69-423e00000000), 1. Please check storage network setting whether public network access is disabled. If disabled, use Managed Virtual Network IR and create Private Endpoint to access. https://docs.microsoft.com/en-us/azure/data-factory/managed-virtual-network-private-endpoint. https://docs.microsoft.com/en-us/azure/data-factory/tutorial-copy-data-portal-private</value> 2. Make sure the credential provided is valid.

The remote server returned an error: (403) Forbidden.StorageExtendedMessage=RequestId:597ece48-d01e-002c-0d69-423e00000000 Time:Tue, 21 Oct 2025 09:01:56 GMT,

The remote server returned an error: (403) Forbidden.

Thank you for your assistance,
Seongwon Jang
LinqAlpha

Azure Data Factory
Azure Data Factory
An Azure service for ingesting, preparing, and transforming data at scale.

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Sina Salam 25,761 Reputation points Volunteer Moderator
    2025-10-21T10:44:46.5133333+00:00

    Hello Jang Seongwon,

    Welcome to the Microsoft Q&A and thank you for posting your questions here.

    I understand that you are unable to connect Azure Blob Storage using Service Principal authentication in ADF Sink configuration (Connection failed).

    By doing the following lists of steps and check the associated links for more details, you will get to the root of the cause and resolve it:

    1. Ensure Storage Blob Data Contributor is assigned at the storage account level - https://free.blessedness.top/en-us/azure/storage/blobs/authorize-access-azure-active-directory
    2. Use Azure CLI or Portal to verify the service principal has access to the specific container.
    3. Ensure the token obtained by the service principal includes the correct resource scope: https://storage.azure.com/ https://free.blessedness.top/en-us/azure/storage/blobs/authorize-access-azure-active-directory
    4. In ADF, ensure the Linked Service uses:
    5. If public access is disabled, configure:
      • Managed Virtual Network IR
      • Private Endpoint
      https://free.blessedness.top/en-us/azure/data-factory/managed-virtual-network-private-endpoint
    6. After assigning roles, wait 10–15 minutes before testing connection.
    7. Enable Storage Analytics Logging to capture detailed error traces - https://free.blessedness.top/en-us/azure/storage/common/storage-analytics-logging

    I hope this is helpful! Do not hesitate to let me know if you have any other questions or clarifications.

    Please don't forget to close up the thread here by upvoting and accept it as an answer if it is helpful.

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.