This post has been republished via RSS; it originally appeared at: New blog articles in Microsoft Tech Community.
Last year, we announced the deprecation of Azure AD Graph API and ADAL (Azure Active Directory Authentication Library). As part of the deprecation process, we’ve disabled configuring Azure AD Graph API permissions for an app registration through the below Azure portal experience, as announced in August here.
The objective of this change is to reduce the number of new applications being configured to use Azure AD Graph and identify legacy processes that push new applications onto the Azure AD Graph API. Your existing applications with Azure AD Graph permissions will continue to work until the API is retired, and you can still use the Azure portal to view, grant consent, configure and remove Azure AD Graph permissions.
If you still need to add Azure AD Graph permissions to your application while you're working to migrate your applications, use one of the following approaches:
- Use the Azure portal to find the APIs your organization uses
- Update the application manifest on the Azure portal
- Update the requiredResourceAccess property using the Microsoft Graph application API
- Use the Microsoft Graph PowerShell Update-MgApplication cmdlet to update the RequiredResourceAccess object
For detailed guidance, refer to the migration FAQ.
The permission configuration approaches listed here will continue to work until the Azure AD Graph API is retired. After you have migrated your applications, we recommend that you remove the Azure AD Graph permissions from your applications and only keep Microsoft Graph permissions. We encourage you to continue your efforts to migrate your applications to the Microsoft Graph API, and let us know how we can help you in this process.
Alex Simons (Twitter: @Alex_A_Simons)
Corporate Vice President of Program Management
Microsoft Identity Division
Learn more about Microsoft identity: