Last month, Microsoft has announced the deprecation of the Azure Active Directory Graph API (graph.windows.net). Going forward, the Microsoft Graph API (graph.microsoft.com) is the supported way to gain access to Azure Active Directory programmatically.
What will happen?
Let’s look at the timeline shared by Microsoft:
For the next two years, applications and tools communicating to the Azure Active Directory Graph API will continue to work. However, no new features will be made available to the Azure AD Graph API, only to the Microsoft Graph API. There will be security updates for the Azure AD Graph API in the next two years, but after that time, the Azure AD Graph API shuts down.
Benefits of using the Microsoft Graph API
Now, you might ask yourself why you’d want to move to the Microsoft Graph API from the Azure Active Directory Graph API, short from the deprecation notice above.
More secure and more resilient
Microsoft Graph API offers more secure and more resilient access to the information in Azure Active Directory.
Microsoft will offer new authentication features to the Microsoft Graph API. The Azure AD Graph API remains as-is.
The gateway to everything
Microsoft Graph offers access to many more services than just Azure Active Directory. It's the API gateway to all of Microsoft 365.
Migrating to the Microsoft Graph API
To migrate your apps to the Microsoft Graph API from the Azure Active Directory Graph API, perform these high-level steps:
Review the differences between the APIs
In many respects, the Microsoft Graph API is similar to the Azure AD Graph API. In many cases, simply changing the endpoint from graph.windows.net to graph.microsoft.com and taking care of the versioning difference takes care of everything.
However, there are differences. Certain resources, properties, methods, and core capabilities have changed.
Specifically, look for differences in the following areas:
- Request call syntax between the two services
- Feature differences, such as directory extensions, batching and differential queries
- Entity resource names and their types
- Properties of request and response objects
- Methods, including parameters and types
Examine how your applications and tools use the APIs
When you know the differences between the two APIs, you can examine the APIs used by your applications and tools and the permissions they require.
You should verify that the APIs your applications and tools need are generally available in Microsoft Graph v1.0 and that these APIs work the same way; In some cases, new capabilities and features are designed to replace earlier approaches.
Review app details
Of course, when you switch from one API to another in your applications and tools, you should take care of the proper app registrations and consent.
It is a best practice, to update the authentication library from the Azure Active Directory Authentication Library (ADAL) to the Microsoft Authentication Library (MSAL), too.
Deploy, test, and extend your app
Before updating your app for everyone, ensure you test thoroughly and stage your rollout to your customer audience.
In two years time, Microsoft plans to shut down the Azure AD Graph API. If your applications and tools communicate with this API, then it’s time to start migrating to the Microsoft Graph API. Don’t get caught by surprise.