Microsoft has discontinued two key authentication APIs for Azure Active Directory

Get a free Techzine subscription!

This comes after different applications and scripts were put out of commission by June 30th, 2022. Changes in the API might adversely affect applications and Powershell scripts.

After support for Active Directory Authentication Library (ADAL) and Azure AD Graph API ends, Microsoft customers will now feel the pain of Google customers. However, this time, Google promises to keep its APIs stable – a departure from their habit of killing products.

Azure AD Graph API and Microsoft Graph API are not the same thing. Azure AD Graph API is a REST API used to manage users and groups in Azure AD.

ADAL .NET library used to issue authentication tokens for Microsoft APIs, last updated in June of 2020. It is to be replaced by the Microsoft Authentication Library (MSAL)

The Effects Of This Happening 

These APIs are often hidden in plain sight – invisible even to developers.

To know that it is there or not working anymore, you would have to dive deep into a program, e.g., the Visual Studio template for ‘Authentication and Azure Active Directory, and find an application where these APIs are running.

“Customers are encouraged to use the newer Azure Active Directory V2 PowerShell module instead of this module,” say the docs. However, a user complained this week that “when I visit the new module there is nowhere near the level of functionality around domain management that there is with the version 1.0 module,” says Microsoft.

This is in response to Microsoft themselves using these APIs in their utilities and tools, such as the MSOnline module for Powershell.

“My concern is I am currently developing scripts for customers which will need to be replaced by the Graph APIs. While I am implementing as much as I can with Graph, it is frustrating knowing that some of the scripts will need to be modified but I am unable to give the customers a timeline on when that will need to be done,” Complained one user in response to the AAD graph shutdown in 2022 which will kill of the Azure AD module.

“It’s quite frustrating that you never quite finish the job? We all started out writing PowerShell for the MSOL modules, and some stuff *still* requires that (like managing MFA). Then we all switched to the Azure AD modules, then the Azure AD modules, which use MS Graph (like Get-AzureADMSGroup, etc.). Now we all have to switch to dedicated MS Graph modules… Since these changes involve rewriting automation scripts, how long will it be until you decide to change everything again? My colleagues and I are quite tired of updating scripts to keep existing functionality when the previous modules work just fine,” Complained a user referencing Microsoft’s history of wrong upgrades.

Microsoft is emailing admins with lists of applications that it can track after getting reports from the Azure portal.

“There are no exceptions to this deprecation. As a result, your apps will no longer receive responses from the Azure AD Graph endpoint after June 30th, 2022,” the company said.