Azure AD Graph API deprecation is imminent

Are you ready??

Microsoft announced in 2021 that it would depreciate Azure Active Directory (Azure AD) Graph on the 30th of June this year. However, because of community feedback, Microsoft has extended the retirement to December 2022. This is a critical dependency for legacy cloud applications, and December 2022 is fast approaching. There is no indication that Microsoft will extend beyond 2022.

What this means to you is that if you have built applications or scripts that communicate with Azure AD pre-2019, there is a good chance they will be using the Azure AD Graph. Secondly, if you have installed third-party applications and they leverage the Azure AD Graph, these services will cease functioning at the year’s end.

The features most widely used in the Azure AD graph are as follows:

1. Getting user information to display in an application
2. Getting the groups a user belongs to
3. Adding or removing a user from a group
4. Creating or updating users

To identify how exposed you are, you can check the permissions of your Azure AD Applications on your Azure tenant. It does not mean the application is still using the Azure AD Graph. To get an accurate assessment, you should search your network traffic logs and source code base for graph.windows.net this is the API endpoint for the Azure AD Graph..

If you are worried about how exposed your data is, please contact us.

We have experience in running automated tools to identify where your data is exposed. If we find that you are exposed, we can help migrate you over to the Microsoft Graph.