Azure AD Graph APIs Retirement by 1st February 2025! Microsoft is retiring the Azure AD Graph API service as part of its updates to the Azure platform. This started in September 2024, and by February 1, 2025, applications will no longer be able to use the Azure AD Graph APIs.
Check to see if any applications in your tenant are using the Azure AD Graph API. If you haven’t done this yet, review them and update them as needed before the February 1st deadline.
The Azure Active Directory (Azure AD or Entra ID) Graph API lets applications access Azure AD data through simple web requests. With it, applications can create, read, update, and delete information in the directory, such as user accounts, groups, and other objects.
This post provides all the details you need about the retirement of Azure AD Graph APIs, which will happen by February 1, 2025. It explains what actions you need to take to ensure your applications continue to work smoothly after retirement.

Table of Contents
What is Microsoft Graph?
Microsoft Graph is a unified API that allows access to various Microsoft services, including Microsoft Entra, Microsoft Teams, and Microsoft Intune.
Why Should I Migrate to Microsoft Graph?
Migrating to Microsoft Graph ensures access to all future features and functionalities, which will only be available through it.
Does Microsoft Graph include Everything from Azure AD Graph?
Yes, Microsoft Graph includes all the capabilities available in Azure AD Graph and new features such as identity protection and authentication methods.
What Happens If I Don’t Migrate to Microsoft Graph?
You may face disruptions, as the Azure AD Graph API will no longer be supported.
Azure AD Graph API Retirement Phases
The Azure AD Graph API will be retired gradually in different stages. The table below outlines each phase and how it will impact existing and new applications. It helps you understand what changes to expect and when they will take place.
| Phase Date | Impact on Existing Apps | Impact to New Apps | 
|---|---|---|
| September 1, 2024 | None | Must use Microsoft Graph; Blocked from Azure AD Graph unless configured to allow extended access. | 
| February 1, 2025 | Cannot make requests unless configured to allow extended access. | Same as Existing App | 
| July 1, 2025 | Azure AD Graph API is fully retired; no requests will function. | Same as Existing App | 
- Top 50 Features of MS Entra AI-Driven Identity Security and the General Availability of Entra Suite and SSE Solution
- Entra Source IP Anchoring with Global Secure Access to Improve the Security Management of SaaS Apps
- New Entra Custom Authentication Extension | Enable Integration with Any Email Providers
Microsoft Entra Recommendations
Microsoft Entra Recommendations can help you identify which applications in your tenant will be impacted by the Azure AD Graph API retirement. You can view these recommendations in the Microsoft Entra admin center by going to Identity > Overview > Recommendations.
The recommendations show how your applications have used the Azure AD Graph APIs in the last 30 days and which specific operations each application uses.

Azure AD Graph Access for Your Application
If your application still requires access to Azure AD Graph APIs after February, you need to update its configuration. In the authenticationBehaviors settings, set the blockAzureADGraphAccess attribute to false.
Without this update, your application will receive a 403 error when accessing Azure AD Graph APIs after February. By setting this flag to false, your app will continue functioning with Azure AD Graph APIs until June 30, 2025.
PATCH https://graph.microsoft.com/beta/applications/5c142e6f-0bd3-4e58-b510-8a106704f44f
Content-Type: application/json
{
“authenticationBehaviors”: {
“blockAzureADGraphAccess”: false
}
}

Migrate Applications and Service Principals to Microsoft Graph
Since the Azure AD Graph API is being retired, it is important to take action on the applications and service principals listed in the recommendations. To keep them working smoothly, you must migrate them to Microsoft Graph by February 1, 2025.
- Migrate Applications- If you’re using tools like Microsoft Azure PowerShell or Microsoft Azure CLI that rely on Azure AD Graph APIs, make sure to either update them or enable extended access until June 30, 2025.
 
- Migrate Service Principals- Ensure third-party multi-tenant applications are updated to work with Microsoft Graph. Microsoft applications are already extended until June 2025, but you must contact the vendor to update any other applications.
 
| Recommendation | Impacted Resources | Action Required | 
|---|---|---|
| Migrate Applications | Applications created in your tenant using Azure AD Graph APIs | Configure extended access or update software by February 1, 2025. | 
| Migrate Service Principals | Multi-tenant applications provided by vendors, including Microsoft and third-party apps | Update vendor-provided applications by June 2025. Work with your vendor if needed. | 
Need Further Assistance or Have Technical Questions?
Join the LinkedIn Page and Telegram group to get the latest step-by-step guides and news updates. Join our Meetup Page to participate in User group meetings. Also, Join the WhatsApp Community to get the latest news on Microsoft Technologies. We are there on Reddit as well.
Resources
Take action by February 1: Azure AD Graph is retiring | Microsoft Community Hub
Author
Anoop C Nair has been Microsoft MVP from 2015 onwards for 10 consecutive years! He is a Workplace Solution Architect with more than 22+ years of experience in Workplace technologies. He is also a Blogger, Speaker, and Local User Group Community leader. His primary focus is on Device Management technologies like SCCM and Intune. He writes about technologies like Intune, SCCM, Windows, Cloud PC, Windows, Entra, Microsoft Security, Career, etc.
 
