Azure AD Graph APIs Retirement by February 1st 2025

Azure AD Graph APIs Retirement by 1st February 2025! Microsoft is retiring the Azure AD Graph API service as part of its updates to the Azure platform. This started in September 2024, and by February 1, 2025, applications will no longer be able to use the Azure AD Graph APIs.

Check to see if any applications in your tenant are using the Azure AD Graph API. If you haven’t done this yet, review them and update them as needed before the February 1st deadline.

The Azure Active Directory (Azure AD or Entra ID) Graph API lets applications access Azure AD data through simple web requests. With it, applications can create, read, update, and delete information in the directory, such as user accounts, groups, and other objects.

This post provides all the details you need about the retirement of Azure AD Graph APIs, which will happen by February 1, 2025. It explains what actions you need to take to ensure your applications continue to work smoothly after retirement.

Patch My PC
Azure AD Graph APIs Retirement by February 1st 2025 - Fig.1
Azure AD Graph APIs Retirement by February 1st 2025 – Fig.1

What is Microsoft Graph?

Microsoft Graph is a unified API that allows access to various Microsoft services, including Microsoft Entra, Microsoft Teams, and Microsoft Intune.

Why Should I Migrate to Microsoft Graph?

Migrating to Microsoft Graph ensures access to all future features and functionalities, which will only be available through it.

Does Microsoft Graph include Everything from Azure AD Graph?

Yes, Microsoft Graph includes all the capabilities available in Azure AD Graph and new features such as identity protection and authentication methods.

What Happens If I Don’t Migrate to Microsoft Graph?

You may face disruptions, as the Azure AD Graph API will no longer be supported.

Azure AD Graph API Retirement Phases

The Azure AD Graph API will be retired gradually in different stages. The table below outlines each phase and how it will impact existing and new applications. It helps you understand what changes to expect and when they will take place.

Phase DateImpact on Existing AppsImpact to New Apps
September 1, 2024NoneMust use Microsoft Graph; Blocked from Azure AD Graph unless configured to allow extended access.
February 1, 2025Cannot make requests unless configured to allow extended access.Same as Existing App
July 1, 2025Azure AD Graph API is fully retired; no requests will function.Same as Existing App
Azure AD Graph APIs Retirement by February 1st 2025 – Table 1

Microsoft Entra Recommendations

Microsoft Entra Recommendations can help you identify which applications in your tenant will be impacted by the Azure AD Graph API retirement. You can view these recommendations in the Microsoft Entra admin center by going to Identity > Overview > Recommendations.

The recommendations show how your applications have used the Azure AD Graph APIs in the last 30 days and which specific operations each application uses.

Azure AD Graph APIs Retirement by February 1st 2025 - Fig.2
Azure AD Graph APIs Retirement by February 1st 2025 – Fig.2

Azure AD Graph Access for Your Application

If your application still requires access to Azure AD Graph APIs after February, you need to update its configuration. In the authenticationBehaviors settings, set the blockAzureADGraphAccess attribute to false.

Without this update, your application will receive a 403 error when accessing Azure AD Graph APIs after February. By setting this flag to false, your app will continue functioning with Azure AD Graph APIs until June 30, 2025.

PATCH https://graph.microsoft.com/beta/applications/5c142e6f-0bd3-4e58-b510-8a106704f44f
Content-Type: application/json
{
“authenticationBehaviors”: {
“blockAzureADGraphAccess”: false
}
}

Azure AD Graph APIs Retirement by February 1st 2025 - Fig.3
Azure AD Graph APIs Retirement by February 1st 2025 – Fig.3

Migrate Applications and Service Principals to Microsoft Graph

Since the Azure AD Graph API is being retired, it is important to take action on the applications and service principals listed in the recommendations. To keep them working smoothly, you must migrate them to Microsoft Graph by February 1, 2025.

  • Migrate Applications
    • If you’re using tools like Microsoft Azure PowerShell or Microsoft Azure CLI that rely on Azure AD Graph APIs, make sure to either update them or enable extended access until June 30, 2025.
  • Migrate Service Principals
    • Ensure third-party multi-tenant applications are updated to work with Microsoft Graph. Microsoft applications are already extended until June 2025, but you must contact the vendor to update any other applications.
RecommendationImpacted ResourcesAction Required
Migrate ApplicationsApplications created in your tenant using Azure AD Graph APIsConfigure extended access or update software by February 1, 2025.
Migrate Service PrincipalsMulti-tenant applications provided by vendors, including Microsoft and third-party appsUpdate vendor-provided applications by June 2025. Work with your vendor if needed.
Azure AD Graph APIs Retirement by February 1st 2025 – Table 2

Need Further Assistance or Have Technical Questions?

Join the LinkedIn Page and Telegram group to get the latest step-by-step guides and news updates. Join our Meetup Page to participate in User group meetings. Also, Join the WhatsApp Community to get the latest news on Microsoft Technologies. We are there on Reddit as well.

Resources

Take action by February 1: Azure AD Graph is retiring | Microsoft Community Hub

Author

Anoop C Nair has been Microsoft MVP from 2015 onwards for 10 consecutive years! He is a Workplace Solution Architect with more than 22+ years of experience in Workplace technologies. He is also a Blogger, Speaker, and Local User Group Community leader. His primary focus is on Device Management technologies like SCCM and Intune. He writes about technologies like Intune, SCCM, Windows, Cloud PC, Windows, Entra, Microsoft Security, Career, etc.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.