News

Microsoft Offers Tool for Finding Outdated Azure Active Directory App Dependencies

• By Kurt Mackie
• 06/21/2021

Microsoft on Friday reminded developers with apps using older Azure Active Directory library files and APIs that support will be ending next year, but it also described a tool for finding those app dependencies.

The Azure AD Authentication Library (ADAL) and the Azure AD Graph API are both getting "deprecated" on June 30, 2022, as previously announced by Microsoft. The deprecated term means that Microsoft will have stopped its developer work on those products but things possibly may still run. New software feature development by Microsoft on ADAL and the Azure AD Graph API actually stopped back on June 30, 2020, though.  

Microsoft wants developers to shift to the newer Microsoft Identity Platform approach, where the Microsoft Authentication Library (MSAL) open source library is used instead of using ADAL, and the Microsoft Graph API is used instead of the Azure AD Graph API.

Find the Apps That Use Deprecations
Microsoft's Friday announcement noted that developers can find applications that still use the older Azure AD library files and Azure AD Graph API via a monitoring workbook that's available in the Azure Portal:

The Azure AD monitoring workbook can help you find applications that use ADAL. This uses a set of queries that collect and visualize information available in Azure AD sign-in logs. You can also use the sign-in logs directly using the sign-in logs schema here.

A Sign-ins option within the workbook will show the recently used applications that were dependent on ADAL.

To find the apps using the Azure AD Graph, developers should "search your code for the string 'graph.windows.net' and then use the Microsoft Graph migration guide," the announcement explained.

The Microsoft Authentication Library is preferred over ADAL because it lets developers integrate conditional access and passwordless access into applications. Microsoft is favoring the use of the Microsoft Graph API because it works across various Microsoft services, such as Exchange, Intune and Teams.

Guest Access Reviews
In other Azure AD news, Microsoft on Monday touted its "guest access reviews" capability as a better way of managing permissions for external guest users that have gained network access permissions. The automatic guest access reviews capability takes such assessments out of the hands of the IT department, which Microsoft sees as a good thing.

Microsoft argued that access reviews should be conducted by business managers, instead of the IT department. Under Microsoft's scheme, guest access reviews get generated automatically for Microsoft Teams and Microsoft 365 Groups stakeholders when there are guest users in a group.

Microsoft's access reviews capability reached "general availability" commercial-release status for Teams and Microsoft 365 Groups back in March. Organizations, though, still depend on IT departments to review and clean up guest accounts, according to a survey mentioned in Microsoft's announcement. It found that 61 percent of "IT leaders" polled said they performed manual guest account clean-ups.