Microsoft offers tool to find obsolete Azure Active Directory application dependencies – Redmondmag.com
Microsoft offers a tool to find obsolete Azure Active Directory application dependencies
Microsoft on Friday reminded developers with apps using old Azure Active Directory library files and APIs that will support will end next year, but it also described a tool to find those app dependencies.
The Azure AD Authentication Library (ADAL) and Azure AD Graph API will both be “deprecated” on June 30, 2022, as previously announced by Microsoft. The term obsolete means that Microsoft will have stopped working as a developer on these products, but things can still work. However, development of new software features by Microsoft on ADAL and the Azure AD Graph API stopped on June 30, 2020.
Microsoft wants developers to switch to the new Microsoft Identity Platform approach, where the open source Microsoft Authentication Library (MSAL) is used instead of using ADAL, and the Microsoft Graph API is used instead of the Azure API. AD Graph.
Find apps that use deprecations
Microsoft’s Friday announcement noted that developers can find apps that still use the old Azure AD library files and the Azure AD Graph API through a monitoring workbook available in the Azure portal:
Azure AD Monitoring Workbook can help you find applications that use ADAL. This uses a set of queries that collect and visualize the information available in Azure AD connection logs. You can also use the connection logs directly by using the connection logs diagram here.
A login option in the workbook will show recently used apps that depended on ADAL.
To find apps using Azure AD Graph, developers should “search your code for the string ‘graph.windows.net’ and then use the Microsoft Graph Migration Guide, explained the ad.
Microsoft Authentication Library is preferred over ADAL because it allows developers to build conditional access and password-less access into applications. Microsoft favors using the Microsoft Graph API because it runs on various Microsoft services, such as Exchange, Intune, and Teams.
Guest Access Notice
In other Azure AD news, Microsoft Monday touted its ability to “guest access reviews” as a better way to manage permissions for external guest users who have been granted network access permissions. The ability to automatically review guest access takes those reviews out of IT’s hands, which Microsoft sees as a good thing.
Microsoft argued that access reviews should be performed by business leaders, rather than IT. As part of Microsoft’s scheme, guest access notices are generated automatically for stakeholders in Microsoft teams and Microsoft 365 groups when there are guest users in a group.
Microsoft’s Access Review capability achieved retail status of “general availability” for Microsoft 365 teams and groups in March. Organizations, however, still depend on IT departments to review and clean up guest accounts, according to a survey mentioned in Microsoft’s announcement. He found that 61% of “IT managers” surveyed said they performed manual cleanups of guest accounts.