►
Description
In this month's call you will learn about the MSAL and Microsoft Graph features in Microsoft identity platform that are now GA plus end of support timelines for ADAL and Azure AD Graph API.
Speakers: Aisha Wang, Dan Kershaw, Ric Lewis, Luca Spolidoro
Resources
MSAL & Microsoft Graph blog https://aka.ms/AA9d8f4
Migration https://aka.ms/AA9doj8
Stay connected
Twitter https://twitter.com/microsoft365dev
Blogs https://aka.ms/M365DevBlog
A
A
But
first
I
wanted
to
kind
of
set
the
stage
here
and
say
that
we're
primarily
focused
today
on
talking
about
the
microsoft
identity
platform
for
devs
there's
a
lot
of
great
benefits
into
integrating
with
our
environment,
and
we've
created
all
of
these
tools
and
endpoints
to
make
it
a
very
seamless
experience
for
you
and
any
of
your
end
users
in
particular.
My
colleagues
today
will
be
talking
about
aad
graph
and
ms
graph,
and
I
will
be
talking
about
the
authentication
libraries,
so
the
microsoft
authentication,
libraries
are
ga
on
a
variety
of
platforms.
A
As
you
can
see
here,
the
platform
of
your
choice.
We've
probably
got
a
library
for
it.
The
client
libraries
allow
you
to
integrate
into
your
app
all
of
the
sign-in
experiences
token
acquisitions.
Everything
you
would
really
need
to
be
able
to
talk
to
the
microsoft
services,
because
we've
announced
ga
for
all
of
these.
We
wanted
to
say:
hey.
A
We
are
deprecating
our
older
services.
This
is
because
we've
made
a
lot
of
new
security
enhancements,
there's
a
wide
variety
of
new
features
in
msl,
and
it's
overall
just
a
more
stable
build.
So
we
wanted
to
make
sure
that
we
encourage
people
to
say
hey.
This
is
the
latest
innovation.
This
is
where
we
have
the
most
security
and
the
most
stability.
A
In
order
to
do
that,
we
want
to
be
able
to
spend
the
time
and
resources
on
it.
So
we
are
shutting
off
support
for
aed
graph.
Your
adal
apps
will
continue
to
work
after
june
30th
2022,
but
they
will
no
longer
receive
security,
fixes
and
updates.
So
we
definitely
encourage
you
to
check
out
the
microsoft
authentication
libraries.
A
B
B
So
I
I
wanted
to
move
the
focus
now
from
the
the
identity
libraries
to
the
libraries
that
you
use
to
manage
your
tenant
and
historically,
the
apis
that
we
have
provided
for
management
of
tenant
have
been
aed
graph.
This
is
a
pretty
good
api.
In
our
estimation,
it's
restful.
It
is
well
fit
to
managing
identity.
B
However,
there's
a
bigger
opportunity
when
we
look
at
the
api
space,
so
microsoft
is
moving
towards
a
platform
with
microsoft.
365
that
integrates
your
workflows
across
multiple
internal
platforms
that
allows
you
to
create
solutions
that
integrate
azure
as
well
as
office
in
all
of
the
different
data
and
objects
that
live
in
these
different
places
and
microsoft.
B
So
not
only
do
we
have
full
parity
with
all
of
the
functionality
that
exists
in
an
aad
graph,
but
you
also
now,
in
the
same
api,
have
access
to
file
objects,
to
device
objects,
to
security,
apis
to
reports,
to
mail
to
calendar
objects,
and
when
you
have
all
of
these
under
one
window,
you
have
the
ability
to
create
these
really
rich
solutions
across
all
of
these
different
platforms
and
it's
all
under
one
api.
Instead
of
having
to
jump
different
authentication
mechanisms
and
and
different
resources
and
different
roles
and
groups.
B
All
of
this
is
is
under
one
api.
So
some
examples
of
that.
This
is
one
that
I
like
here
on
the
bottom,
which
is
the
department
update
scenario
right.
Let's
say
that
you
have
a
situation
where
commonly
in
managing
your
tenant.
You
have
folks
who
are
switching
departments
and
normally
this
is
a
process
that
involves
a
lot
of
manual
changes
and
working
across
different
platforms
in
office
and
you've
got
to
fix
their
azure
identities
and
you've
got
to
go
figure
out
their
device
movement
and
all
of
those
kinds
of
things.
B
B
So
I
actually
want
to
take
a
look
at
this
really
quick,
and
this
is
an
example
of
documentation
for
the
microsoft
graph
rest
api
and
the
documentation
itself
fairly,
straightforward.
Here's
the
http
request
you've
seen
before
where
it
gets
interesting,
is
here
below
now
for
examples
in
our
documentation.
B
C
C
You
know
arrest
rest
tool,
but
this
is
offer
a
very
specific
api
things
to
microsoft
graph,
and
I
will
also
show
a
little
bit
more
example
on
that,
and
also
streaming
is
asking
if
this
works
with
azure
government.
Yes,
we
are
in
the
government,
clouds,
graphics
deployed
there
as
well.
B
B
So
as
as
aisha
mentioned,
we
have
announced
that
aad
graph
now
has
been
superseded
by
microsoft,
graph
and
so
aad
graph
will
be
deprecated
here
in
june
2022.
B
So
that's
a
little
ways
out,
but
it
is
a
now
is
the
right
time
to
start
evaluating
your
applications
and
figuring
out
what
needs
to
migrate
and
how
so
I
wanted
to
talk
a
little
bit
about
how
you
discover
and
migrate
your
applications
so
right
now
we
have
it.
The
best
way
to
find
out
if
you
have
applications
that
are
using
aadgraph
is
going
to
be
in
your
app
registration
page
inside
your
tenant,
and
so
you
see
here
this
is
an
application
web
app
tutorial.
B
B
There's
another
a
couple
of
ways
that
you
can
look
for:
applications
that
are
using
aadgraph.
The
main
thing
is
that
a
d
graph
will
always
point
to
the
graph.windows.net
endpoint,
and
so
you
can
look
through
your
proxy
traffic
or
you
can
even
just
do
a
string
search
through
your
code
and
look
for
instances
of
graph.windows.net.
B
Now
as
far
as
migration
there's
a
forward-looking
comment
here
that
we
are
working
on
we'll
call
an
api
mapping
table.
We
have
something
like
this
that
we
used
internally
in
migrating,
the
apis
from
aad
graph
to
ms
graph,
and
we
are
working
on
creating
that
documentation
to
share
publicly
so
that
it's
easy
to
look
at
the
aad
graph
calls
you're
making
today
and
figure
out
what
the
equivalent
microsoft
graph
call
will
be.
B
In
many
cases,
those
mappings
are
fairly
straightforward,
because
microsoft
graph
is
a
superset
of
aad
graph
functionality,
a
lot
of
those
apis
map
across
pretty
clean.
So
that's
it.
We
hope
that
you're
able
to
take
advantage
of
microsoft
graph
and
recognize
the
opportunities
migrate
away
from
an
aav
graph,
and
we
hope
that
you'll
reach
out
to
us.
If
you
have
any
issues
in
this
migration,
let
us
know
how
we
can
better
support
with
tools
and
documentation
to
guide
you
through
this.
B
C
But
before
that
there
is
a
question
for
you
in
in
the
chat
from
anush
is
it
reacts
when
we
expect
the
beta
apis
to
come
as
sp2,
because,
for
example,
on
the
v1,
the
user
object
would
return
a
limited
result
and
the
data
is
not
recommended
for
production.
C
So
I
think,
as
incomplete
result,
it
means
as
limited
result.
It
means
that,
for
example,
the
user
object
shows
by
default
less
properties
in
the
view
1.0
rather
than
in
the
data
point,
and-
and
this
is
by
design
to
specifically
answer
this
question.
Usually
the
apis
that
are
arriving
in
beta
will
move
to
the
v
1.0
endpoint
after
roughly
30
90
days
and-
and
this
is
varies
a
lot
between
apis.
So
take
this.
C
You
know
90
days
as
as
not
a
specific
number,
but
is
a
tentative
date
for
the
teams
to
release
the
production.
So
we
know
that
we
don't
recommend
using
beta
in
production
because
apis
can
change
and
we
don't
want
to
break
your
apps.
Everything
is
in
the
1.0.
Endpoint
would
definitely
be
so.
B
We
can
also
do
get
a
little
bit
on
that
api.
Some
of
the
changes
in
microsoft
graph
as
we
get
into
versioning
involve
attributes
that
are
not
returned
by
default.
That
attributes
that
have
to
be
specifically
queried
for
so
I
don't
know
if
extension
attribute
for
users
fits
in
that
category.
That's
another
thing:
we
can
look
at.
B
Let's
see
question
on
behalf
of
oauth
grant:
when
will
it
be
supported
on
b2c?
I'm
not
sure
if
I
understand
that
question
yet
so
yeah
I
can
follow
up
with
you
offline.
C
So
this
is
my
demo
tenant
in
azure
portal
and
I
connected
my
graph
explorer
with
my
account
and
if
you
have
an
active
directory,
you
can
log
in
with
your
active
directory,
and
if
you
have
the
right
permission,
you
can
query
your
directory
data
with
with
microsoft
graph.
C
So
the
first
thing
to
do
in
graph
explorer
to
use
this
new
capability
is
to
select
the
data
endpoint.
Yes,
we
are
still
in
beta,
but
we
will
announce
soon.
The
move
to
the
v
1.0
and
another
important
thing
to
remember
is
that
if
you
want
to
use
all
these
new
capabilities,
you
need
to
add
the
request
header
for
consistency
level
and
set
the
value
to
eventual.
C
This
is
because
all
of
these
api
are
only
supporting
eventual
consistencies
internal
resistance
and,
as
you
know,
aid
and
as
a
distributed
system
replicate
the
data
in
multiple
servers,
and
this
replication
occurred
in
like
a
bit
of
time
like
two
two
minutes
and
all
of
the
new
capabilities
that
we
offer
that
are
filter
and
search
and
and
order
are
on
a
separate
server
that
maintains
all
these
indexes,
and
so
these
things
indexes
are
updated
a
little
bit
later
than
when
the
directory
change
happened.
C
So
now,
since
this
is
a
developer,
call,
let's
get
some
code,
it's
an
application,
a
very,
very
simple
application
that
I
I
created
that
basically
replicates
what
you
see
in
the
graph
explorer
and
I
choose
talking
core
as
a
language,
but
of
course
this
can
be
replicated
in
any
language
that
is
shown
in
the
previous
slide
presented
by
rich.
C
C
C
And
now,
of
course,
you
will
see
all
the
users
sorted
by
display
name,
one
thing,
though,
that
is
not
supported
currently
in
the
1.0
endpoint,
and
it's
and
it's
not
supported.
If
you
don't
add
those
consistency,
level,
header
and
the
count
parameter
is
filter
and
order
by
at
the
same
time.
So
if
I
want
to,
for
example,
see
all
the
user
that
starts
with
columns,
you
need
to
get
all
the
confirm.
C
C
C
C
You
could
see
that
my
my
result
has
only
10
with
the
count
property,
but
if
I
look
inside
additional
data
and
I
extract
the
real
count
of
my
result,
I
see
that
I
have
34
users
so
that
that's
why
it's
so
important,
because
it
would
not
consider
the
passive
in
the
pagination,
but
the
full
count
of
of
your
users.
C
C
The
results
would
not
be
json
would
just
be
a
single
number,
with
the
the
number
of
object
that
you
you
are
querying,
and
this,
of
course,
can
be
combined
with
with
search,
can
can
be
combined
with
other
filters,
etc.
C
C
So,
as
you
know,
if
we
try
to
get
the
members
of
a
group
or
from
from
a
user
to
see
what
are
you,
member
of
the
types
of
data
can
be
different,
so
in
a
group
you
can
have
users,
you
can
have
devices,
you
can
have
applications
and
there
is
a
way
now
to
filter
down
those
types
to
a
specific
one.
So
if
I
want
to
only
the
members
of
the
group
I
can,
that
are
type
user,
I
can
do
that
using
audate
account
with
a
query
similar
to
this.
C
And
then
call
transitive
members,
it's
a
new
link
that
will
give
you
the
results
of
every
members
in
this
group,
even
if
the
groups
are
nested,
so
we
have
two
properties:
one's
called
members
that
will
give
you
only
the
direct
members
and
transit
members.
They
will
also
result
with
the
numbers.
C
So
renewal
is
asking,
if
will
be
support
for
select
on
this
one,
of
course,
select
is
always
supported
in
every
everywhere.
Okay,
now
you
see
that
we
have
here
some
users
and
probably
my
demo
feminine.
It
is
not
very
it's
very
useful
to
see,
but
if
I
do
this
I'll
get
this
microsoft
graph.
B
C
Right
now,
I
only
have
all
the
users
in
this
group
and
not
also
the
device
for
application.
C
Let's
see
how
to
do
this
in.net
so
now,
I'm
actually
in
this
example.
I'm
doing
the
member
of
that
means
that
from
a
user
I
want
to
see
all
the
groups
the
user
is
a
member
of.
So
it's
basically
the
inverse
but
odata
cost
is.
It
is
the
same.
C
C
C
Body
now
I'll
see
all
the
groups
that
party
is
member
of-
and
this
is
quite
simple
to
implement.
I
still
have
to
separate
my
request,
url
from
from
the
actual
request
that
they
send
over
in
this.
In
this
case,.
C
C
Now
it's
supported
for
mail
and
user
principal
name
in
order
to
get
the
domain,
so
I
added
myself
as
a
guest
user
and
you
can
now
filter
by
basically
domain,
if
you,
if
you
use
this
end,
switch
on
on
the
mail
or
user
principal
name-
and
this
is
this-
is
my
demo.
If
you
want
the
source
code,
I
can
provide
that
and
all
the
rest
of
the
capabilities
were
described
in
one
of
the
previous
session
and
stephen
can
link
you
to
that
all
right,
stephen.
C
There
you
go
so
if
you
go
to
aka.ms,
slash,
m365
dev
youtube,
there's
an
identity
playlist
there
and
you'll
see
previous
videos,
and
this
video
will
be
posted
there
as
well.