►
Description
In this month's call you will learn about the MSAL and Microsoft Graph features in Microsoft identity platform that are now GA plus end of support timelines for ADAL and Azure AD Graph API.
Speakers: Aisha Wang, Dan Kershaw, Ric Lewis, Luca Spolidoro
Resources
MSAL & Microsoft Graph blog https://aka.ms/AA9d8f4
Migration https://aka.ms/AA9doj8
Stay connected
Twitter https://twitter.com/microsoft365dev
Blogs https://aka.ms/M365DevBlog
A
A
But
first
I
wanted
to
kind
of
set
the
stage
here
and
say
that
we're
primarily
focused
today
on
talking
about
the
microsoft
identity
platform
for
devs
there's
a
lot
of
great
benefits
into
integrating
with
our
environment,
and
we've
created
all
of
these
tools
and
endpoints
to
make
it
a
very
seamless
experience
for
you
and
any
of
your
end
users
in
particular.
My
colleagues
today
will
be
talking
about
aad
graph
and
ms
graph,
and
I
will
be
talking
about
the
authentication
libraries,
so
the
microsoft
authentication,
libraries
are
ga
on
a
variety
of
platforms.
A
As
you
can
see
here,
the
platform
of
your
choice.
We've
probably
got
a
library
for
it.
The
client
libraries
allow
you
to
integrate
into
your
app
all
of
the
sign-in
experiences
token
acquisitions.
Everything
you
would
really
need
to
be
able
to
talk
to
the
microsoft
services,
because
we've
announced
ga
for
all
of
these.
We
wanted
to
say:
hey.
A
We
are
deprecating
our
older
services.
This
is
because
we've
made
a
lot
of
new
security
enhancements,
there's
a
wide
variety
of
new
features
in
msl,
and
it's
overall
just
a
more
stable
build.
So
we
wanted
to
make
sure
that
we
encourage
people
to
say
hey.
This
is
the
latest
innovation.
This
is
where
we
have
the
most
security
and
the
most
stability.
A
In
order
to
do
that,
we
want
to
be
able
to
spend
the
time
and
resources
on
it.
So
we
are
shutting
off
support
for
aed
graph.
Your
adal
apps
will
continue
to
work
after
june
30th
2022,
but
they
will
no
longer
receive
security,
fixes
and
updates.
So
we
definitely
encourage
you
to
check
out
the
microsoft
authentication
libraries.
A
B
B
So
I
I
wanted
to
move
the
focus
now
from
the
the
identity
libraries
to
the
libraries
that
you
use
to
manage
your
tenant
and
historically,
the
apis
that
we
have
provided
for
management
of
tenant
have
been
aed
graph.
This
is
a
pretty
good
api.
In
our
estimation,
it's
restful.
It
is
well
fit
to
managing
identity.
B
However,
there's
a
bigger
opportunity
when
we
look
at
the
api
space,
so
microsoft
is
moving
towards
a
platform
with
microsoft.
365
that
integrates
your
workflows
across
multiple
internal
platforms
that
allows
you
to
create
solutions
that
integrate
azure
as
well
as
office
in
all
of
the
different
data
and
objects
that
live
in
these
different
places
and
microsoft.
B
So
not
only
do
we
have
full
parity
with
all
of
the
functionality
that
exists
in
an
aad
graph,
but
you
also
now,
in
the
same
api,
have
access
to
file
objects,
to
device
objects,
to
security,
apis
to
reports,
to
mail
to
calendar
objects,
and
when
you
have
all
of
these
under
one
window,
you
have
the
ability
to
create
these
really
rich
solutions
across
all
of
these
different
platforms
and
it's
all
under
one
api.
Instead
of
having
to
jump
different
authentication
mechanisms
and
and
different
resources
and
different
roles
and
groups.
B
All
of
this
is
is
under
one
api.
So
some
examples
of
that.
This
is
one
that
I
like
here
on
the
bottom,
which
is
the
department
update
scenario
right.
Let's
say
that
you
have
a
situation
where
commonly
in
managing
your
tenant.
You
have
folks
who
are
switching
departments
and
normally
this
is
a
process
that
involves
a
lot
of
manual
changes
and
working
across
different
platforms
in
office
and
you've
got
to
fix
their
azure
identities
and
you've
got
to
go
figure
out
their
device
movement
and
all
of
those
kinds
of
things.
B
B
So
I
actually
want
to
take
a
look
at
this
really
quick,
and
this
is
an
example
of
documentation
for
the
microsoft
graph
rest
api
and
the
documentation
itself
fairly,
straightforward.
Here's
the
http
request
you've
seen
before
where
it
gets
interesting,
is
here
below
now
for
examples
in
our
documentation.
B
C
C
B
B
So
that's
a
little
ways
out,
but
it
is
a
now
is
the
right
time
to
start
evaluating
your
applications
and
figuring
out
what
needs
to
migrate
and
how
so
I
wanted
to
talk
a
little
bit
about
how
you
discover
and
migrate
your
applications
so
right
now
we
have
it.
The
best
way
to
find
out
if
you
have
applications
that
are
using
aadgraph
is
going
to
be
in
your
app
registration
page
inside
your
tenant,
and
so
you
see
here
this
is
an
application
web
app
tutorial.
B
B
There's
another
a
couple
of
ways
that
you
can
look
for:
applications
that
are
using
aadgraph.
The
main
thing
is
that
a
d
graph
will
always
point
to
the
graph.windows.net
endpoint,
and
so
you
can
look
through
your
proxy
traffic
or
you
can
even
just
do
a
string
search
through
your
code
and
look
for
instances
of
graph.windows.net.
B
Now
as
far
as
migration
there's
a
forward-looking
comment
here
that
we
are
working
on
we'll
call
an
api
mapping
table.
We
have
something
like
this
that
we
used
internally
in
migrating,
the
apis
from
aad
graph
to
ms
graph,
and
we
are
working
on
creating
that
documentation
to
share
publicly
so
that
it's
easy
to
look
at
the
aad
graph
calls
you're
making
today
and
figure
out
what
the
equivalent
microsoft
graph
call
will
be.
B
In
many
cases,
those
mappings
are
fairly
straightforward,
because
microsoft
graph
is
a
superset
of
aad
graph
functionality,
a
lot
of
those
apis
map
across
pretty
clean.
So
that's
it.
We
hope
that
you're
able
to
take
advantage
of
microsoft
graph
and
recognize
the
opportunities
migrate
away
from
an
aav
graph,
and
we
hope
that
you'll
reach
out
to
us.
If
you
have
any
issues
in
this
migration,
let
us
know
how
we
can
better
support
with
tools
and
documentation
to
guide
you
through
this.
B
C
So
I
think,
as
incomplete
result,
it
means
as
limited
result.
It
means
that,
for
example,
the
user
object
shows
by
default
less
properties
in
the
view
1.0
rather
than
in
the
data
point,
and-
and
this
is
by
design
to
specifically
answer
this
question.
Usually
the
apis
that
are
arriving
in
beta
will
move
to
the
v
1.0
endpoint
after
roughly
30
90
days
and-
and
this
is
varies
a
lot
between
apis.
So
take
this.
C
B
We
can
also
do
get
a
little
bit
on
that
api.
Some
of
the
changes
in
microsoft
graph
as
we
get
into
versioning
involve
attributes
that
are
not
returned
by
default.
That
attributes
that
have
to
be
specifically
queried
for
so
I
don't
know
if
extension
attribute
for
users
fits
in
that
category.
That's
another
thing:
we
can
look
at.
B
C
So
the
first
thing
to
do
in
graph
explorer
to
use
this
new
capability
is
to
select
the
data
endpoint.
Yes,
we
are
still
in
beta,
but
we
will
announce
soon.
The
move
to
the
v
1.0
and
another
important
thing
to
remember
is
that
if
you
want
to
use
all
these
new
capabilities,
you
need
to
add
the
request
header
for
consistency
level
and
set
the
value
to
eventual.
C
C
C
And
now,
of
course,
you
will
see
all
the
users
sorted
by
display
name,
one
thing,
though,
that
is
not
supported
currently
in
the
1.0
endpoint,
and
it's
and
it's
not
supported.
If
you
don't
add
those
consistency,
level,
header
and
the
count
parameter
is
filter
and
order
by
at
the
same
time.
So
if
I
want
to,
for
example,
see
all
the
user
that
starts
with
columns,
you
need
to
get
all
the
confirm.
C
C
C
C
So,
as
you
know,
if
we
try
to
get
the
members
of
a
group
or
from
from
a
user
to
see
what
are
you,
member
of
the
types
of
data
can
be
different,
so
in
a
group
you
can
have
users,
you
can
have
devices,
you
can
have
applications
and
there
is
a
way
now
to
filter
down
those
types
to
a
specific
one.
So
if
I
want
to
only
the
members
of
the
group
I
can,
that
are
type
user,
I
can
do
that
using
audate
account
with
a
query
similar
to
this.
C
C
B
C
C
C
C
C
C
Now
it's
supported
for
mail
and
user
principal
name
in
order
to
get
the
domain,
so
I
added
myself
as
a
guest
user
and
you
can
now
filter
by
basically
domain,
if
you,
if
you
use
this
end,
switch
on
on
the
mail
or
user
principal
name-
and
this
is
this-
is
my
demo.
If
you
want
the
source
code,
I
can
provide
that
and
all
the
rest
of
the
capabilities
were
described
in
one
of
the
previous
session
and
stephen
can
link
you
to
that
all
right,
stephen.