Blog Post

Microsoft Entra Blog
8 MIN READ

Action required: Azure AD Graph API retirement

krbash's avatar
krbash
Icon for Microsoft rankMicrosoft
Dec 05, 2024

Apps can’t make requests to Azure AD Graph APIs after February 1, 2025 – unless you take action to postpone the impact.

Applications are unable to make requests to Azure AD Graph APIs after February 1, 2025. Here’s how you can take action to extend access until June 30, 2025. Retirement of the Azure AD Graph API ser...
Updated Mar 12, 2025
Version 4.0
announcements and product news
krbash's avatar
Icon for Microsoft rankMicrosoft
Joined August 21, 2019
View Profile
Microsoft Entra Blog
Stay informed on how to secure access for employees, customers, and non-human identities, from anywhere, to multicloud and on-premises resources, with comprehensive identity and network access solutions powered by AI.
Matthew Levy's avatar
Matthew Levy
MVP
Feb 05, 2025

krbash 
 "All new apps must use Microsoft Graph. New apps are blocked from using Azure AD Graph APIs, unless the app is configured to allow extended Azure AD Graph access"

It's the 5th of February, and I created an app registration on 3rd February 2025 with AAD Graph API access and I'm using it today. It has not been configured with the authenticaionBehaviors exception.

So I'm just wondering is the blocking of these apps slowly rolling out to tenants "starting" on 1st February 2025?

Is there a way for me to see the progress of the deprecation on my tenant?

I have not seen the "Migrate Applications from the retiring Azure AD Graph APIs to Microsoft Graph" recommendation show up yet even though from my KQL Query, I can clearly see the app is using the Azure AD Graph API. How often does the secure score recommendation assess the tenant?

AADServicePrincipalSignInLogs
| where TimeGenerated >= ago(4d)
| where ResourceDisplayName == "Windows Azure Active Directory"
| project TimeGenerated, AppId, ServicePrincipalName, ResourceDisplayName, ResultType