Azure AD: Change Management Simplified

Editor's Note: This is not the blog you are looking for...

You're probably not looking for feature information from 2022, are you?  Here are a few links that might be more aligned with your needs:

• Manage change, Agile methods - Azure DevOps | Microsoft Learn
• Azure Automation Change Tracking and Inventory overview using Azure Monitoring Agent | Microsoft Learn
• Get resource changes - Azure Resource Graph | Microsoft Learn
• Get the latest updates on Azure products and features | azure.microsoft.com
• Microsoft Entra SSO integration with Change Process Management - Microsoft Entra ID | Microsoft Learn

Azure Active Directory (Azure AD) is now known as Microsoft Entra ID.  For information about the name change, please read: New name for Azure Active Directory - Microsoft Entra | Microsoft Learn.

------------------

 

Update: Update December 15^th, 2022: ADAL end of support is now extended to June 30^th, 2023. We will retire AAD Graph API any time after June 30th, 2023. Through the next six months (January 2023 – June 2023) we will continue informing customers about the upcoming end of support along with providing guidance on migration.

 

Hello Everyone, 

 

Rapid change is a growing reality in cloud services. In Azure AD alone, we are making hundreds of changes every year including new feature releases, changes to existing features, as well as deprecations and retirements. We’ve heard from our customers that managing these changes is becoming increasingly difficult so, starting today, we are simplifying change management for Azure AD.  

 

While we will continue to bring new capabilities to you throughout the year, feature deprecations and product retirement communications will be announced as part of bi-annual communication trains that will occur every March and September, with consistent end-of-support timelines (with some exceptions). With this new model, you’ll have predictable product and feature changes, making it easier to accelerate the adoption of newer and more secure technologies.  

 

Here’s the list of deprecation announcements that are part of the March 2022 train: 

 

• We will retire the Azure AD Graph API any time after June 30^th, 2023.   Listening closely to your feedback about the challenges of migrating such a critical dependency, we’re extending the retirement date. For more information, see Migrate Azure AD Graph apps to Microsoft Graph - Microsoft Graph | Microsoft Docs. 
• We will continue to retire the Azure AD Graph and MSOnline PowerShell licensing assignment APIs and PowerShell cmdlets on August 26, 2022. Please migrate your apps to access the license managements APIs from Microsoft Graph. For more information, visit Migrate your apps to access the license managements APIs from Microsoft Graph - Microsoft Tech Community 
• We stated before that if you’re using the Azure AD PowerShell or MSOnline PowerShell modules to manage Azure AD, we encourage you to try the Microsoft Graph PowerShell SDK. The Microsoft Graph PowerShell SDK continues to be where all our current and future PowerShell investments are being made. In light of the announcement to not turn off the Azure AD Graph API on June 30th, our goal is to also provide guidance and tools for migrating existing scripts and PowerShell processes, reliant on the Azure AD Graph API and MSOnline module, to the Microsoft Graph PowerShell SDK. This is due to the planned deprecation of the two PowerShell modules (MSOL & AAD) after December 2022. Check out more information here and here. 
• ADAL end of life is extended from December 30th, 2022, to June 30th, 2023. While ADAL apps may continue to work, no support or security fixes will be provided past end of life.  In addition, there are no planned ADAL releases planned prior to end of life for features or support for new platform versions. For more information, see Update your applications to use Microsoft Authentication Library and Microsoft Graph API - Microsoft Tech Community 
• We have begun the legacy TLS 1.0 and 1.1 protocol deprecations for the pPublic cloud and will continue with a gradual roll out of the deprecation over the course of this year. For more information see  Enable TLS 1.2 support as Azure AD TLS 1.0/1.1 is deprecated - Active Directory | Microsoft Docs 
• We will begin retiring past versions of Azure AD Connect Sync 12 months from the date they are superseded by a newer version. To upgrade your Azure AD Connect Sync server, follow these steps: Azure AD Connect: Upgrade from an earlier version  
• We will enable combined MFA and SSPR security information registration for all non-enabled tenants created before Aug 2020. More information on this experience can be found here: Combined registration for SSPR and Azure AD Multi-Factor Authentication - Azure Active Directory | Microsoft Docs
• The Azure Key Vault Team is working on enforcing soft delete protection on all key vaults to ensure that customer secrets, keys, and certificates are protected from accidental deletion. Soft Delete is a feature that allows deleted key vaults and secrets stored inside key vault to remain recoverable for a period of up to 90 days and allows customers to restore deleted secrets in a self-serve process. All existing key vault resources will have soft delete automatically enabled by February 1, 2025. Enabling soft delete is a one-way operation. Once enabled, the feature cannot be disabled. Learn more here: Soft-delete will be enabled on all key vaults 

 

2022 Change Communication Timeline:

 

----------------------------------------------------------------------------------------------------------

 

Learn more about Microsoft identity: 

• Related Articles: To understand the differences between deprecations and product retirement and meanings of terms like end of support referenced above, please see here: Lifecycle Terms and Definitions - Microsoft Lifecycle | Microsoft Docs  
• Return to the Azure Active Directory Identity blog home 
• Join the conversation on Twitter and LinkedIn
• Share product suggestions on the Azure Feedback Forum