Azure AD to Microsoft Graph migration for Azure command line tools.

Because of the retirement of Azure AD Graph has been announced, all applications using the service need to switch to Microsoft Graph, which provides all the functionality of Azure AD Graph along with new functionality. This also apply to the Azure command-line tools (Azure CLI, Azure PowerShell, and Terraform) and we are currently updating our tools to use Microsoft Graph and make it available to you as early as possible to give you enough time to update your code.

Impact on existing scripts

Our principle is to minimize the disruption to existing scripts. Therefore, whenever possible, we will keep the same command signature so that a version upgrade of your tool will be sufficient with no additional effort.

In few cases, the behavioral difference of the Microsoft Graph API from the AzureAD Graph API will induce a breaking change. For example, when creating an Azure AD application, the associated password can no longer be set at creation time. If you want to specify this secret, it must be updated afterward. Along with the preview versions of the tools, we will publish a full list of these breaking changes and instructions how to update your commands.

Azure vs Microsoft Graph command-line tools

AzureAD capabilities in the Azure command-line tools are provided to simplify the getting started experience for script developers, hence the limited scenarios covered with those commands.

While we plan keep supporting a subset of the AzureAD resources in the upcoming releases of our tools, we will implement new Graph capabilities as it pertains to fundamentals like authentication. For resources not supported with the Azure CLIs tools, we recommend using the Microsoft Graph tools: either the Microsoft Graph SDK PowerShell modules or the Microsoft Graph CLI.

Availability and next steps

To help you plan your migration work before the deadline, we are sharing our current timeline:

• October 2021
  • Public preview of Azure CLI using MSAL (pre-requisite to migrating to MS Graph)
  • Public preview of Azure PowerShell using Microsoft Graph API
    [11/4 Update] Read more about the public preview: https://techcommunity.microsoft.com/t5/azure-tools/azure-powershell-ignite-release/ba-p/2907139 
  • Each tool documentation will have guidance on how to install and test the previews.
• December 2021:
  • General availability of Azure PowerShell using Microsoft Graph
  • Update of Azure services documentation and scripts using outdated commands
  • [2/10/2022 Edit]: Azure PowerShell version 7.x fully supports Microsoft Graph, more details in this article https://techcommunity.microsoft.com/t5/azure-tools-blog/why-is-az-7-an-important-release-for-azure-powershell/ba-p/3035513 
• [2/10/2022 Edit] February 2022:
  • Preview of Azure CLI using Microsoft Graph (the preview date has slipped by a few weeks)
• [4/6/2022 Edit] End of May 2022:
  • GA of Azure CLI using Microsoft Graph

For Terraform, HashiCorp has already completed the migration to Microsoft graph with the AzureAD provider v2. Additional information here: https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/guides/microsoft-graph

Please comment on this article or reach out to the respective teams if you have any questions for Azure CLI (@azurecli) or Azure PowerShell (@azureposh).

Additional resources

While we update the official documentation for Azure tools, you can use the following resources for additional guidance on migrating to Microsoft Graph.

Further information regarding the migration to MSAL and its importance in the migration to MS Graph:

• https://techcommunity.microsoft.com/t5/azure-active-directory-identity/update-your-applications-to-use-microsoft-authentication-library/ba-p/1257363
• https://techcommunity.microsoft.com/t5/azure-active-directory-identity/have-you-updated-your-applications-to-use-the-microsoft/ba-p/1144698
• MSAL migration overview: https://docs.microsoft.com/en-us/azure/active-directory/develop/msal-migration
• App migration check list: https://docs.microsoft.com/en-us/graph/migrate-azure-ad-graph-planning-checklist?view=graph-rest-1.0 

The content provided for Terraform, is very useful to understand the API changes:

• Terraform AzureAD provider v2 is now using Microsoft Graph: https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/guides/microsoft-graph 

Open issues in the respective repositories if you face any:

• Azure CLI: https://github.com/Azure/azure-cli/issues
• Azure PowerShell: https://github.com/Azure/azure-powershell/issues
• Terraform: https://github.com/hashicorp/terraform-provider-azuread/issues 

Let us know what you think in the comment section below.

Damien
on behalf of the Azure CLIs tools team