Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community
Microsoft Entra change announcements – September 2022 train
Published Sep 30 2022 09:00 AM 41.6K Views
Microsoft

Hello everyone, 

 

In March 2022, we announced our simplified change management process, which allows customers to predictably plan their deployments, and in June, we introduced Microsoft Entra as our new product family that encompasses all of Microsoft’s identity and access capabilities.  

 

Since that time, we’ve continuously improved Azure Active Directory (Azure AD), released a public preview of an enhanced “My Apps” experience, and launched the general availability of Microsoft Entra Permissions Management and Microsoft Entra Verified ID. 

 

To match the growth of our identity and access product family, we’ve expanded our change management process to cover all of Microsoft Entra. Today, we're also sharing our September train for feature changes and breaking changes.  

 

We communicate these changes every quarter to our customers with the blog and release notes and via email. We also continue to make it easier for our customers to manage lifecycle changes (deprecations, retirements, service breaking changes) within the new Entra admin center 

 

Below is a quick snapshot of our communication schedule of biannual product retirement news and quarterly breaking/feature change announcements. 

 

Category 

Definition 

Communication Schedule 

Retirement announcement 

Signals the retirement of a feature, capability, or product in a specified period.

  

Typically, at this point, new customers aren't permitted to adopt the service/feature, and engineering investments are reduced for the specified feature.

  

At a later date, the feature will no longer be available to any customer as it reaches the “end-of-life” state.  

2 x per year (Mar and Sep) 

Breaking change announcement, feature change announcement 

Breaking change: Expected to break the customer/partner experience if the customer doesn’t act or make a change in their workload for continued operation. 

 

Feature change: Change to an existing Identity feature​ that doesn't require customer action but is noticeable to the customer. These are typically UI/UX changes. 

These changes generally happen more often and require a more frequent communication schedule. 

4 x per year (Mar, June, Sep, and Nov) 

 

September 2022 change announcements

 

Azure Multi-Factor Authentication Server 
Beginning September 30, 2024, Azure Multi-Factor Authentication Server deployments will no longer service multi-factor authentication (MFA) requests, which could cause authentications to fail for your organization. To ensure uninterrupted authentication services and to remain in a supported state, organizations should migrate their users’ authentication data to the cloud-based Azure MFA service using the latest Migration Utility included in the most recent Azure MFA Server update. Learn more at Azure MFA Server Migration.  

 

Enable HTTP/2 on the Graph service endpoint 

Starting September 15, 2023, the Microsoft Graph engineering team plans to begin rollout of HTTP/2 support on the Graph service endpoint. HTTP/2 support will be in addition to existing HTTP/1.1 version support. Once HTTP/2 is enabled on the Microsoft Graph endpoints, clients that support HTTP/2 will negotiate this version when making requests to Microsoft Graph. Focus for improvements in the HTTP/2 specification concern performance, including perceived latency, and network and service resource usage (reference https://http2.github.io), including multiplexing, parallelism, and efficiency through binary encoding and header compression. These benefits may offer substantial value to Microsoft Graph clients and customers. HTTP/2 is expected to be entirely backwards-compatible with HTTP/1.1 and to require no code changes in client applications. It's possible, in rare cases, that negative impact may occur with some client applications, if the application does not adhere to HTTP specifications concerning case-insensitive comparisons for Header keys.   

 
Azure AD Graph AP 

Azure AD Graph will continue to function until June 30, 2023. This will be three years after the initial deprecation announcement. Based on Azure deprecation guidelines, we reserve the right to retire Azure AD Graph at any time after June 30, 2023, without advance notice. Though we reserve the right to turn it off after June 30, 2023, we want to ensure all customers migrate off and discourage applications from taking production dependencies on Azure AD Graph. Investments in new features and functionalities will only be made in Microsoft Graph. Going forward, we will continue to support Azure AD Graph with security-related fixes. We recommend prioritizing migration to Microsoft Graph. Please see Migrate Azure AD Graph apps to Microsoft Graph - Microsoft Graph | Microsoft Docs for more information.  

 

Azure Active Directory Authentication Library (ADAL) Retirement  

As previously announced, ADAL end-of-life is now extended to June 30, 2023. While ADAL apps may continue to work, no support or security fixes will be provided past end-of-life. In addition, there are no planned ADAL releases planned prior to end-of-life for features or planned support for new platform versions. We recommend prioritizing migration to Microsoft Authentication Library (MSAL). Please see Migrate to the Microsoft Authentication Library (MSAL) - Microsoft Entra | Microsoft Docs for more information.  

 

Licensing Assignment API/Posh Retirement 

We have updated the retirement date of the Azure AD Graph and MSOnline PowerShell licensing assignment APIs and PowerShell cmdlets for existing tenants to March 31, 2023. APIs and cmdlets will not work for new tenants created after November 1, 2022. We recommend prioritizing migration to MS Graph following the guidance in Migrate your apps to access the license managements APIs from Microsoft Graph - Microsoft Tech Commu... and in Find Azure AD and MSOnline cmdlets in Microsoft Graph PowerShell | Microsoft Docs.  

 

PowerShell deprecation 

As we continue to support your migration efforts, we'll be extending the planned deprecation date of the three PowerShell Modules (Azure AD, Azure AD Preview, and MS Online) to June 30, 2023. The three modules will continue to work with minimal investment, apart from security updates. Depending on the status of Azure AD API, some cmdlets might stop working after June 30, 2023. The Microsoft Graph PowerShell SDK continues to be where all our current and future PowerShell investments are being made, and we encourage you to continue migrating to Microsoft Graph PowerShell SDK. We're also working on tools and documentation for migrating existing scripts and PowerShell processes reliant on the Azure AD Graph and MSOnline module to the Microsoft Graph PowerShell SDK. Check out more information at Find Azure AD and MSOnline cmdlets in Microsoft Graph PowerShell | Microsoft Docs and Migrate from Azure AD PowerShell to the Microsoft Graph PowerShell SDK. | Microsoft Docs 

 

Azure AD Domain Services classic VNET support 

As previously announced, in 2017 Azure AD Domain Services became available to host in an Azure Resource Manager network. Since then, we've built a more secure service using the Azure Resource Manager‘s modern capabilities. Because Azure Resource Manager deployments fully replace classic deployments, Azure AD DS classic virtual network deployments will be retired on March 1, 2023. Learn more about Migrate Azure AD Domain Services from a Classic virtual network | Microsoft Docs. 

 

Follow ongoing monthly updates on our release notes page: What's new? Release notes - Azure Active Directory - Microsoft Entra | Microsoft Docs. 

 

As always, we’d love to hear your feedback or suggestions. Let us know what you think in the comments below or on the Azure AD feedback forum. You may also send your questions, open issues, and feature requests through Microsoft Q&A by using the tag #AzureADChangeManagementSept2022Train. 

 

Stay tuned for more Microsoft Entra news at Microsoft Ignite, October 12-14! 

 

 

 

Learn more about Microsoft Entra: 

7 Comments
Copper Contributor

@Shobhit Sahay Based on this new information, does this mean the original deprecation date for AAD PowerShell and MSOL Module will not be pushed to June 2023 and this supersede the original deprecation announcement posted back in March Azure AD: Change Management Simplified - Microsoft Tech Community

We are in the process of trying to do the migration, but if the deprecation is indeed pushed back to June 2023, it will be much appreciated.   Thanks in advance for the confirmation. 

Microsoft

@lennyquest  This announcement supersedes the other announcements.

 

As mentioned in this post Azure AD and MSOnline PowerShell cmdlet deprecation has been postponed to Jun 2023.

Steel Contributor

So in terms of the Azure AD Graph/PowerShell modules, you say: 'Based on Azure deprecation guidelines, we reserve the right to retire Azure AD Graph at any time after June 30, 2023, without advance notice.' and 'As we continue to support your migration efforts, we'll be extending the planned deprecation date of the three PowerShell Modules (Azure AD, Azure AD Preview, and MS Online) to June 30, 2023... Depending on the status of Azure AD API, some cmdlets might stop working after June 30, 2023.'

And you recommend migrating to Microsoft Graph. But wait - what if someone wants to manage (say) MFA, or Administrative Units, as is currently possible in the MS Online, or Azure AD modules? Let's look at the PowerShell cmdlets that support this for Microsoft Graph:

https://learn.microsoft.com/en-us/powershell/module/microsoft.graph.reports/get-mgreportauthenticati...

https://learn.microsoft.com/en-us/powershell/module/microsoft.graph.identity.directorymanagement/get...

Oh no - you have to use the 'beta' module to use them. But what do Microsoft say about the beta module?

'APIs under the /beta version in Microsoft Graph are subject to change. Use of these APIs in production applications is not supported. To determine whether an API is available in v1.0, use the Version selector.'

https://learn.microsoft.com/en-us/graph/sdks/use-beta?tabs=CS

So in many instances we are being advised to move away from the MsOnline modules and Azure AD modules because they are being deprecated. But there is nothing to move to - because you haven't moved all the necessaryy features out of beta in Graph yet, so they're not supported in production. Come on Microsoft. You're not ready for this change yet, and you shouldn't be deprecating anything until you've actually replicated all the functionality of these modules in Graph in a way that you're happy to support in production.

Microsoft

@ChrisAtMaf I understand your concerns and appreciate your feedback. I assure you that we are working to provide you with the necessary tools to ensure smooth migration to MS graph PowerShell SDK.
Regarding the beta module, we are actively working to bring all necessary features out of beta to Microsoft graph API, especially managing features such as MFA or Administrative Units. We will also add Azure AD preview module cmdlets to the cmdlet map for reference. We are migrating all other legacy scenarios from MS Online and Azure AD (Beta & GA) PowerShell to Microsoft Graph PowerShell SDK. We anticipate that all functionalities will be available soon. 

Steel Contributor

Sorry, but how can you set a migration date of June when you haven't even finished completing the features? That gives us less than 4 months to migrate systems over.

I've been doing various things in this area recently, and I'm shocked at how much your own documentation still relies on the AzureAD module, which you're deprecating. You should have updated all of this documentation before announcing the change. How can you expect us to update all of our code when you can't be bothered to update your own documentation yourself?

If you can't find time to do all this work before deprecating the module, why expect us to?

Copper Contributor

Any update on how we can manage the PerUserMFA via API ? The cut off date (June 30) is few days away.

Copper Contributor

Hey there, any update on HTTP/2 support? Thanks

Co-Authors
Version history
Last update:
‎Jan 24 2023 07:49 AM
Updated by: