Azure AD: Change Management Simplified
Published Mar 01 2022 03:34 PM 208K Views

Update: Update December 15th, 2022: ADAL end of support is now extended to June 30th, 2023. We will retire AAD Graph API any time after June 30th, 2023. Through the next six months (January 2023 – June 2023) we will continue informing customers about the upcoming end of support along with providing guidance on migration.


Hello Everyone, 


Rapid change is a growing reality in cloud services. In Azure AD alone, we are making hundreds of changes every year including new feature releases, changes to existing features, as well as deprecations and retirements. We’ve heard from our customers that managing these changes is becoming increasingly difficult so, starting today, we are simplifying change management for Azure AD.  


While we will continue to bring new capabilities to you throughout the year, feature deprecations and product retirement communications will be announced as part of bi-annual communication trains that will occur every March and September, with consistent end-of-support timelines (with some exceptions). With this new model, you’ll have predictable product and feature changes, making it easier to accelerate the adoption of newer and more secure technologies.  


Here’s the list of deprecation announcements that are part of the March 2022 train: 


  • We will retire the Azure AD Graph API any time after June 30th, 2023.   Listening closely to your feedback about the challenges of migrating such a critical dependency, we’re extending the retirement date. For more information, see Migrate Azure AD Graph apps to Microsoft Graph - Microsoft Graph | Microsoft Docs
  • We will continue to retire the Azure AD Graph and MSOnline PowerShell licensing assignment APIs and PowerShell cmdlets on August 26, 2022. Please migrate your apps to access the license managements APIs from Microsoft Graph. For more information, visit Migrate your apps to access the license managements APIs from Microsoft Graph - Microsoft Tech Commu... 
  • We stated before that if you’re using the Azure AD PowerShell or MSOnline PowerShell modules to manage Azure AD, we encourage you to try the Microsoft Graph PowerShell SDK. The Microsoft Graph PowerShell SDK continues to be where all our current and future PowerShell investments are being made. In light of the announcement to not turn off the Azure AD Graph API on June 30th, our goal is to also provide guidance and tools for migrating existing scripts and PowerShell processes, reliant on the Azure AD Graph API and MSOnline module, to the Microsoft Graph PowerShell SDK. This is due to the planned deprecation of the two PowerShell modules (MSOL & AAD) after December 2022. Check out more information here and here. 
  • ADAL end of life is extended from December 30th, 2022, to June 30th, 2023. While ADAL apps may continue to work, no support or security fixes will be provided past end of life.  In addition, there are no planned ADAL releases planned prior to end of life for features or support for new platform versions. For more information, see Update your applications to use Microsoft Authentication Library and Microsoft Graph API - Microsoft... 
  • We have begun the legacy TLS 1.0 and 1.1 protocol deprecations for the pPublic cloud and will continue with a gradual roll out of the deprecation over the course of this year. For more information seEnable TLS 1.2 support as Azure AD TLS 1.0/1.1 is deprecated - Active Directory | Microsoft Docs 
  • We will begin retiring past versions of Azure AD Connect Sync 12 months from the date they are superseded by a newer version. To upgrade your Azure AD Connect Sync server, follow these steps: Azure AD Connect: Upgrade from an earlier version  
  • We will enable combined MFA and SSPR security information registration for all non-enabled tenants created before Aug 2020. More information on this experience can be found here: Combined registration for SSPR and Azure AD Multi-Factor Authentication - Azure Active Directory | M...
  • The Azure Key Vault Team is working on enforcing soft delete protection on all key vaults to ensure that customer secrets, keys, and certificates are protected from accidental deletion. Soft Delete is a feature that allows deleted key vaults and secrets stored inside key vault to remain recoverable for a period of up to 90 days and allows customers to restore deleted secrets in a self-serve process. All existing key vault resources will have soft delete automatically enabled by February 1, 2025. Enabling soft delete is a one-way operation. Once enabled, the feature cannot be disabled. Learn more here: Soft-delete will be enabled on all key vaults 


2022 Change Communication Timeline:





Learn more about Microsoft identity: 

Version history
Last update:
‎Jan 18 2023 04:48 AM
Updated by: