QUESTION   How do I update my Active Directory Azure integration to use the MS Graph API?

ANSWER  We have the instructions you need!

NOTE  For new AD Azure configurations, please use our WAAD configuration supplement.

We've updated our AD Azure integration to leverage the MS Graph API in preparation for Microsoft's deprecation of the Azure Active Directory Graph API in June of 2022.

Please follow the steps below to update your existing configuration to ensure that the integration continues to work!

1. Log in to Microsoft Azure as an administrator and select the relevant Azure directory.

2. Select Azure Active Directory in the side bar.

3. Select the App Registrations option.

4. Choose the existing app you have set up for your Workplace Azure Active Directory integration.

5. Click API Permissions under the Manage menu.

6. Add Microsoft Graph delegated permissions:

   1. Click Add a Permission.
      

      
      

   2. Click MS Directory Graph:
      

   3. Click Delegated Permissions.

   4. Select the User.Read and the Directory.AccessAsUser.All options. Hint: Use the filter feature to help you locate the correct options.
      

   5. Click Add Permissions.
      

7. Add Microsoft Graph application permissions:

1. On the API Permission view, click Add a permission.

2. Click MS Directory Graph.

3. Click Application permissions and select the Directory.Read.All option. Hint: Use the filter feature to help you locate the correct options.
   

8. Remove Azure Active Directory Graph permissions:

   1. Click Add Permissions.

   2. On the API Permissions view, click Grant admin consent for {Company Name}, then click Yes when prompted to confirm.

   3. Click Active Directory Graph and Remove all permissions. Right-click on User.Read,Directory.Read.All and Directory.AccessAsUser.All and remove the permissions.
      

   4. Click Update permissions.
      

9. Go to Workplace > Configuration and click the sync icon on the AD tile (or click Manage and then the Sync button).