QUESTION   How do I update my Active Directory Entra ID (formerly Azure) integration to use the MS Graph API?

ANSWER  We have the instructions you need!

NOTE  For new Entra ID configurations, please use our Entra ID configuration supplement.

We've updated our Entra ID integration to leverage the MS Graph API in preparation for Microsoft's deprecation of the Entra ID Active Directory Graph API in June of 2022.

Please follow the steps below to update your existing configuration to ensure that the integration continues to work!

  1. Log in to Microsoft Entra ID as an administrator and select relevant Entra ID directory.

  2. Select Entra ID Active Directory in the side bar.the

  3. Select the App Registrations option.

  4. Choose the existing app you have set up for your Workplace Entra ID Active Directory integration.

  5. Click API Permissions under the Manage menu.

  6. Add Microsoft Graph delegated permissions:

    1. Click Add a Permission.


    2. Click MS Directory Graph:

    3. Click Delegated Permissions.

    4. Select the User.Read and the Directory.AccessAsUser.All options. Hint: Use the filter feature to help you locate the correct options.

    5. Click Add Permissions.

  7. Add Microsoft Graph application permissions:

    1. On the API Permission view, click Add a permission.

    1. Click MS Directory Graph.

    1. Click Application permissions and select the Directory.Read.All option. Hint: Use the filter feature to help you locate the correct options.

  8. Remove Entra ID Active Directory Graph permissions:

    1. Click Add Permissions.

    2. On the API Permissions view, click Grant admin consent for {Company Name}, then click Yes when prompted to confirm.

    3. Click Active Directory Graph and Remove all permissions. Right-click on User.Read,Directory.Read.All and Directory.AccessAsUser.All and remove the permissions.

    4. Click Update permissions.

  1. Go to Workplace > Configuration and click the sync icon on the AD tile (or click Manage and then the Sync button).