Migrate Service Principals from the retiring Azure AD Graph APIs to Microsoft Graph - Can't find App using resource id

Hello , Welcome to MS Q&A

To identify the application making requests to the Azure AD Graph API, you can use the Microsoft Graph API . Here are some steps you can follow:

Use Graph Explorer: This tool allows you to make Microsoft Graph API calls to perform operations similar to those in the App Registration portal. You can access it here.

Check Application and Service Principal Objects: Use Microsoft Graph to inspect both the application object corresponding to your app registration and any service principals instantiated from that app. This can help you identify which app is making the requests.

PowerShell Option: If you prefer using PowerShell, you can invoke web requests to Microsoft Graph to gather the necessary information.

For more detailed guidance, you can refer to the Microsoft documentation on troubleshooting publisher verification.

These steps should help you locate the app that is still making Azure AD Graph API requests.

Please let me know if any ques

Kindly accept answer if it helps

Thanks

Deepanshu

Hello @Derek Gillespie,

In addition to the information provided by @Deepanshukatara-6769, please review my suggestions provided below.

Please note that Azure Active Directory (Azure AD) Graph is deprecated and is currently in its retirement path. Going forward, we will make no further investment in Azure AD Graph, and Azure AD Graph APIs have no SLA or maintenance commitment beyond security-related fixes. Investments in new features and functionalities will only be made in Microsoft Graph. We recommend that you migrate your apps to Microsoft Graph.

Key timelines in the retirement of Azure AD Graph is as follows:

• 2019: Initial announcement of the deprecation of Azure AD Graph. Retirement set for June 30, 2023.
• June 30, 2023: End of the three-year notice period for deprecation of Azure AD Graph. Azure AD Graph enters its retirement cycle.
• August 31, 2024: New applications created after this date will not be able to use Azure AD Graph unless they explicitly opt in for extended access. Existing applications will continue to work.
• February 1, 2025: All new and existing apps must explicitly opt in for extended access to use Azure AD Graph, including apps created before August 31, 2024.
• June 30, 2025: End of extended access to Azure AD Graph. Azure AD Graph will be fully retired.

For more information on the latest announcement, see Important: Update on Azure AD Graph API retirement.

There are two recommendations to migrate applications and service principals from Azure AD Graph APIs to Microsoft Graph. These recommendations are called aadGraphDeprecationApplication and aadGraphDeprecationServicePrincipal in the recommendations API in Microsoft Graph.

Description

The deprecation of Azure Active Directory (Azure AD) Graph APIs was announced in 2020 and are now in the retirement cycle. All applications and service principals need to migrate to the new Microsoft Graph APIs.

In general, applications and service principals that are still using Azure AD Graph APIs were developed by your organization or a vendor. These applications likely need to be updated by your developers or upgraded to a new version.

There are two recommendations associated with the deprecation of Azure AD Graph. One provides a list of applications and one provides a list of service principals. Both recommendations need to be addressed separately.

Applications and Service Principals

The Applications version of this recommendation details applications that are registered in your tenant and calling Azure AD Graph APIs. Think, app registrations in the Microsoft Entra admin center.

The Service Principals version of this recommendation details applications that are registered in another tenant, but consented for use in your tenant. Think, enterprise applications in the Microsoft Entra admin center. These applications could be supplied by a developer in your multitenant company or a software vendor. For Service Principals, you likely need to contact the vendor to identify how to get an update to a newer version of the application.

Value

Microsoft Graph offers a single unified endpoint to access Microsoft Entra and Microsoft 365 services. Microsoft Graph APIs have all the capabilities of Azure AD Graph APIs, plus many newer API features. The Microsoft Graph client libraries offer built-in support for features, such as retry handling, secure redirects, transparent authentication, and payload compression. These capabilities weren't available with Azure AD Graph.

Any applications or service principals still calling Azure AD Graph will be affected by future retirement activity. To prevent loss of functionality, we recommend migrating to Microsoft Graph.

Action plan

Both of the recommendations include a list of impacted resources. The process to review and update applications and service principals are similar.

1.Review the list of applications and service principals calling Azure AD Graph under Impacted Resources in the recommendations details.

2. Select the More Details link to view the following details about the Azure AD Graph API activity.

Operation Name: Description of the API operation, such as List Application, Create User, or Delete Group

Requests - 30 Days: The number of requests made by this application in the last 30 days

Last Request Date: The date and time the operation was last performed by the operation.

3. Work with the owner or publisher of the corresponding application to identify the steps required to update the application.

These recommendations show as Active until there is no Azure AD Graph API activity for 30 days. After 30 days of no Azure AD Graph API activity, that application or service principal is marked as Completed. Once all resources are addressed, the recommendation is marked as Completed.

Reference documents which will be helpful if you have any queries:

Migrate from Azure Active Directory (Azure AD) Graph to Microsoft Graph - Microsoft Graph | Microsoft Learn

Recommendation to migrate to Microsoft Graph API - Microsoft Entra ID | Microsoft Learn

Azure Active Directory (Azure AD) Graph app migration checklist - Microsoft Graph | Microsoft Learn

Azure AD Graph to Microsoft Graph migration FAQ - Microsoft Graph | Microsoft Learn

I hope this above information provided is helpful. Please feel free to reach out if you have any further questions.

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".