You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: azure-stack/operator/graph-api-retirement.md
+28-23Lines changed: 28 additions & 23 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -17,15 +17,18 @@ The Microsoft Entra ID (formerly Azure Active Directory or Azure AD) [Graph API
17
17
18
18
The Graph API retirement affects all Azure Stack Hub customers, and requires you to run the script included in this article for all impacted applications. If you have applications that need continued access to the Graph APIs, the script sets a flag that configures these applications for an extension that allows these specific applications to continue calling the legacy Graph API until June 2025.
19
19
20
-
The PowerShell script provided in this article sets a flag for each application to configure the Graph API extension for your connected Azure Stack environments.
20
+
The PowerShell script provided in this article sets a flag for each application to configure the Graph API extension for each Entra ID identity provider of Azure Stack Hub.
21
21
22
-
To ensure that your connected Azure Stack environments continue functioning through the June cutoff date and beyond, you should run this script by the end of February 2025.
22
+
To ensure that your Azure Stack Hub environments that use Entra ID as an identity provider continue functioning, you should run this script by the end of February 2025.
23
+
24
+
> [!NOTE]
25
+
> If you delay adding this flag beyond February 2025, authentication will fail. You can then run this script to ensure your Azure Stack Hub functions as needed.
23
26
24
27
## Run the script
25
28
26
-
Run the following PowerShell script in your Azure Stack Hub environment to configure the Graph API extension. You can run the script after your environment is deployed. The script interacts with Azure, so you don't need to run it on a specific machine. However, you need administrator privileges to run the script, and you must run it in each of your directory tenants.
29
+
Run the following PowerShell script in your Entra ID environment that is used by Azure Stack Hub as the "home directory" (the main identity provider of your Azure Stack Hub). The script interacts with Azure, so you don't need to run it on a specific machine. However, you need at least "application administrator" privileges in the respective Entra ID tenant to run the script.
27
30
28
-
Make sure to run the following script with administrator privileges:
31
+
Make sure to run the following script with administrator privileges on the local machine:
29
32
30
33
```powershell
31
34
# Install the graph modules if necessary
@@ -92,31 +95,33 @@ The script displays the following sample output:
92
95
93
96
```output
94
97
Looking-up all applications in directory '<ID>'...
95
-
Found '3164' total applications in directory '<ID>'
96
-
Found '102' total Azure Stack deployments in directory '<app ID>'
97
-
Found '14' total Azure Stack applications which need permission to continue calling Legacy Microsoft Graph Service
Run the script a second time to verify that all applications were updated. The script should return the following output if all applications were successfully updated:
115
120
116
121
```output
117
122
Looking-up all applications in directory '<ID>'...
118
-
Found '3164' total applications in directory '<ID>>'
119
-
Found '102' total Azure Stack deployments in directory '<ID>>'
123
+
Found '####' total applications in directory '<ID>>'
124
+
Found '1' total Azure Stack deployments in directory '<ID>>'
120
125
Found '0' total Azure Stack applications which need permission to continue calling Legacy Microsoft Graph Service
0 commit comments