Microsoft Deprecating ADAL June 2022

Steve Rackham included in categories Azure Active Directory PowerShell

2021-11-05 2021-11-05 470 words 3 minutes

Contents

Issue

Support for Active Directory Authentication Library (ADAL) will end on June 30, 2022

Microsoft advised last year that from June 2020 further development for ADAL would be discontinued and that customers should review their workloads and plan to migrate to MSAL before June 2022, when ADAL would be deprecated.

So, what is happening? Active Directory Authentication Library (ADAL) and the Azure AD Graph API will no longer respond to requests from Here is the initial announcement: Link

Here is the GitHub issue: Link

Why is this an issue?

If you check out the downloads of the ADAL package it is still being used extensively. The following link shows the graph of the last six weeks. https://www.nuget.org/stats/packages/Microsoft.IdentityModel.Clients.ActiveDirectory?groupby=Version

Yikes!

Any scripts or automation using the MSOnline PowerShell module will also break.

Use the newer Azure Active Directory V2 PowerShell module

Customers are encouraged to use the newer Azure Active Directory V2 PowerShell module instead of this module… This is a problem.

The MSOnline module has been deprecated for quite some time (a few years now), but not all the functionality has been migrated to the recommended modules. For example:

Microsoft further states:

“We don’t have an equivalent for Set-MsolDomainAuthentication or Get-MsolDomainAuthentication right now, but eventually these will be part of MS Graph module. The Azure AD module will die with the AAD graph shutdown in 2022.”

Regardless, there is a hard deadline, functionality or no.

Quote

On June 30, 2022, “apps using Azure AD Graph after this time will no longer receive responses from the Azure AD Graph endpoint. Apps using ADAL on existing OS versions will continue to work after this time but will not get any technical support or security updates,” Microsoft said.

So, what to do?

Solution

Determine Usage

First, how to determine what applications are using ADAL? Thankfully, Microsoft have provided some tools and guidance.

Get a complete list of apps using ADAL in your tenant

The article takes you through setting up capturing Azure AD activity sign-in logs and using a workbook to obtain a list of apps that are using ADAL in the tenancy.

Migrate

The previous article contains section for developers on how to update code to use the new MSAL libraries.

Guidance on on how to migrate from AAD Graph to Microsoft Graph is provided here: Azure Active Directory (Azure AD) Graph to Microsoft Graph migration FAQ

For the PowerShell MSOnline module, I am afraid there is no choice but to start using the Azure Active Directory PowerShell for Graph module, despite the lack of available features from the previous modules and that you have to work harder to get the same result

If you haven’t started checking your existing apps, sign-ins, scripts, functions, and other automation’s, I hope this helps get you motivated and started! This change will roll around fast.

Cheers!