In March 2022, we announced our simplified change management process, which allows customers to predictably plan their deployments, and in June, we introduced Microsoft Entra as our new product family that encompasses all of Microsoft’s identity and access capabilities.
Since that time, we’ve continuously improved Azure Active Directory (Azure AD), released a public preview of an enhanced “My Apps” experience, and launched the general availability of Microsoft Entra Permissions Management and Microsoft Entra Verified ID.
To match the growth of our identity and access product family, we’ve expanded our change management process to cover all of Microsoft Entra. Today, we’re also sharing our September train for feature changes and breaking changes.
We communicate these changes every quarter to our customers with the blog and release notes and via email. We also continue to make it easier for our customers to manage lifecycle changes (deprecations, retirements, service breaking changes) within the new Entra admin center.
Below is a quick snapshot of our communication schedule of biannual product retirement news and quarterly breaking/feature change announcements.
Signals the retirement of a feature, capability, or product in a specified period.
Typically, at this point, new customers aren’t permitted to adopt the service/feature, and engineering investments are reduced for the specified feature.
At a later date, the feature will no longer be available to any customer as it reaches the “end-of-life” state.
2 x per year (Mar and Sep)
Breaking change announcement, feature change announcement
Breaking change: Expected to break the customer/partner experience if the customer doesn’t act or make a change in their workload for continued operation.
Feature change: Change to an existing Identity feature that doesn’t require customer action but is noticeable to the customer. These are typically UI/UX changes.
These changes generally happen more often and require a more frequent communication schedule.
4 x per year (Mar, June, Sep, and Nov)
September 2022 change announcements
Azure Multi-Factor Authentication Server
Beginning September 30, 2024, Azure Multi-Factor Authentication Server deployments will no longer service multi-factor authentication (MFA) requests, which could cause authentications to fail for your organization. To ensure uninterrupted authentication services and to remain in a supported state, organizations should migrate their users’ authentication data to the cloud-based Azure MFA service using the latest Migration Utility included in the most recent Azure MFA Server update. Learn more at Azure MFA Server Migration.
Enable HTTP/2 on the Graph service endpoint
Starting September 15, 2023, the Microsoft Graph engineering team plans to begin rollout of HTTP/2 support on the Graph service endpoint. HTTP/2 support will be in addition to existing HTTP/1.1 version support. Once HTTP/2 is enabled on the Microsoft Graph endpoints, clients that support HTTP/2 will negotiate this version when making requests to Microsoft Graph. Focus for improvements in the HTTP/2 specification concern performance, including perceived latency, and network and service resource usage (reference https://http2.github.io), including multiplexing, parallelism, and efficiency through binary encoding and header compression. These benefits may offer substantial value to Microsoft Graph clients and customers. HTTP/2 is expected to be entirely backwards-compatible with HTTP/1.1 and to require no code changes in client applications. It’s possible, in rare cases, that negative impact may occur with some client applications, if the application does not adhere to HTTP specifications concerning case-insensitive comparisons for Header keys.
Azure AD Graph API
Azure AD Graph will continue to function until June 30, 2023. This will be three years after the initial deprecation announcement. Based on Azure deprecation guidelines, we reserve the right to retire Azure AD Graph at any time after June 30, 2023, without advance notice. Though we reserve the right to turn it off after June 30, 2023, we want to ensure all customers migrate off and discourage applications from taking production dependencies on Azure AD Graph. Investments in new features and functionalities will only be made in Microsoft Graph. Going forward, we will continue to support Azure AD Graph with security-related fixes. We recommend prioritizing migration to Microsoft Graph. Please see Migrate Azure AD Graph apps to Microsoft Graph – Microsoft Graph | Microsoft Docs for more information.
Azure Active Directory Authentication Library (ADAL) Retirement
As previously announced, ADAL end-of-life is December 31, 2022. While ADAL apps may continue to work, no support or security fixes will be provided past end-of-life. In addition, there are no planned ADAL releases planned prior to end-of-life for features or planned support for new platform versions. We recommend prioritizing migration to Microsoft Authentication Library (MSAL). Please see Migrate to the Microsoft Authentication Library (MSAL) – Microsoft Entra | Microsoft Docs for more information.
Licensing Assignment API/Posh Retirement
We have updated the retirement date of the Azure AD Graph and MSOnline PowerShell licensing assignment APIs and PowerShell cmdlets for existing tenants to March 31, 2023. APIs and cmdlets will not work for new tenants created after November 1, 2022. We recommend prioritizing migration to MS Graph following the guidance in Migrate your apps to access the license managements APIs from Microsoft Graph – Microsoft Tech Commu… and in Find Azure AD and MSOnline cmdlets in Microsoft Graph PowerShell | Microsoft Docs.
As we continue to support your migration efforts, we’ll be extending the planned deprecation date of the three PowerShell Modules (Azure AD, Azure AD Preview, and MS Online) to June 30, 2023. The three modules will continue to work with minimal investment, apart from security updates. Depending on the status of Azure AD API, some cmdlets might stop working after June 30, 2023. The Microsoft Graph PowerShell SDK continues to be where all our current and future PowerShell investments are being made, and we encourage you to continue migrating to Microsoft Graph PowerShell SDK. We’re also working on tools and documentation for migrating existing scripts and PowerShell processes reliant on the Azure AD Graph and MSOnline module to the Microsoft Graph PowerShell SDK. Check out more information at Find Azure AD and MSOnline cmdlets in Microsoft Graph PowerShell | Microsoft Docs and Migrate from Azure AD PowerShell to the Microsoft Graph PowerShell SDK. | Microsoft Docs.
Azure AD Domain Services classic VNET support
As previously announced, in 2017 Azure AD Domain Services became available to host in an Azure Resource Manager network. Since then, we’ve built a more secure service using the Azure Resource Manager‘s modern capabilities. Because Azure Resource Manager deployments fully replace classic deployments, Azure AD DS classic virtual network deployments will be retired on March 1, 2023. Learn more about Migrate Azure AD Domain Services from a Classic virtual network | Microsoft Docs.
Follow ongoing monthly updates on our release notes page: What’s new? Release notes – Azure Active Directory – Microsoft Entra | Microsoft Docs.
As always, we’d love to hear your feedback or suggestions. Let us know what you think in the comments below or on the Azure AD feedback forum. You may also send your questions, open issues, and feature requests through Microsoft Q&A by using the tag #AzureADChangeManagementSept2022Train.
Stay tuned for more Microsoft Entra news at Microsoft Ignite, October 12-14!
Learn more about Microsoft Entra: