====== Preparing for Azure AD Graph retirement ======

===== Outline =====

**Azure AD Graph** is an API gateway to Azure services, including authentication. This allows employees of organizations that have [[general:registering_an_organziation_with_the_app_store|registered with the Industrial App Store]] to log in using their work credentials.

Microsoft have deprecated Azure AD Graph in favour of [[https://docs.microsoft.com/en-us/graph/overview|Microsoft Graph]]. We expect Azure AD Graph to be discontinued some time in 2023. 

Intelligent Plant are preparing for this transition and currently request organizations to grant user.read consent to both Azure AD Graph and Microsoft Graph. However, if your organization registered before Microsoft Graph was available they will need to re-register now.


===== Is my organization affected? =====

An Azure AD administrator for your organization can check current Graph consents:

 1. Log in to [[https://portal.azure.com|Azure Portal]]


 2. Navigate to Azure Active Direcory > Enterprise Applications > Intelligent Plant Industrial App Store > Security > Permissions
  
{{ :general:msgraph01.png?600 |}}
  
  
If Microsoft Graph User.Read claim is **not** listed, then action is required.  
  
  
===== How to grant user.read consent to Microsoft Graph? =====

The easiest method is to simply repeat the Organization Registration process:

  * [[general:registering_an_organziation_with_the_app_store|Registering an Organization with the Industrial App Store]]


===== References =====
 
  * [[https://techcommunity.microsoft.com/t5/azure-active-directory-identity/update-your-applications-to-use-microsoft-authentication-library/ba-p/1257363|Update your applications to use Microsoft Authentication Library and Microsoft Graph API]]