check before: 2024-06-30
Product:
Entra, Intune, Microsoft 365 Apps, Microsoft Graph, SharePoint
Platform:
Android, Developer, iOS, Web, World tenant
Status:
Change type:
Admin impact, Updated message, User impact
Links:
Details:
Summary:
Azure AD Graph is retiring, and admins must migrate classic Conditional Access policies to Microsoft Graph by June 30, 2024. Failure to migrate will prevent new device enrollment and compliance via the Company Portal and Intune apps across various platforms.
Details:
Updated May 17, 2024: We have updated the timing of this change below. Thank you for your patience.
Azure Active Directory (Azure AD) Graph has been deprecated since mid-2023 and is in its retirement phase to allow applications time to migrate to Microsoft Graph. As part of our ongoing efforts to prepare for this, we will be updating the Intune Company Portal infrastructure to move to Microsoft Graph. With this update, by June 30, 2024, admins must migrate classic Conditional Access (CA) to the new policies and disable or delete policies for the Company Portal and Intune apps to continue working.
Change Category:
XXXXXXX ...
Scope:
XXXXXXX ...
Release Phase:
Created:
2024-04-20
updated:
2024-05-18
Task Type
XXXXXXX ...
Docu to Check
XXXXXXX ...
MS How does it affect me
XXXXXXX ...
MS Preperations
XXXXXXX ...
MS Urgency
XXXXXXX ...
MS workload name
XXXXXXX ...
Direct effects for Operations**
- Impact on IT Operations
- Migration Complexity
- The migration from classic Conditional Access policies to Microsoft Graph may require extensive testing and validation to ensure that all policies function as intended post-migration.
- Role Impacted: IT Operations Team, System Administrators
- Downtime Risk
- There is a potential risk of downtime during the migration process, which could affect user access to applications and services.
- Role Impacted: IT Operations Team, Service Desk
- Impact on IT Services
- Service Disruption
- If classic Conditional Access policies are not migrated by the deadline, services such as the Company Portal and Intune apps will become non-functional for new device enrollments and compliance checks.
- Role Impacted: IT Service Management, Application Support Teams
- Dependency on Microsoft Graph
- The reliance on Microsoft Graph for Conditional Access policies means that any issues with Microsoft Graph could directly impact the functionality of IT services.
- Role Impacted: IT Operations Team, Application Developers
- Impact on IT Users
- User Access Issues
- Users will be unable to enroll new devices or make non-compliant devices compliant if the migration is not completed, leading to frustration and potential productivity loss.
- Role Impacted: End Users, Help Desk Support
- Training and Support Needs
- Users may require additional training and support to understand any changes in the enrollment process or compliance checks post-migration.
- Role Impacted: Training Coordinators, Help Desk Support
- Impact on IT Administrators
- Increased Workload
- IT administrators will face an increased workload to ensure that all classic Conditional Access policies are migrated and tested before the deadline.
- Role Impacted: IT Administrators, Security Teams
- Policy Management Challenges
- Administrators will need to manage and monitor the new policies closely to ensure they meet organizational security requirements and do not inadvertently lock out users.
- Role Impacted: IT Security Teams, Compliance Officers
- Interdependencies with Other IT Services
- Integration with Other Microsoft Services
- The migration may affect integrations with other Microsoft services (e.g., SharePoint, Microsoft 365 Apps) that rely on Conditional Access policies for security and compliance.
- Role Impacted: IT Integration Teams, Application Support Teams
- Impact on Reporting and Analytics
- Changes in Conditional Access policies may affect reporting and analytics tools that rely on data from Azure AD Graph, potentially leading to gaps in compliance reporting.
- Role Impacted: IT Compliance Teams, Data Analysts
References:
- Microsoft Entra ID Conditional Access Policy Migration: https://learn.microsoft.com/entra/identity/conditional-access/policy-migration-mfa
- Microsoft Graph Migration Overview: https://learn.microsoft.com/graph/migrate-azure-ad-graph-overview
- Microsoft Intune Migration Guidance: https://aka.ms/Intune/migrate-classic-CA
Opportunities**
XXXXXXX ...
Potentional Risks**
XXXXXXX ...
Data Protection**
XXXXXXX ...paid membership only
Work Council statement**
XXXXXXX ...paid membership only
DPIA**
XXXXXXX ...paid membership only
** AI generated content. This information is not reliable.
the free basic plan is required to see all details. Sign up here
A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.
change history
Date | Property | old | new |
2024-05-18 | MC prepare | Before July 10, 2024, migrate your classic CA policies. For instructions, see Migrate from a classic policy - Microsoft Entra ID | Microsoft Learn.
We have published a blog with these details and will provide any additional updates or changes to the timeline there: Support tip: Migrate classic Conditional Access policies https://aka.ms/Intune/migrate-classic-CA https://learn.microsoft.com/entra/identity/conditional-access/policy-migration-mfa https://learn.microsoft.com/graph/migrate-azure-ad-graph-overview | Before June 30, 2024, migrate your classic CA policies. For instructions, see Migrate from a classic policy - Microsoft Entra ID | Microsoft Learn.
We have published a blog with these details and will provide any additional updates or changes to the timeline there: Support tip: Migrate classic Conditional Access policies https://aka.ms/Intune/migrate-classic-CA https://learn.microsoft.com/entra/identity/conditional-access/policy-migration-mfa https://learn.microsoft.com/graph/migrate-azure-ad-graph-overview |
2024-05-18 | MC Summary | Azure AD Graph is retiring, and admins must migrate classic Conditional Access policies to Microsoft Graph by July 10, 2024. Failure to migrate will prevent new device enrollment and compliance via the Company Portal and Intune apps across various platforms. | Azure AD Graph is retiring, and admins must migrate classic Conditional Access policies to Microsoft Graph by June 30, 2024. Failure to migrate will prevent new device enrollment and compliance via the Company Portal and Intune apps across various platforms. |
2024-05-18 | MC Last Updated | 04/19/2024 23:53:04 | 2024-05-17T22:50:10Z |
2024-05-18 | MC Messages | Azure Active Directory (Azure AD) Graph has been deprecated since mid-2023 and is in its retirement phase to allow applications time to migrate to Microsoft Graph. As part of our ongoing efforts to prepare for this, we will be updating the Intune Company Portal infrastructure to move to Microsoft Graph. With this update, by July 10, 2024, admins must migrate classic Conditional Access (CA) to the new policies and disable or delete policies for the Company Portal and Intune apps to continue working. | Updated May 17, 2024: We have updated the timing of this change below. Thank you for your patience.
Azure Active Directory (Azure AD) Graph has been deprecated since mid-2023 and is in its retirement phase to allow applications time to migrate to Microsoft Graph. As part of our ongoing efforts to prepare for this, we will be updating the Intune Company Portal infrastructure to move to Microsoft Graph. With this update, by June 30, 2024, admins must migrate classic Conditional Access (CA) to the new policies and disable or delete policies for the Company Portal and Intune apps to continue working. |
2024-05-18 | MC Action Required By | 2024-06-30T02:00:00Z | |
2024-05-18 | MC Title | Plan for Change: Migrate classic Conditional Access policies | (Updated) Plan for Change: Migrate classic Conditional Access policies |
2024-05-18 | MC MessageTagNames | User impact, Admin impact | Updated message, User impact, Admin impact |
Last updated 1 month ago