-
Title
Migrate Service Principals from the retiring Azure AD Graph APIs to Microsoft Graph -
Description
In Microsoft 365 tenant, Enterprise application "Quest On Demand - Audit" is reported as an Impacted resource related to Microsoft notification for "Migrate Service Principals from the retiring Azure AD Graph APIs to Microsoft Graph". Checking the application Permissions, I see it using Windows Azure Active Directory API.
-
Resolution
From the Audit consent and the contained permissions in On Demand we can easily see we're not using that old permission anymore. We have moved to the equivalent graph API permission for some time now.
There must be an old consent app that contains the legacy permission. You are welcome to revoke that old Azure AD Graph "Directory.Read.All" permission from the app or you can delete the entire app and re-consent it again from On Demand. Whichever is easier.
This is documented in On Demand.
Go to Tenants and click "Edit Consents" on the tenant card. Locate Audit | Basic in the list and click the "View Details" link.