Start a conversation

Mimecast: Azure Active Directory Synchronization Migration to MS Graph API

Microsoft is ending support for the Azure Active Directory Graph API. To allow for continued service, Mimecast will migrate all Azure Active Directory Synchronization integrations to the MS Graph API. For Mimecast to do so, you need to grant the required  API permissions to the Azure application you created for the Azure Active Directory Synchronization to your Mimecast account. It is important that this action be completed as soon as possible and no later than June 14, 2022 to avoid the risk of service disruption. 

 

Overview 

To allow for continued service for your Azure Active Directory Synchronization integration when Microsoft ends support for the Azure AD Graph API, Mimecast needs to migrate all Azure Active Directory connections to the MS Graph API. 

 

Required Actions

For Mimecast to be able to migrate your Azure Active Directory Synchronization integration to the MS Graph API, you need to grant the required API permissions to the Azure application you created for the Azure Directory Synchronization to your Mimecast account.

The below steps should be followed to grant the correct permissions for both the Azure Active Directory Graph API, as well as the Microsoft Graph API:
 

  1. Log in to the Microsoft Azure Portal.
  2. Navigate to Azure Active Directory.
  3. Click on the App registrations menu item.
  4. Search for the application created for Azure Directory Synchronization to your Mimecast account.
  5. Open the application and click on the API Permissions option in the left-hand menu.
  6. Click on the Add a permission button.
  7. Click on the APIs my organization uses option.
  8. Search for and select the Windows Azure Active Directory item.
  9. Click on the Application permissions button.
  10. Expand the Directory section.
  11. Select the Directory.Read.All option
  12. Click on the Add permissions button and you will be navigated back to the Configured permissions.
  13. Click on the Add a permission button again.
  14. Select the Microsoft Graph option.
  15. Click on the Application permissions button.
  16. Expand the Directory section.
  17. Select the Directory.Read.All option.
  18. Expand the User section.
  19. Select the User.Read.All option.
  20. Click on the Add permissions button. The permissions should look like the example below:

Graphical user interface, text, application Description automatically generated

  1. Click on the Grant admin consent for… button.
  2. To confirm consent, click on the Yes button.


These permissions are necessary for your Azure Active Directory Synchronization integration to continue working correctly when Mimecast migrates your Directory connections to the MS Graph API. To avoid the risk of service disruption, please make these changes by June 14, 2022.
 

Monitoring

Mimecast will monitor if the permissions have been granted and will actively migrate integrations to the MS Graph API from June 1, 2022 onwards.

To see if your Azure Active Directory integration has been migrated, you can use the “Test Connection” feature. We recommend you to test from June 1, 2022.

test.connection.png

Synchronization with Azure AD Graph API                                    Synchronization with Microsoft Graph API


Deployment Schedule

Migrations started on April 19, 2022 and are expected to complete on June 21, 2022. 


Current Status: Scheduled.
Choose files or drag and drop files
Was this article helpful?
Yes
No
  1. Carlos Rios

  2. Posted

Comments