Microsoft is ending support for the Azure Active Directory Graph API. To allow for continued service, Mimecast will migrate all Azure Active Directory Synchronization integrations to the MS Graph API. For Mimecast to do so, you need to grant the required API permissions to the Azure application you created for the Azure Active Directory Synchronization to your Mimecast account. It is important that this action be completed as soon as possible and no later than June 14, 2022 to avoid the risk of service disruption.
Overview
To allow for continued service for your Azure Active Directory Synchronization integration when Microsoft ends support for the Azure AD Graph API, Mimecast needs to migrate all Azure Active Directory connections to the MS Graph API.
Required Actions
For Mimecast to be able to migrate your Azure Active Directory Synchronization integration to the MS Graph API, you need to grant the required API permissions to the Azure application you created for the Azure Directory Synchronization to your Mimecast account.
The below steps should be followed to grant the correct permissions for both the Azure Active Directory Graph API, as well as the Microsoft Graph API:
- Log in to the Microsoft Azure Portal.
- Navigate to Azure Active Directory.
- Click on the App registrations menu item.
- Search for the application created for Azure Directory Synchronization to your Mimecast account.
- Open the application and click on the API Permissions option in the left-hand menu.
- Click on the Add a permission button.
- Click on the APIs my organization uses option.
- Search for and select the Windows Azure Active Directory item.
- Click on the Application permissions button.
- Expand the Directory section.
- Select the Directory.Read.All option
- Click on the Add permissions button and you will be navigated back to the Configured permissions.
- Click on the Add a permission button again.
- Select the Microsoft Graph option.
- Click on the Application permissions button.
- Expand the Directory section.
- Select the Directory.Read.All option.
- Expand the User section.
- Select the User.Read.All option.
- Click on the Add permissions button. The permissions should look like the example below:
- Click on the Grant admin consent for… button.
- To confirm consent, click on the Yes button.
These permissions are necessary for your Azure Active Directory Synchronization integration to continue working correctly when Mimecast migrates your Directory connections to the MS Graph API. To avoid the risk of service disruption, please make these changes by June 14, 2022.
Monitoring
Mimecast will monitor if the permissions have been granted and will actively migrate integrations to the MS Graph API from June 1, 2022 onwards.
To see if your Azure Active Directory integration has been migrated, you can use the “Test Connection” feature. We recommend you to test from June 1, 2022.
Synchronization with Azure AD Graph API Synchronization with Microsoft Graph API
Deployment Schedule
Migrations started on April 19, 2022 and are expected to complete on June 21, 2022.
Current Status: Scheduled.
Carlos Rios
Comments