Hello all, looking for some clarification on whether the graph.windows.net deprecation will affect the Azure AD Application Proxy app registration created by Microsoft's AAD Application Proxy Connector. Here's the background:
Per Update your applications to use Microsoft Authentication Library and Microsoft Graph API I understand that Azure Active Directory Graph API is being deprecated in June 2022, and should start using Microsoft Graph.
Per Migrate Azure AD Graph FAQ, we compiled a list of applications currently using the soon-to-be-deprecated API. We were able to update all these apps but one, and that one is actually a Microsoft app! Specifically, the Microsoft AAD Application Proxy Connector.
We use the Microsoft AAD Application Proxy Connector to expose an internal NDES server over a public URL. We set this up per Microsoft's instructions here: active-directory-app-proxy-protect-ndes. After completing step 16 of these instructions (adding an Enterprise Application entry corresponding to the Application Proxy,) we get a corresponding App Registration with API Permission of Azure Active Directory Graph/User.Read.
In this particular case, I don't believe a call is ever actually made against an Azure Active Directory Graph endpoint, because we have Preauthentication set to Passthrough on that Enterprise Application. Perhaps that permission is granted by default to all application registrations? I would like to be extra positive that the app itself will not break after Azure Active Directory Graph stops responding, that is my primary question here. Especially given that there is no mention of ADAL or MSAL in application-proxy-release-version-history, which hasn't seen an update since mid-2020.
Thank you for your time.