Review app registration, permissions, and consent

This article is part of step 3: review app details of the process to migrate apps.

For any app update, there are three areas to consider:

  • App registration: You can continue to use your existing app registration (appId) in your application code.

    You do not have to re-register your app to migrate to Microsoft Graph. Update the code, test heavily, and then deploy your update.

  • Permissions: You should change your configured permissions to the equivalent Microsoft Graph permissions. Delegated permissions that were granted for Azure Active Directory (Azure AD) Graph are implicitly considered granted for Microsoft Graph also. Application permissions (app roles) need to be granted again. For a comparison, review how Azure AD Graph permissions map to Microsoft Graph permissions.

    If your update also includes the use of features or capabilities that aren't available to Azure AD Graph, you likely need to request permissions for these new features. If that's the case, you can switch your app to use MSAL and the Microsoft identity platform endpoint, and request additional/incremental consent dynamically. Find more details about switching to MSAL in review app authentication library changes.

  • Consent: End-users who have granted consent for delegated permissions (or for whom an admin granted consent) can continue using your app without being asked to grant consent again.

    Users who have consented for your app to access their data can continue to use your app after it's been updated to use Microsoft Graph, without being asked to consent again. New users are prompted for consent.

However, if you use new features, services, or add additional capabilities, you might need new permissions applicable to those features and end-user consent might be required. In such cases, consent is requested when tokens are refreshed.

Next step