Property differences between Azure AD Graph and Microsoft Graph

This article is part of step 1: review API differences of the process to migrate apps.

In general, the best way to compare the Azure Active Directory (Azure AD) Graph API to Microsoft Graph is to compare the underlying metadata for each service, especially the resource descriptions, which are available through the following endpoints:

This article highlights property differences between resources. If a property isn't shown in this list, it's already available in the v1.0 version of Microsoft Graph, with exactly the same name as in Azure AD Graph.

Because the user and group resources are so frequently used, they're listed first. Other resources are listed alphabetically.

User property differences

The Azure AD Graph User resource inherits from DirectoryObject; In Microsoft Graph, it's user and inherits from directoryObject.

The Microsoft Graph v1.0 endpoint returns a limited set of user properties by default, while Azure AD Graph returns all properties. To read other properties that aren't returned by default, specify them in a $select query. For more information, see the user resource type.

The following table lists the more property differences.

Azure AD Graph
(v1.6) property
Microsoft Graph
property
Comments
deletedTimestamp beta  -  deletedDateTime
v1.0  -  deletedDateTime
dirSyncEnabled beta  - onPremisesSyncEnabled
v1.0  -  onPremisesSyncEnabled
facsimileTelephoneNumber beta  -  faxNumber
v1.0  -  faxNumber
immutableId beta  - onPremisesImmutableId
v1.0  -  onPremisesImmutableId
isCompromised beta  -  Not available
v1.0  -  Not available
The Microsoft Graph identity protection APIs provide more risk detection functionality.
lastDirSyncDateTime beta  - onPremisesLastSyncDateTime
v1.0  -  onPremisesLastSyncDateTime
mobile beta  -  mobilePhone
v1.0  -  mobilePhone
passwordProfile/enforceChangePasswordPolicy beta  -  passwordProfile/forceChangePasswordNextSignIn
v1.0  -  passwordProfile/forceChangePasswordNextSignIn
passwordProfile/forceChangePasswordNextLogin beta  -  passwordProfile/forceChangePasswordNextSignInWithMfa
v1.0  -  passwordProfile/forceChangePasswordNextSignInWithMfa
provisioningErrors beta  -  Not available
v1.0  -  Not available
This property and its information are deprecated. However, a new property describing any AD Connect-related provisioning errors can be found in onPremisesProvisioningErrors property.
refreshTokensValidFromDateTime beta - signinSessionsValidFromDateTime
v1.0 - signinSessionsValidFromDateTime
signinNames beta  -  identities/signInType
v1.0  -  identities/signInType
This property is now part of the objectIdentity resource.
telephoneNumber beta  -  businessPhones
v1.0  -  businessPhones
thumbnailPhoto beta  -  photo, photos
v1.0  -  photo, photos
The Microsoft Entra thumbnail photo isn't available through Microsoft Graph. Use the photo API instead.
userIdentities beta  -  identities
v1.0  -  identities
For more information, see objectIdentity resource type.
userState beta  -  externalUserState
v1.0  -  externalUserState
userStateChangedOn beta - externalUserStateChangeDateTime
v1.0 - externalUserStateChangeDateTime

Group property differences

The Azure AD Graph Group resource inherits from DirectoryObject; In Microsoft Graph, it's group and inherits from directoryObject. The properties differ as follows:

Azure AD Graph
(v1.6) property
Microsoft Graph
property
Comments
dirSyncEnabled beta  - onPremisesSyncEnabled
v1.0  -  onPremisesSyncEnabled
lastDirSyncDateTime beta - onPremisesLastSyncDateTime
v1.0 - onPremisesLastSyncDateTime
provisioningErrors beta  -  Not available
v1.0  -  Not available
This property and its information are deprecated. However, a new property describing any AD Connect-related provisioning errors can be found in onPremisesProvisioningErrors property.

Application property differences

The Azure AD Graph Application resource inherits from DirectoryObject; In Microsoft Graph, it's application and inherits from directoryObject. The properties differ as follows:

Azure AD Graph
(v1.6) property
Microsoft Graph
property
Comments
acceptMappedClaims beta  - api/acceptMappedClaims
v1.0  -  api/acceptMappedClaims
acceptMappedClaims is now part of the new apiApplication resource.
availableToOtherTenants beta  -  signInAudience
v1.0  -  signInAudience
The default value in Azure AD Graph is false (meaning AzureADMyOrg) while for in Microsoft Graph is AzureADandPersonalMicrosoftAccount.
errorUrl beta  - not available
v1.0  -  not available
This property is deprecated.
homepage beta  - web/homePageUrl
v1.0  -  web/homePageUrl
The property is now part of the new webApplication resource.
informationalUrls beta  - info
v1.0  -  info
knownClientApplications beta - api/knownClientApplications
v1.0  - api/knownClientApplications
The collection is now part of the new apiApplication resource.
logoutUrl beta  - web/logoutUrl
v1.0  -  web/logoutUrl
The property is now part of the webApplication resource.
logoUrl beta  - info/logoUrl
v1.0  -  info/logoUrl
The property is now part of the new informationalUrl resource.
mainLogo beta  - logo
v1.0  -  logo
oauth2AllowIdTokenImplicitFlow beta - web/implicitGrantSettings/enableIdTokenIssuance
v1.0  - web/implicitGrantSettings/enableIdTokenIssuance
Renamed, and now part of the new implicitGrantSettings resource.
oauth2AllowImplicitFlow beta - web/implicitGrantSettings/enableAccessTokenIssuance
v1.0  - web/implicitGrantSettings/enableAccessTokenIssuance
Renamed, and now part of the new implicitGrantSettings resource.
oauth2AllowUrlPathMatching beta  - not available
v1.0  -  not available
This property is deprecated.
oauth2Permissions beta - api/oauth2PermissionScopes
v1.0  - api/oauth2PermissionScopes
Renamed and now part of the new apiApplication resource.
publicClient beta  -  isFallbackPublicClient
v1.0  -  isFallbackPublicClient
This property now has a new meaning  -  it contains the public client settings like redirectUris. Microsoft Entra ID determines whether the app is a public or confidential client or not, with the isFallbackPublicClient property handling the one special case that Microsoft Entra ID can't determine automatically.
recordConsentConditions beta  - not available
v1.0  -  not available
This property is deprecated.
replyUrls beta - web/redirectUris, publicClient/redirectUris
v1.0  - web/redirectUris, publicClient/redirectUris
And being renamed, redirectUris is now part of the new webApplication and publicClient complex types. This grouping allows developers to use specific URIs for their web and public clients (such as an installed application on a desktop device).
samlMetadataUrl beta  -  samlMetadataUrl
v1.0  -  Not yet available
serviceEndpoints beta  -  Not available
v1.0  -  Not available
This property is deprecated, but is available in the servicePrincipal entity.

AppRoleAssignment differences

The Azure AD Graph AppRoleAssignment resource inherits from DirectoryObject; In Microsoft Graph, it's appRoleAssignment and inherits from directoryObject. The properties differ as follows:

Azure AD Graph
(v1.6) property
Microsoft Graph
property
Comments
creationTimestamp beta  - creationTimestamp
v1.0  - createdDateTime
id beta  - appRoleId
v1.0  - appRoleId

Contact property differences

The Azure AD Graph Contact resource inherits from DirectoryObject; iIn Microsoft Graph, it's orgContact and inherits from directoryObject. The properties differ as follows:

Azure AD Graph
(v1.6) property
Microsoft Graph
property
Comments
city beta - postalAddresses/city
v1.0  -  postalAddresses/city
The city property is part of the physicalAddress resource.
country beta - postalAddresses/countryOrRegion
v1.0 - postalAddresses/countryOrRegion
The countryOrRegion property is part of the physicalAddress resource.
dirSyncEnabled beta  - onPremisesSyncEnabled
v1.0  - onPremisesSyncEnabled
facsimileTelephoneNumber beta - phones/businessFax
v1.0  - phones/businessFax
Now part of the phone resource that supports various phone types.
physicalDeliveryOfficeName beta  - officeLocation
v1.0  -  officeLocation
postalCode beta - postalAddresses/postalCode
v1.0  - postalAddresses/postalCode
The postalCode property is part of the physicalAddress resource.
provisioningErrors beta  -  not available
v1.0  -  not available
This property and its information are deprecated. However, a new property describing any AD Connect-related provisioning errors can be found in onPremisesProvisioningErrors property.
sipProxyAddress beta  - imAddresses
v1.0  - imAddresses
state beta  - postalAddresses/state
v1.0  -  postalAddresses/state
The state property is part of the physicalAddress resource.
streetAddress beta  - postalAddresses/street
v1.0  - postalAddresses/street
The street property is part of the physicalAddress resource.
telephoneNumber beta - phones/business
v1.0  - phones/business
Now part of the phone resource that supports various phone types.
thumbnailPhoto beta  - Not yet available 
v1.0  -  Not yet available

Contract property differences

The Azure AD Graph Contract resource inherits from DirectoryObject; In Microsoft Graph, it's contract and inherits from directoryObject. The properties differ as follows:

Azure AD Graph
(v1.6) property
Microsoft Graph
property
Comments
customerContextId beta  - customerId
v1.0  -  customerId

Device property differences

The Azure AD Graph Device resource inherits from DirectoryObject; In Microsoft Graph, it's device and inherits from directoryObject. The properties differ as follows:

Azure AD Graph
(v1.6) property
Microsoft Graph
property
Comments
approximateLastLogonTimestamp beta - approximateLastSignInDateTime
v1.0  -  approximateLastSignInDateTime
complianceExpiryTime beta - complianceExpirationDateTime
v1.0  -  complianceExpirationDateTime
deviceObjectVersion beta - deviceVersion
v1.0  -  deviceVersion
deviceOSType beta - operatingSystem
v1.0  -  operatingSystem
deviceOSVersion beta - operatingSystemVersion
v1.0  -  operatingSystemVersion
devicePhysicalIds beta - physicalIds
v1.0  -  physicalIds
deviceTrustType beta - trustType
v1.0  -  trustType
dirSyncEnabled beta - onPremisesSyncEnabled
v1.0  -  onPremisesSyncEnabled
lastDirSyncTime beta - onPremisesLastSyncDateTime
v1.0  -  onPremisesLastSyncDateTime

DirectoryObject property differences

The Azure AD Graph DirectoryObject resource is directoryObject in Microsoft Graph. The changes to its properties are seen in other resources that inherit from DirectoryObject. The properties differ as follows:

Azure AD Graph
(v1.6) property
Microsoft Graph
property
Comments
deletionTimestamp beta - deletedDateTime
v1.0  -  deletedDateTime
While deletionTimestamp was a DateTime type, deletedDateTime is a DateTimeOffset type.
objectId beta - id
v1.0  -  id
The id property in Microsoft Graph is inherited from the entity resource.
objectType beta - Not available
v1.0  -  Not available
This property isn't used in Microsoft Graph. Instead, Microsoft Graph returns the @odata.type property but only for APIs that might return objects of different types or derived types. For example, the List group members API might return members who are users, groups, service principals, organizational contacts, or devices. For users, the @odata.type is #microsoft.graph.user.

DirectoryObjectReference property differences

The Azure AD Graph DirectoryObjectReference resource inherits from DirectoryObject; In Microsoft Graph, it's directoryObjectPartnerReference and inherits from directoryObject. The properties differ as follows:

Azure AD Graph
(v1.6) property
Microsoft Graph
property
Comments
externalContextId beta - externalPartnerTenantId
v1.0  -  externalPartnerTenantId

Domain property differences

The Azure AD Graph Domain resource is domain in Microsoft Graph. The properties differ as follows:

Azure AD Graph
(v1.6) property
Microsoft Graph
property
Comments
name beta - id
v1.0  -  id
In Microsoft Graph, the id property contains the domain name; the name property doesn't exist.
forceDeleteState beta - state
v1.0  -  state
In Azure AD Graph, there are separate forceDelete and domain state properties. In Microsoft Graph, the state property handles all domain states.
isDefaultForCloudRedirections beta - Not yet available 
v1.0  -  Not yet available

OAuth2PermissionsGrant property differences

The Azure AD Graph OAuth2PermissionsGrant resource is oAuth2PermissionsGrant in Microsoft Graph. The properties differ as follows:

Azure AD Graph
(v1.6) property
Microsoft Graph
property
Comments
expiryTime beta - expiryTime
v1.0 - Removed
This property isn't used and is removed in Microsoft Graph v1.0.
startTime beta - startTime
v1.0 - Removed
This property isn't used and is removed in Microsoft Graph v1.0.

Policy property differences

In Microsoft Graph, there are named policy types (such as tokenIssuancePolicy or tokenLifetimePolicy) rather than a generic policy resource type. More details are available in the policy overview.

ServiceEndpoint property differences

The Azure AD Graph ServiceEndpoint resource inherits from DirectoryObject; In Microsoft Graph, it's endpoint and inherits from directoryObject. The properties differ as follows:

Azure AD Graph
(v1.6) property
Microsoft Graph
property
Comments
serviceId beta - providerId
v1.0  - providerId
serviceName beta - providerName
v1.0  - providerName
resourceId beta - providerResourceId
v1.0  - providerResourceId

ServicePrincipal property differences

The Azure AD Graph ServicePrincipal resource inherits from DirectoryObject; In Microsoft Graph, it's servicePrincipal and inherits from directoryObject. The properties differ as follows:

Azure AD Graph
(v1.6) property
Microsoft Graph
property
Comments
appOwnerTenantId beta - appOwnerOrganizationId
v1.0  - appOwnerOrganizationId
Renamed.
informationalUrls beta  - info
v1.0  -  info
oauth2Permissions beta  - publishedPermissionScopes
v1.0  - oauth2PermissionScopes
Renamed.
preferredTokenSigningKeyEndDateTime beta - Not yet available
v1.0  - Not yet available
signInAudience beta - Not yet available
v1.0  - Not yet available
serviceEndpoints beta - endpoint
v1.0  - endpoint
Renamed.

TenantDetails property differences

The Azure AD Graph TenantDetail resource inherits from DirectoryObject; In Microsoft Graph, it's organization and inherits from directoryObject. The properties differ as follows:

Azure AD Graph
(v1.6) property
Microsoft Graph
property
Comments
companyLastDirSyncTime beta - onPremisesLastSyncDateTime
v1.0 - onPremisesLastSyncDateTime
dirSyncEnabled beta - onPremisesSyncEnabled
v1.0  -  onPremisesSyncEnabled
provisioningErrors beta - Not available
v1.0 - Not available
This property and its information are deprecated.
telephoneNumber beta - businessPhones
v1.0 - businessPhones

TrustedCasForPasswordlessAuth property differences

The Azure AD Graph TrustedCasForPasswordlessAuth resource is certificateBasedAuthConfiguration. There are no property differences; however, there are differences in the certificateAuthority resource type used by the certificateAuthorities property.

CertificateAuthorityInformation property differences

The Azure AD Graph CertificateAuthorityInformation is certificateAuthority in Microsoft Graph. The following are the property differences.

Azure AD Graph
(v1.6) property
Microsoft Graph
property
Comments
authorityType beta - isRootAuthority
v1.0  - isRootAuthority
This property's is now a Boolean. In Azure AD Graph, this property had to be set to either RootAuthority or IntermediateAuthority. In Microsoft Graph, setting the new property to true is equivalent to RootAuthority.
crlDistributionPoint beta - certificateRevocationListUrl
v1.0 - certificateRevocationListUrl
deltaCrlDistributionPoint beta - deltaCertificateRevocationListUrl
v1.0 - deltaCertificateRevocationListUrl
trustedCertificate beta - certificate
v1.0 - deltaCertificateRevocationListUrl
trustedIssuer beta - issuer
v1.0 - issuer
trustedIssuerSki beta - issuerSki
v1.0  - issuerSki

Next step