Property differences between Azure AD Graph and Microsoft Graph

This article is part of step 1: review API differences of the process to migrate apps.

In general, the best way to compare the Azure Active Directory (Azure AD) Graph API to Microsoft Graph is to compare the underlying metadata for each service, especially the resource descriptions:

This article highlights property differences between resources. If a property isn't shown in this list, it's already available in the v1.0 version of Microsoft Graph, with exactly the same name as in Azure AD Graph.

Because the user and group resources are so frequently used, they're listed first. Other resources are listed alphabetically.

User property differences

The Azure AD Graph User resource inherits from DirectoryObject; it has been renamed to user in Microsoft Graph and inherits from directoryObject.

The Microsoft Graph v1.0 endpoint returns a limited set of user properties by default, while Azure AD Graph returns all properties. To read other properties that aren't returned by default, specify them in a $select query. For more information, see the user resource type.

The following table lists the more property differences.

Azure AD Graph
(v1.6) property
Microsoft Graph
property
Comments
deletedTimestamp beta  -  deletedDateTime
v1.0  -  deletedDateTime
dirSyncEnabled beta  - onPremisesSyncEnabled
v1.0  -  onPremisesSyncEnabled
facsimileTelephoneNumber beta  -  faxNumber
v1.0  -  faxNumber
immutableId beta  - onPremisesImmutableId
v1.0  -  onPremisesImmutableId
isCompromised beta  -  Not available
v1.0  -  Not available
The Microsoft Graph identity protection API provides more sophisticated functionality.
lastDirSyncDateTime beta  - onPremisesLastSyncDateTime
v1.0  -  onPremisesLastSyncDateTime
mobile beta  -  mobilePhone
v1.0  -  mobilePhone
passwordProfile/enforceChangePasswordPolicy beta  -  passwordProfile/forceChangePasswordNextSignIn
v1.0  -  passwordProfile/forceChangePasswordNextSignIn
passwordProfile/forceChangePasswordNextLogin beta  -  passwordProfile/forceChangePasswordNextSignInWithMfa
v1.0  -  passwordProfile/forceChangePasswordNextSignInWithMfa
provisioningErrors beta  -  Not available
v1.0  -  Not available
This property and its information are deprecated. However, a new property describing any AD Connect related provisioning errors can be found in onPremisesProvisioningErrors
refreshTokensValidFromDateTime beta - signinSessionsValidFromDateTime
v1.0 - signinSessionsValidFromDateTime
signinNames beta  -  identities/signInType
v1.0  -  identities/signInType
This property is now part of the objectIdentity resource.
telephoneNumber beta  -  businessPhones
v1.0  -  businessPhones
thumbnailPhoto beta  -  photo, photos
v1.0  -  photo, photos
The Microsoft Entra thumbnail photo isn't available through Microsoft Graph. Use the photo API instead.
userIdentities beta  -  identities
v1.0  -  identities
See objectIdentity resource type for more details.
userState beta  -  externalUserState
v1.0  -  externalUserState
userStateChangedOn beta - externalUserStateChangeDateTime
v1.0 - externalUserStateChangeDateTime

Group property differences

The Azure AD Graph Group resource inherits from DirectoryObject; it has been renamed to group in Microsoft Graph and inherits from directoryObject. Here are the property differences:

Azure AD Graph
(v1.6) property
Microsoft Graph
property
Comments
dirSyncEnabled beta  - onPremisesSyncEnabled
v1.0  -  onPremisesSyncEnabled
lastDirSyncDateTime beta - onPremisesLastSyncDateTime
v1.0 - onPremisesLastSyncDateTime
provisioningErrors beta  -  Not available
v1.0  -  Not available
This property and its information are deprecated. However, a new property describing any AD Connect related provisioning errors can be found in onPremisesProvisioningErrors

Application property differences

The Azure AD Graph Application resource inherits from DirectoryObject; it has been renamed to application in Microsoft Graph and inherits from directoryObject. Here are the property differences:

Azure AD Graph
(v1.6) property
Microsoft Graph
property
Comments
acceptMappedClaims beta  - api/acceptMappedClaims
v1.0  -  api/acceptMappedClaims
acceptMappedClaims are now part of the new api resource.
availableToOtherTenants beta  -  signInAudience
v1.0  -  signInAudience
The default value for availableToOtherTenants is false (meaning AzureADMyOrg) while for signInAudience is AzureADandPersonalMicrosoftAccount.
errorUrl beta  - not available
v1.0  -  not available
This property is deprecated.
homepage beta  - web/homePageUrl
v1.0  -  web/homePageUrl
homepage is now part of the new web resource.
informationalUrls beta  - info
v1.0  -  info
knownClientApplications beta - api/knownClientApplications
v1.0  - api/knownClientApplications
knownClientApplications are now part of the new api resource.
logoutUrl beta  - web/logoutUrl
v1.0  -  web/logoutUrl
logoutUrl is now part of the web resource.
logoUrl beta  - info/logoUrl
v1.0  -  info/logoUrl
logoUrl is now part of the new info resource.
mainLogo beta  - logo
v1.0  -  logo
oauth2AllowIdTokenImplicitFlow beta - web/implicitGrantSettings/enableIdTokenIssuance
v1.0  - web/implicitGrantSettings/enableIdTokenIssuance
Renamed, and now part of the new implicitGrantSettings resource.
oauth2AllowImplicitFlow beta - web/implicitGrantSettings/enableAccessTokenIssuance
v1.0  - web/implicitGrantSettings/enableAccessTokenIssuance
Renamed, and now part of the new implicitGrantSettings resource.
oauth2AllowUrlPathMatching beta  - not available
v1.0  -  not available
This property is deprecated.
oauth2Permissions beta - api/oauth2PermissionScopes
v1.0  - api/oauth2PermissionScopes
Renamed and now part of the new api resource.
publicClient beta  -  isFallbackPublicClient
v1.0  -  isFallbackPublicClient
This property now has a new meaning  -  it contains the public client settings like redirectUris. Determining whether the app is a public or confidential client or not is now done automatically, with the isFallbackPublicClient property handling the one special case that can't be determined automatically.
recordConsentConditions beta  - not available
v1.0  -  not available
This property is deprecated.
replyUrls beta - web/redirectUris, publicClient/redirectUris
v1.0  - web/redirectUris, publicClient/redirectUris
And being renamed, redirectUris is now part of the new web and publicClient resources. This allows developers to use specific URIs for their web and public clients (such as an installed application on a desktop device).
samlMetadataUrl beta  -  samlMetadataUrl
v1.0  -  Not yet available
serviceEndpoints beta  -  Not available
v1.0  -  Not available
This property is deprecated, but is planned for servicePrincipal.

AppRoleAssignment differences

The Azure AD Graph AppRoleAssignment resource inherits from DirectoryObject; it has been renamed to appRoleAssignment in Microsoft Graph and inherits from directoryObject. Here are the property differences:

Azure AD Graph
(v1.6) property
Microsoft Graph
property
Comments
creationTimestamp beta  - creationTimestamp
v1.0  - createdDateTime
id beta  - appRoleId
v1.0  - appRoleId

Contact property differences

The Azure AD Graph Contact resource inherits from DirectoryObject; it has been renamed to orgContact in Microsoft Graph and inherits from directoryObject. Here are the property differences:

Azure AD Graph
(v1.6) property
Microsoft Graph
property
Comments
city beta - addresse/city
v1.0  -  addresses/city
The city property is part of the addresses resource collection.
country beta - addresses/countryOrRegion
v1.0 - addresses/countryOrRegion
The countryOrRegion property is part of the addresses resource collection.
dirSyncEnabled beta  - onPremisesSyncEnabled
v1.0  - onPremisesSyncEnabled
facsimileTelephoneNumber beta - phones/businessFax
v1.0  - phones/businessFax
Now part of the phones collection that supports various phone types.
physicalDeliveryOfficeName beta  - officeLocation
v1.0  -  officeLocation
postalCode beta - addresses/postalCode
v1.0  - addresses/postalCode
The postalCode property is part of the addresses resource collection.
provisioningErrors beta  -  not available
v1.0  -  not available
This property and its information are deprecated. However, a new property describing any AD Connect related provisioning errors can be found in onPremisesProvisioningErrors. Currently this is only available in beta.
sipProxyAddress beta  - imAddresses
v1.0  - imAddresses
state beta  - addresses/state
v1.0  -  addresses/state
The state property is part of the addresses resource collection.
streetAddress beta  - addresses/street
v1.0  - addresses/street
The street property is part of the addresses resource collection.
telephoneNumber beta - phones/business
v1.0  - phones/business
Now part of the phones collection that supports various phone types.
thumbnailPhoto beta  - Not yet available 
v1.0  -  Not yet available

Contract property differences

The Azure AD Graph Contract resource inherits from DirectoryObject; it has been renamed to contract in Microsoft Graph and inherits from directoryObject. Here are the property differences:

Azure AD Graph
(v1.6) property
Microsoft Graph
property
Comments
customerContextId beta  - customerId
v1.0  -  customerId

Device property differences

The Azure AD Graph Device resource inherits from DirectoryObject; it has been renamed to device in Microsoft Graph and inherits from directoryObject. Here are the property differences:

Azure AD Graph
(v1.6) property
Microsoft Graph
property
Comments
approximateLastLogonTimestamp beta - approximateLastSignInDateTime
v1.0  -  approximateLastSignInDateTime
complianceExpiryTime beta - complianceExpirationDateTime
v1.0  -  complianceExpirationDateTime
deviceObjectVersion beta - deviceVersion
v1.0  -  deviceVersion
deviceOSType beta - operatingSystem
v1.0  -  operatingSystem
deviceOSVersion beta - operatingSystemVersion
v1.0  -  operatingSystemVersion
devicePhysicalIds beta - physicalIds
v1.0  -  physicalIds
deviceTrustType beta - trustType
v1.0  -  trustType
dirSyncEnabled beta - onPremisesSyncEnabled
v1.0  -  onPremisesSyncEnabled
lastDirSyncTime beta - onPremisesLastSyncDateTime
v1.0  -  onPremisesLastSyncDateTime

DirectoryObject property differences

The Azure AD Graph DirectoryObject resource has been renamed to directoryObject in Microsoft Graph. The changes to its properties are seen in other resources that inherit from DirectoryObject. Here are the property differences:

Azure AD Graph
(v1.6) property
Microsoft Graph
property
Comments
deletionTimestamp beta - deletedDateTime
v1.0  -  deletedDateTime
While deletionTimestamp was a DateTime type, deletedDateTime is a DateTimeOffset type.
objectId beta - id
v1.0  -  id
The id property in Microsoft Graph is inherited from the entity resource.
objectType beta - Not available
v1.0  -  Not available
This property isn't used in Microsoft Graph. Instead, Microsoft Graph returns the @odata.type property but only for APIs that might return objects of different types or derived types. For example, the List group members API might return members who are users, groups, service principals, organizational contacts, or devices. For users, the @odata.type is #microsoft.graph.user.

DirectoryObjectReference property differences

The Azure AD Graph DirectoryObjectReference resource inherits from DirectoryObject; it has been renamed to directoryObjectPartnerReference in Microsoft Graph and inherits from directoryObject. Here are the property differences:

Azure AD Graph
(v1.6) property
Microsoft Graph
property
Comments
externalContextId beta - externalPartnerTenantId
v1.0  -  externalPartnerTenantId

Domain property differences

The Azure AD Graph Domain resource has been renamed to domain in Microsoft Graph. Here are the property differences:

Azure AD Graph
(v1.6) property
Microsoft Graph
property
Comments
name beta - id
v1.0  -  id
In Microsoft Graph, the unique identifier (ID) contains the domain name; the name property doesn't exist.
forceDeleteState beta - state
v1.0  -  state
In Azure AD Graph, there are separate forceDelete and domain state properties. In Microsoft Graph, all domain states are handled by the state property.
isDefaultForCloudRedirections beta - Not yet available 
v1.0  -  Not yet available

OAuth2PermissionsGrant property differences

The Azure AD Graph OAuth2PermissionsGrant resource has been renamed to oAuth2PermissionsGrant in Microsoft Graph. Here are the property differences:

Azure AD Graph
(v1.6) property
Microsoft Graph
property
Comments
expiryTime beta - expiryTime
v1.0 - Removed
This property isn't used and is removed in Microsoft Graph v1.0.
startTime beta - startTime
v1.0 - Removed
This property isn't used and is removed in Microsoft Graph v1.0.

Policy property differences

In Microsoft Graph, there are named policy types (such as tokenIssuancePolicy or tokenLifetimePolicy) rather than a generic policy resource type. More details are available in the policy overview.

ServiceEndpoint property differences

The Azure AD Graph ServiceEndpoint resource inherits from DirectoryObject; it has been renamed to endpoint in Microsoft Graph and inherits from directoryObject. Here are the property differences:

Azure AD Graph
(v1.6) property
Microsoft Graph
property
Comments
serviceId beta - providerId
v1.0  - providerId
serviceName beta - providerName
v1.0  - providerName
resourceId beta - providerResourceId
v1.0  - providerResourceId

ServicePrincipal property differences

The Azure AD Graph ServicePrincipal resource inherits from DirectoryObject; it has been renamed to servicePrincipal in Microsoft Graph and inherits from directoryObject. Here are the property differences:

Azure AD Graph
(v1.6) property
Microsoft Graph
property
Comments
appOwnerTenantId beta - appOwnerOrganizationId
v1.0  - appOwnerOrganizationId
Renamed.
informationalUrls beta  - info
v1.0  -  info
oauth2Permissions beta  - publishedPermissionScopes
v1.0  - oauth2PermissionScopes
Renamed.
preferredTokenSigningKeyEndDateTime beta - Not yet available
v1.0  - Not yet available
signInAudience beta - Not yet available
v1.0  - Not yet available
serviceEndpoints beta - endpoint
v1.0  - endpoint
Renamed.

TenantDetails property differences

The Azure AD Graph TenantDetail resource inherits from DirectoryObject; it has been renamed to organization in Microsoft Graph and inherits from directoryObject. Here are the property differences:

Azure AD Graph
(v1.6) property
Microsoft Graph
property
Comments
companyLastDirSyncTime beta - onPremisesLastSyncDateTime
v1.0 - onPremisesLastSyncDateTime
dirSyncEnabled beta - onPremisesSyncEnabled
v1.0  -  onPremisesSyncEnabled
provisioningErrors beta - Not available
v1.0 - Not available
This property and its information are deprecated.
telephoneNumber beta - businessPhones
v1.0 - businessPhones

TrustedCasForPasswordlessAuth property differences

The Azure AD Graph TrustedCasForPasswordlessAuth resource has been renamed to certificateBasedAuthConfiguration. There are no property differences; however, there are differences in the certificateAuthority resource type used by the certificateAuthorities property.

CertificateAuthorityInformation property differences

The Azure AD Graph CertificateAuthorityInformation has been renamed to certificateAuthority in Microsoft Graph. The following are the property differences.

Azure AD Graph
(v1.6) property
Microsoft Graph
property
Comments
authorityType beta - isRootAuthority
v1.0  - isRootAuthority
This property's type has also changed into a Boolean. Previously this property had to be set to either "RootAuthority" or "IntermediateAuthority". Setting the new property to true is equivalent to "RootAuthority".
crlDistributionPoint beta - certificateRevocationListUrl
v1.0 - certificateRevocationListUrl
deltaCrlDistributionPoint beta - deltaCertificateRevocationListUrl
v1.0 - deltaCertificateRevocationListUrl
trustedCertificate beta - certificate
v1.0 - deltaCertificateRevocationListUrl
trustedIssuer beta - issuer
v1.0 - issuer
trustedIssuerSki beta - issuerSki
v1.0  - issuerSki

Next Steps