Differences between resources in Azure AD Graph and Microsoft Graph
This article is part of step 1: review API differences of the process to migrate apps.
When migrating apps from Azure Active Directory (Azure AD) Graph to Microsoft Graph, some resources have different names and different types. For example, if your Azure AD Graph app uses the TenantDetail resource, you need to update your code to refer to organization instead.
The following table highlights differences between Azure AD Graph and Microsoft Graph resources. It shows resources that have different names or aren't available; it also highlights resources available in the beta version of Microsoft Graph but not in the v1.0 version.
If a resource is not shown in this list, it's already available in the v1.0 version of Microsoft Graph, with the same name as in Azure AD Graph.
Note
Resource type names in Azure AD Graph are Pascal-cased, whereas in Microsoft Graph they are camel-cased.
| Azure AD Graph (v1.6) resource |
Microsoft Graph resource |
Comments |
|---|---|---|
| CertificateAuthorityInformation | beta - certificateAuthority v1.0 - certificateAuthority |
|
| Contact | beta - orgContact v1.0 - orgContact |
|
| DirectoryLinkChange | beta - New approach v1.0 - New approach |
Delta query supports relationship change detection with a mechanism that doesn't require this resource. See Feature differences between Azure AD Graph and Microsoft Graph. |
| OAuth2Permission | beta - permissionScope v1.0 - permissionScope |
|
| Policy | beta - policyRoot v1.0 - policyRoot |
Each type of policy has a unique type name and structure, under the policies URL path segment, in Microsoft Graph. In Azure AD Graph, the type was a single policy type. For example, for Azure AD Graph you would work with the Policy resource, and set the type property to TokenIssuancePolicy, while in Microsoft Graph the resource would be the tokenIssuancePolicy resource. |
| ProvisioningError | beta - Not available v1.0 - Not available |
This resource is deprecated. However, a new resource describing any AD Connect related provisioning errors can be found in onPremisesProvisioningError. |
| ServiceEndpoint | beta - endpoint v1.0 - endpoint |
endpoints are only available as part of the group and servicePrincipalresources in beta, and the group resource in both beta and v1.0. |
| SignInName | beta - New approach v1.0 - New approach |
New modeling for the identifiers used to sign into a user account. For more information, see objectIdentity resource type. Supports Azure AD B2C scenarios. |
| TenantDetail | beta - organization v1.0 - organization |
|
| TrustedCasForPasswordAuth | beta - certificateBasedAuthConfiguration v1.0 - certificateBasedAuthConfiguration |
|
| UserIdentity | beta - objectIdentity v1.0 - objectIdentity |
New modeling for the identifiers used to sign into a user account, called objectIdentity. Supports Azure AD B2C scenarios. |