Introducing Microsoft Entra ID Recommendations For Identifying ADAL Applications

Den Delimarsky

Earlier this year we announced the sunset of the Azure AD Authentication Library (ADAL). ADAL has been officially deprecated on June 30th of this year. As part of this announcement, we heard clearly from our customers that they need help in identifying applications that still use ADAL in their tenants. Using the ADAL workbook enabled that, but required a few extra steps that we now made easier by directly integrating the functionality in the Azure Portal as well as the Microsoft Graph API.

Today we’re introducing a new way for developers and administrators to identify ADAL applications running in their tenant within web-based and local experiences that they already use – the Azure Portal and the Microsoft Graph PowerShell SDK. It’s all powered by Microsoft Entra ID Recommendations.

To get started, in the Azure Portal navigate to the Azure Active Directory blade, and in the Overview section click on Recommendations. If your tenant has active applications that are using ADAL, you will see recommendations appear within 24 hours from the last time the application acquired a token. To get details about a recommendation, along with next steps that will help you migrate to the modern Microsoft Authentication Library (MSAL)-based stack, click directly on the recommendation.

Screenshot of Azure AD recommendations in the Azure Portal

We also made sure that recommendations can be obtained programatically – whether you’re writing custom applications or monitoring scripts, you can use the Microsoft Graph PowerShell SDK to get the list of recommendations. If you want to customize your workflows even further, you can use the Microsoft Graph REST API directly by sending a GET request to:

To obtain the list of recommendations with Microsoft Graph PowerShell SDK, connect your account to the command-line interface (CLI):

  -Scopes "DirectoryRecommendations.Read.All, DirectoryRecommendations.ReadWrite.All"
  -Tenant MY_TENANT_ID

Next, select the beta API profile:

Select-MgProfile beta

And lastly, use Get-MgDirectoryRecommendation to get the list of recommendations associated with your tenant:

Get-MgDirectoryRecommendation -All | Format-List

Recommendations related to ADAL usage will contain detailed information about all ADAL applications, the first time those were detected, and instructions on how to migrate to MSAL.

We want your feedback

We’d love to hear your thoughts on the Microsoft Entra ID Recommendations experience for detecting ADAL applications! Let us know on by clicking the Got feedback? button in the Azure Portal.

1 comment

Discussion is closed. Login to edit/delete existing comments.

  • Bohren, Andres 0

    With the Release of Microsoft.Graph 2.0.0 “Select-MgProfile beta” can not be used anymore

    This will work with Microsoft.Graph 2.0.0
    Connect-MgGraph -Scopes “DirectoryRecommendations.Read.All, DirectoryRecommendations.ReadWrite.All”
    Get-MgBetaDirectoryRecommendation -All | Format-List

    Andres Bohren

Feedback usabilla icon