Service Update

Overview 

Microsoft is ending support for the Azure Active Directory Graph API.

What's changing

To allow for continued service, Mimecast will migrate all Azure Active Directory Synchronization integrations to the MS Graph API. For Mimecast to do so seamlessly, you need to grant the required API permissions to the Azure application you created for the Azure Active Directory Synchronization to your Mimecast account. This action should be completed as soon as possible and no later than June 14, 2022, to avoid the risk of service disruption. 

To allow for continued service for your Azure Active Directory Synchronization integration when Microsoft ends support for the Azure AD Graph API, Mimecast needs to migrate all Azure Active Directory connections to the MS Graph API. 

Recommended actions

For Mimecast to be able to seamlessly migrate your Azure Active Directory Synchronization integration to the MS Graph API, you need to grant the required API permissions to the Azure application you created for the Azure Directory Synchronization to your Mimecast account.

The below steps should be followed to grant the correct permissions for the Microsoft Graph API:

1. Log in to the Microsoft Azure Portal.
2. Navigate to Azure Active Directory.
3. Click on the App registrations menu item.
4. Search for the application created for Azure Directory Synchronization to your Mimecast account.
5. Open the application and click on the API Permissions option in the left-hand menu.
6. Click on the Add a permission button.
7. Select the Microsoft Graph option.
8. Click on the Application permissions button.
9. Expand the Directory section.
10. Select the Directory.Read.All option.
11. Expand the User section.
12. Select the User.Read.All option.
13. Click on the Add permissions button. The permissions should look like the example below:

14. Click on the Grant admin consent for… button.
15. To confirm consent, click on the Yes button.

The below steps should be followed to remove permissions / revoke Admin Consent for the Microsoft Graph API 

Removing Permissions:

1. Log in to the Microsoft Azure Portal.
2. Navigate to Azure Active Directory | App Registrations
3. Search for the application created for Azure Directory Synchronization to your Mimecast account.
4. Open the application and click API Permissions.
5. Click the icon next to the permission you want to remove.
6. Click Remove permission.

 

7. A confirmation pop-up will show to verify the action required.

Revoking Admin Consent :

1. Log in to the Microsoft Azure Portal.
2. Navigate to Azure Active Directory | App Registrations.
3. Search for the application created for Azure Directory Synchronization to your Mimecast account.
4. Open the application and click API Permissions.
5. Click the icon next to the permission you want to revoke.
6. Click Revoke Admin Consent.

7. A confirmation pop-up will show to verify the action required.

These permissions are necessary for your Azure Active Directory Synchronization integration to continue working correctly when Mimecast migrates your Directory connections to the MS Graph API. To avoid the risk of service disruption, please make these changes by June 14, 2022.

Monitoring

Mimecast will monitor if the permissions have been granted and will actively migrate integrations to the MS Graph API from June 1, 2022, onwards.

You can use the Test Connection feature to see if your Azure Active Directory integration has been migrated. We recommend testing from June 1, 2022.

To run a Directory Connection Test:

1. Log in to the Mimecast Administration Console
2. Navigate to Users & Groups | Directory Synchronization.
3. Select the Directory Synchronization.
4. Click on the Test Connection button.

 

Synchronization with Azure AD Graph API                                    Synchronization with Microsoft Graph API

Deployment Schedule

Migrations started on April 19, 2022, and have been completed on June 24, 2022. On this date, Mimecast has also updated this article to assist with resolving failing integrations due to incorrectly configured API permissions.

Current Status: Completed.