Closed justinmchase closed 2 years ago
Microsoft Graph is a different API than the Azure API. Just as GitHub has a CLI, Cognitive Services have a CLI, Azure has a CLI and Microsoft Graph has a CLI.
Microsoft Graph is a SAAS API as compared to Azure which is PAAS/IAAS. This has a significant impact on the way users interact with data via applications. The application consent experience is very important when it comes to privacy and trust in Microsoft Graph. That concept really doesn't surface in Azure APIs.
Admittedly there is confusion because Azure AD was branded as an Azure for such a long time. However, several years ago there was a branding change to more accurately reflect Identity within Microsoft. It is now known as the Microsoft Identity Platform. https://www.microsoft.com/en-ca/security/business/identity-access-management/microsoft-identity-management-platform The Identity services are a SAAS service. Nobody considers dropping all the users in a tenant and redeploying them like you might do with websites.
While the portal experience remains in the Azure portal, the API surface area is in Microsoft Graph. There is no requirement to have an Azure subscription to use Microsoft Identity. You will note that there has never been ARM Template support for AD solutions because it was not an Azure control plane API.
The Azure CLI is unfortunately stuck in a bit of an uncanny valley of having a UX for an API that belongs somewhere else. I do believe the Azure CLI team is committed to keeping the functionality that exists today but new Identity functionality will be surfaced via Microsoft Graph and the Graph CLI.
Ok I'll think on this, it helps, thank you.
And I was able to work around my issue by using curl to call the graph api directly instead of using the az
cli tool. But my only feedback here is just that it may be useful to expand on this situation a little on the main README because its hard to understand from the outside and not in an altogether good state for users and easy to get frustrated.
Hi @justinmchase I'm glad you were able to work around your issue. I appreciate your feedback. I understand that it is a confusing situation and you're right we could probably add some clarity in the readme.
I see the blurb on the front about imitating the azure CLI but it may help to give an explanation on why this is being worked on instead of just putting all this effort into fixing the azure CLI.
I'm hitting some errors right now due to the Azure AD Graph api deprecation and the CLI does not yet support the Graph in some areas so I can't help but wonder how the deprecation could have happend before the defacto tool is updated and why effort was being spent here rather than on fixing that tool.