Authenticate Microsoft Graph apps with the Azure AD v2.0 endpoint
Building apps for enterprise customers? Your app might not work if your enterprise customer turns on enterprise mobility security features like conditional device access.
To support all enterprise customers across all enterprise scenarios, you must use the Azure AD endpoint and manage your apps using the Azure Management Portal. For more information, see Deciding between the Azure AD and Azure AD v2.0 endpoints.
By using the Azure AD v2.0 endpoint, you can create apps that accept both work and school (Azure Active Directory) as well as personal (Microsoft account) identities.
In the past, if you wanted to develop an app to support both Microsoft accounts and Azure Active Directory, you had to integrate with two completely separate systems. Using the Azure AD v2.0 endpoint, you can now support both types of accounts with a single integration - one simple process to reach an audience that spans millions of users with both personal and work/school accounts.
After you integrate your apps with the Azure AD v2.0 endpoint, they can instantly access the Microsoft Graph endpoints available for both personal and work or school accounts, such as:
Note: Some Microsoft Graph endpoints, such as groups and tasks, are not applicable to personal accounts.
Microsoft Graph authentication scopes
The Azure AD v2.0 endpoint supports all permission scopes listed in Microsoft Graph permission scopes.
For more information about using scopes with the Azure AD v2.0 endpoint, and how it differs from using resources in Azure AD, see Scopes, not resources.
See it in action
The Connect samples in the Microsoft Graph repo provide simple examples of how to authenticate users and connect to Microsoft Graph across a wide range of platforms.
In addition, the Get Started section contains articles that describe how to create these sample apps, including the authentication libraries used on each platform.