Breaking change to Microsoft Graph Users API: Updates to on-premises sync-enabled user contact numbers are no longer allowed

Microsoft Graph team

Today we’re announcing an upcoming breaking change to developers using the Microsoft Graph Users API. The Users API enables admins to get and set properties associated with user objects in Azure AD. This change will be rolling out to all tenants by October 5, 2020.

What is the change?

This bug fix will prevent Microsoft Graph updates to the mobilePhone property of users who are mastered on-premises and synced to Azure AD. To learn more about user properties, see the user resource topic.

Why the change?

When using Azure AD Connect to synchronize Active Directory users, groups, and contacts to Azure AD (the cloud), Microsoft Graph cannot update any of the properties of the associated cloud objects that are synchronized from an on-premises object. Updates to on-premises sync-enabled objects are prevented because any changes would be overwritten at the next Azure AD Connect sync cycle. Before this change, Microsoft Graph allowed updates from the cloud to the mobilePhone property of users mastered on-premises. This bug fix prevents this capability and ensures that changes to users and objects mastered on-premises can only be made in on-premises Active Directory.

What do I need to do?

Rather than using Microsoft Graph, Azure AD Graph, or PowerShell to make changes (which will be overwritten) to the mobilePhone property of a user synchronized from on-premises, admins should change the property directly on-premises. This way, the change will be synced to the cloud during the next sync cycle.

Example

Microsoft Graph API call before the change

Request: PATCH https://graph.microsoft.com/v1.0/me

Request body: {“mobilePhone”: “1112223333”}

Response: HTTP 204 No Content

Microsoft Graph API call after the change

Request: PATCH https://graph.microsoft.com/v1.0/me

Request body: {“mobilePhone”: “1112223333”}

Response: HTTP 400 Bad Request

{

“error”: {

“code”: “Request_BadRequest”,

“message”: “Unable to update the specified properties for on-premises mastered Directory Sync objects or objects currently undergoing migration.”,

“innerError”: {

“date”: timestamp,

“request-id”: request ID,

“client-request-id”: client request ID

}

}

}

 

Changes to Azure AD Graph (deprecated) and Azure AD PowerShell

This change applies to Microsoft Graph, Azure AD Graph, and Azure AD PowerShell.

Example

Azure AD PowerShell Cmdlet before the change

Cmdlet: Set-AzureADUser -ObjectId Key -Mobile “1112223333”

 

Azure AD PowerShell Cmdlet after the change

Cmdlet: Set-AzureADUser -ObjectId Key -Mobile “1112223333”

Response:

Set-AzureADUser : Error occurred while executing SetUser

Code: Request_BadRequest

Message: Unable to update the specified properties for on-premises mastered Directory Sync objects or objects currently undergoing migration.

 

Tell us what you think

We welcome your feedback. If you have any further questions, you can reach out to us on Stack Overflow.

-Microsoft Identity platform team

Discussion is closed.

Feedback usabilla icon