Migrate applications to the Microsoft Authentication Library (MSAL)
If any of your applications use the Azure Active Directory Authentication Library (ADAL) for authentication and authorization capabilities, it's time to migrate them to the Microsoft Authentication Library (MSAL).
- All Microsoft support and development for ADAL, including security fixes, ended on June 30, 2023.
- There were no ADAL feature releases or new platform version releases planned prior to the deprecation date.
- No new features have been added to ADAL since June 30, 2020.
Warning
Azure Active Directory Authentication Library (ADAL) has been deprecated. While existing apps that use ADAL will continue to work, Microsoft will no longer release security fixes on ADAL. Use the Microsoft Authentication Library (MSAL) to avoid putting your app's security at risk.
Why switch to MSAL?
If you've developed apps using the Azure AD (v1.0) endpoint, you're likely using ADAL. Since Microsoft identity platform (v2.0) endpoint has changed significantly, the new library (MSAL) was entirely built for the new endpoint.
MSAL is designed to enable a secure solution without developers having to worry about the implementation details. It simplifies and manages acquiring, managing, caching, and refreshing tokens, and uses best practices for resilience. We recommend you use MSAL to increase the resilience of authentication and authorization in client applications that you develop.
MSAL provides multiple benefits over ADAL, including the following features:
Features | MSAL | ADAL |
---|---|---|
Security | ||
Security fixes beyond June 2023 | ||
Proactively refresh and revoke tokens based on policy or critical events for Microsoft Graph and other APIs that support Continuous Access Evaluation (CAE). | ||
Standards compliant with OAuth v2.0 and OpenID Connect (OIDC) | ||
User accounts and experiences | ||
Microsoft Entra accounts | ||
Microsoft account (MSA) | ||
Azure AD B2C accounts | ||
Authentication experiences | ||
Throttling | ||
Auth broker support | ||
Token protection |
Additional capabilities of MSAL over ADAL
- Proof of possession tokens
- Microsoft Entra certificate-based authentication (CBA) on mobile
- System browsers on mobile devices
- Where ADAL had only authentication context class, MSAL exposes the notion of a collection of client apps (public client and confidential client).
AD FS support in MSAL
You can use MSAL.NET, MSAL Java, MSAL.js, and MSAL Python to get tokens from Active Directory Federation Services (AD FS) 2019 or later. Earlier versions of AD FS, including AD FS 2016, are unsupported by MSAL.
If you need to continue using AD FS, you should upgrade to AD FS 2019 or later before you update your applications from ADAL to MSAL.
How to migrate to MSAL
Before you start the migration, you need to identify which of your apps are using ADAL for authentication. Follow the steps in this article to get a list by using the Azure portal:
After identifying applications that use ADAL, migrate them to MSAL depending on your app type:
Single-page app (SPA)
Mobile app
Service / daemon app
MSAL Supports a wide range of application types and scenarios. Refer to Microsoft Authentication Library support for several application types.
ADAL to MSAL migration guide for different platforms are available in the following links:
- Migrate to MSAL iOS and macOS
- Migrate to MSAL Java
- Migrate to MSAL.js
- Migrate to MSAL .NET
- Migrate to MSAL Node
- Migrate to MSAL Python
Migration help
If you have questions about migrating your app from ADAL to MSAL, here are some options:
- Post your question on Microsoft Q&A and tag it with
[azure-ad-adal-deprecation]
. - Open an issue in the library's GitHub repository. See the Languages and frameworks section of the MSAL overview article for links to each library's repo.
If you partnered with an Independent Software Vendor (ISV) in the development of your application, we recommend that you contact them directly to understand their migration journey to MSAL.
Next steps
For more information about MSAL, including usage information and which libraries are available for different programming languages and application types, see: