diff --git a/website/content/api-docs/secret/azure.mdx b/website/content/api-docs/secret/azure.mdx index 7cfe00fad1..7c00102d57 100644 --- a/website/content/api-docs/secret/azure.mdx +++ b/website/content/api-docs/secret/azure.mdx @@ -37,8 +37,7 @@ service principals. Environment variables will override any parameters set in th - `password_policy` `(string: "")` - Specifies a [password policy](/docs/concepts/password-policies) to use when creating dynamic credentials. Defaults to generating an alphanumeric password if not set. - `use_microsoft_graph_api` `(bool: true)` - Indicates whether the secrets engine should use the - [Microsoft Graph API](https://docs.microsoft.com/en-us/graph/use-the-api). If set to false, this will use the Azure - Active Directory API which has been [deprecated by Microsoft and will be removed in 2022](https://docs.microsoft.com/en-us/graph/migrate-azure-ad-graph-faq). + [Microsoft Graph API](https://docs.microsoft.com/en-us/graph/use-the-api). If set to true, the user specified via the `client_id` and `client_secret` will need to have the following permissions under the **Microsoft Graph API**: diff --git a/website/content/docs/secrets/azure.mdx b/website/content/docs/secrets/azure.mdx index a42d863123..332afc480f 100644 --- a/website/content/docs/secrets/azure.mdx +++ b/website/content/docs/secrets/azure.mdx @@ -225,38 +225,6 @@ principal using the Azure portal: - "Owner" role -### AAD (Azure Active Directory) - -~> Microsoft is shutting down their Azure Active Directory API and will be retiring it in 2022. If you are currently using this secret engine, you will need to update the -credentials to include Microsoft Graph API permissions and specify the -`use_microsoft_graph_api` configuration value as true. See the -[API Docs](/api-docs/secret/azure#use_microsoft_graph_api) for more details. - -As part of the retirement of Azure Active Directory, new service principals can no longer -be granted Azure Active Directory permissions using the Azure Portal. To add the neccessary -API permissions for AAD, the Azure CLI is suggested. The following commands will add the -correct privileges to an existing service principal: - -```shell -APP_ID='' - -az ad app permission add \ - --id ${APP_ID?} \ - --api 00000002-0000-0000-c000-000000000000 \ - --api-permissions \ - 1cda74f2-2616-4834-b122-5cb1b07f8a59=Role \ - 78c8a3c8-a07e-4b9e-af1b-b5ccab50a175=Role \ - 970d6fa6-214a-4a9b-8513-08fad511e2fd=Scope \ - 311a71cc-e848-46a1-bdf8-97ff7156d8e6=Scope - -az ad app permission grant --id ${APP_ID?} --api 00000002-0000-0000-c000-000000000000 -``` - -Additionally the following IAM roles are required and need to be added to the service -principal using the Azure portal: - -- "Owner" role - ### Migrating From AAD To Microsoft Graph In this example we will migrate the Azure secret engine from using Azure Active Directory