Azure AD Endpoint V1 vs V2

May 28, 2019 - 7 minute read

The objective of this memo is to summarize in one single page the main differences between Azure AD Endpoint V1 vs V2, with a focus on client libraries and supportability.

Date of comparison: 27 May 2019

In brief:

  V1 V2 Notes/References
Who can sign in Work
School Account
School Account</br>Guests</br>Personal (,…)
Incremental and dynamic consent No Yes With the Microsoft identity platform endpoint, you can ignore the static permissions defined in the app registration information in the Azure portal and request permissions incrementally
App can behave as Resource Scope (1 Resource -> n Scopes)
Well known scopes No Yes

Offline Access
Profile and Email
Supported by Microsoft Yes Yes (*) (*) The Microsoft identity platform endpoint (V2) doesn’t support all Azure AD scenarios and features.

To determine if you should use the Microsoft identity platform endpoint see limitations:
Protocols supported OpenID Connect
OpenID Connect
Recommended Client Library ADAL MSAL  
Platform supported (by supported client libraries) .NET, JavaScript, iOS, Android, Java, node.js and Python .NET, JavaScript, iOS, and Android, node.js  
Limitations on V2   Yes

Restrictions on app registrations
Restrictions on redirect URLs
Protocol changes

Restrictions on libraries and SDKs (see below)

Microsoft Identity Platform (V2): Restriction on libraries and SDKs

Currently, library support for the Microsoft identity platform endpoint is limited. If you want to use the Microsoft identity platform endpoint in a production application, you have these options:

Application Type Supportability level
Web Application use the generally available server-side middleware to perform sign-in and token validation.
Desktop or Mobile Application use one of the preview Microsoft Authentication Libraries (MSAL). These libraries are in a production-supported preview, so it is safe to use them in production applications.
Platforms not covered by Microsoft libraries you can integrate with the Microsoft identity platform endpoint by directly sending and receiving protocol messages in your application code.
3th party OpenID and OAuth Libraries The Microsoft identity platform endpoint should be compatible with many open-source protocol libraries without changes.

These libraries are not supported by Microsoft

Microsoft-supported libraries for V2 Endpoints


Support disclaimer: “Please note that during the preview we may make changes to the API, internal cache format, and other mechanisms of this library, which you will be required to take along with bug fixes or feature improvements. This may impact your application. For instance, a change to the cache format may impact your users, such as requiring them to sign in again. An API change may require you to update your code. When we provide the General Availability release we will require you to update to the General Availability version within six months, as applications written using a preview version of library may no longer work

Platform/Library Status  
JS/MSAL.js Preview
Angular JS (1.x)/MS Angular JS Preview
iOS/MSAL objective_C Preview
Android/Android MSAL Preview


Platform/Library Status  
.NET(+ core)
ASP.NET Security
IdentityModel Extensions for .NET
Node/Azure AD Passport</a> Stable/Supported

Brokered authentication and Single Sign On (SSO) are in roadmap:

Microsoft Supported Library for V1 Endpoints (ADAL)


Brokered Authentication and single sign are supported:

Platform/Library Status  
.NET Client, Windows Store, UWP, Xamarin iOS and Android Supported
.NET Client, Windows Store, Windows Phone 8.1 Supported
Javascript Supported
iOS, macOS Supported
Android Supported


Platform/Library Status  
.NET/OWIN Supported
Node.js/Azure AD Passport Supported

Breaking Changes

The authentication system alters and adds features on an ongoing basis to improve security and standards compliance. To stay up-to-date with the most recent developments, the following page provides information about the details: