Moving from ADAL to MSAL for your Microsoft 365 integration

Microsoft has officially deprecated the Azure Active Directory Authentication Library (ADAL), and as of June 30, 2023, they ended all support and security fixes for it. Because ADAL is no longer maintained by Microsoft, keeping it active poses a security risk. 

MSAL Configuration Options

When you switch to MSAL, you’ll have two options. We highly recommend the server side option so your staff won't have to re-authenticate every 24 hours:

• MSAL Server side (Recommended): This is our top pick. It allows for longer, persistent sessions, meaning your users won't have to re-log in nearly as often. It does require a "Client Secret" from your Azure portal, but the smoother experience is well worth the extra step.

• MSAL Client side: This is easier to set up because it doesn't require a secret, but it comes with a catch: your users will be prompted to log in to the integration every 24 hours.

How to Set Up MSAL Server Side

If you’d like to go with the recommended server-side option to keep things easy for your users, just follow these steps:

Step 1: Generate a Client Secret in Microsoft Entra ID (Azure)

1. Log in to your Azure portal and head to Microsoft Entra ID.

2. Go to App registrations in the left menu and select your ThoughtFarmer integration.

3. Click Certificates & secrets in the left menu.

4. Under Client secrets, click + New client secret.

5. Give it a description (like "ThoughtFarmer MSAL") and choose an expiration date that fits your policy.

6. Important: Copy the text in the Value column immediately and save it somewhere safe. Azure hides this once you leave the page, and you’ll need it for the next part!

Step 2: Update your ThoughtFarmer settings

1. Log in to ThoughtFarmer as an admin.

2. Go to Admin panel > Integrations > Cloud drives and click the Microsoft 365 tab.

3. In the Authentication type section, select MSAL Server side.

4. Paste that Client Secret you just saved into the text box.

5. Hit Save.