azure CLI beta uses Azure AD Graph

Describe the bug

The Azure CLI beta described here says it uses the MS Graph API. When I run the Azure CLI command with the debug switch enabled, the CLI beta still uses the old Azure AD Graph API address.

Service Principals which are granted only MS Graph API permissions cannot be used with the Azure CLI beta to make changes in Azure AD. This can be demonstrated when trying to use an SP in an automation pipeline that will create an Azure AD Group.

To Reproduce

• create an Azure AD Service Principal that has the MS Graph Application API Permissions described here.
• Install the Azure CLI beta per the instructions above.
• Sign in to Azure as the Service Principal via the Azure CLI using this command: az login --service-principal -u $ARM_CLIENT_ID -p $ARM_CLIENT_SECRET --tenant "GUID HERE" --allow-no-subscriptions --debug
• Attempt to create an Azure AD Group with this command: az ad group create --display-name "YOUR GROUP NAME HERE" --mail-nickname "YOUR GROUP NAME HERE" --debug
• Note the response that the request is not authorized
• Note in the debug output that the Azure CLI shows the CLI passing API requests to https://graph.windows.net (the legacy Azure AD Graph API) and not the new API at https://graph.microsoft.com (the new MS Graph API). Per this documentation here.

Expected behavior

The Azure CLI beta uses the correct APIs that the documentation says it does.

Environment summary

• Mac OS 12.3.1
• Python 3.10 via HomeBrew
• Azure CLI beta installed per instructions here.

Additional context

Premier Support Case #: 2205030030000806