Share via

Remove ADFS Details from Entra Connect After Successful Migration from Federation to Cloud Authentication

Shubham Sharma 20 Reputation points
2025-06-15T09:18:27.62+00:00

I have successfully performed the migration from federated authentication to cloud authentication for our Azure AD environment.

The migration itself went smoothly and we are now authenticating directly against Azure AD instead of ADFS.

However, when I check Entra Connect Sync > Manage Federation, I still see details of ADFS present there.

My questions are:

  1. Why are the ADFS details still visible under “Manage Federation” after the migration
  2. How can I safely clear or remove these ADFS details now that we’re no longer using ADFS?
  3. Are there any best practices or additional clean-up steps I should follow to fully disconnect ADFS from our Azure AD configuration?

Any guidance or step-by-step instructions would be greatly appreciated.

Microsoft Security | Microsoft Entra | Microsoft Entra ID
0 comments
Accepted answer
  1. Megan Truong 720 Reputation points Independent Advisor
    2025-06-16T08:37:36.56+00:00

    Hello @Shubham Sharma

    Thank you for contacting Q&A Forum. If you can still see see details of ADFS present even after successfully migrating from federated authentication to cloud authentication, this is normal and doesn’t mean ADFS is still active. It's due to the domain federation settings in Entra ID haven’t been explicitly removed and Entra Connect itself still leaves historical federation configuration for reference or rollback purposes.

    You can remove any remaining ADFS reference by:

    • Verify Domain Is Using Cloud Authentication

    Run this PowerShell command using the Microsoft Graph PowerShell module:

    Get-MgDomainFederationConfiguration -DomainId yourdomain.com

    If federation settings are still present, you can remove them.

    • Convert Domain to Managed (Cloud Authentication)

    Use this command to switch the domain to managed:

    Set-MgDomainAuthenticationConfiguration -DomainId yourdomain.com -FederationSettings $null

    After removing all references of ADFS, please make sure to do the following steps:

    • Decommission ADFS Servers (if no longer needed for other apps).
    • Remove Relying Party Trusts from ADFS for Microsoft 365.
    • Update DNS Records if they pointed to ADFS endpoints.
    • Monitor Sign-ins in Entra ID to ensure no failed ADFS attempts.
    • Document the Migration and backup any ADFS configurations before full removal.
    • install the Microsoft Entra Connect to check if the legacy settings still exist or not.

    Kindly let me know if this work for you and please let me know if you have any further questions.

    If I have answered your question, please accept this answer as a token of appreciation and don't forget to give a thumbs up for "Was it helpful"!

    Best regards,

    Megan

    1 person found this answer helpful.
    0 comments

3 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Andy David - MVP 157.8K Reputation points MVP Volunteer Moderator
    2025-06-15T15:09:20.5433333+00:00
  2. Shubham Sharma (OneStepGroup) 30 Reputation points
    2025-06-16T09:52:21.8933333+00:00

    Hello Megan,

    I can confirm that no domains remain in federation, as shown in the screenshot of Entra. However, I still see the federation configuration in Microsoft Entra.

    My question is specifically about removing the federation settings from Entra Connect Sync.

    Additionally, in your response, you suggested installing Entra Connect Sync. Could you clarify what you mean by that? We recently upgraded Entra Connect Sync to the latest version—do we actually need a fresh installation? Let me know your thoughts!
    User's image

  3. Shubham Sharma 20 Reputation points
    2025-06-19T10:33:27.62+00:00

    I have followed the above process and enabled it via Microsoft Entra Connect:

    Open Microsoft Entra Connect

    Navigate to Configure > Change user sign-in

    Selected Cloud Authentication (Password Hash Sync / Pass-through Authentication)

    Completed the wizard to update the configuration

    However, I still see the federation settings listed under Manage Federation. Since this is a production environment, I cannot uninstall and reinstall Entra Connect. Therefore, I will leave it as-is, assuming the historical federation metadata is retained. This may automatically be cleared during a future Entra Connect upgrade.
    Thanks, team, for your support.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.