Migrate from ADFS to cloud authentication

Alex Wilber 0 Reputation points
2024-04-07T14:33:43.2033333+00:00

Currently, I'm using Staged Rollout to test a group of users for Password Hash Sync to use Microsoft 365 Seamless SSO.

However, now I would like to apply this for all the >10,000 users in the company.

And I know Staged Rollout is for testing small groups and not long-term.

If anyone can help what steps I should follow to migrate from ADFS to cloud authentication to have Microsoft 365 SSSO/SSO, please assist me the detail steps.

Thank you!

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,652 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Sandeep G-MSFT 19,021 Reputation points Microsoft Employee
    2024-04-12T04:02:54.5466667+00:00

    @Alex Wilber

    Thank you for posting this in Microsoft Q&A.

    As I understand you want to migrate your authentication from ADFS to cloud authentication (PHS). You have already tested this with staged rollout and everythings seems to work fine.

    Now, you are looking for plan to migrate all users to cloud authentication.

    There are 2 ways for you to migrate from ADFS to PHS authentication.

    You've two options for enabling this change:

    Option A: Switch using Microsoft Entra Connect.

    Available if you initially configured your AD FS/ ping-federated environment by using Microsoft Entra Connect.

    Option B: Switch using Microsoft Entra Connect and PowerShell

    Available if you didn't initially configure your federated domains by using Microsoft Entra Connect or if you're using third-party federation services.

    To choose one of these options, you must know what your current settings are.

    You can follow steps in below article to complete your migration,

    https://learn.microsoft.com/en-us/entra/identity/hybrid/connect/migrate-from-federation-to-cloud-authentication#verify-current-microsoft-entra-connect-settings

    Note: I would recommend you take backup of your federation settings before the migration process.

    You can follow below article for backing up federation settings,

    https://learn.microsoft.com/en-us/entra/identity/hybrid/connect/migrate-from-federation-to-cloud-authentication#back-up-federation-settings

    Let me know if you have any further questions.

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.