![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(236.8, 46%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECA%3C/text%3E%3C/svg%3E)
7,023 questions
The only thing you need to do is to disable the synchronization process, which indeed can be achieved by the above cmdlet. The Graph API/SDK does not currently offer a method to disable synchronization, so you're stuck with the good old Set-MsolDirSyncEnabled cmdlet.
After you run the cmdlet, it might take some time to process the changes on the backend, depending on the size of your tenant. Once the process completes, you will be able to manage any previously synchronized object directly within the M365/Entra admin center, or via PowerShell/Graph API. No further steps are needed.
Just for the sake of completeness, how are your users authenticating? Those additional steps you might have read about apply to scenarios where you have configured federation or leverages the PTA/SSO features that similarly redirect the sign-in process. If that's the case, additional steps such as converting the users or provisioning a password for them might be needed. If you are leveraging "native" cloud authentication or password sync, no further steps are needed.
