Establish an Azure AD footprint

Before you migrate identity and access management (IAM) from Active Directory to Azure Active Directory (Azure AD), you need to set up Azure AD.

Required tasks

If you're using Microsoft Office 365, Exchange Online, or Teams, then you're already using Azure AD. Your next step is to establish more Azure AD capabilities:

Optional tasks

The following functions aren't specific or mandatory to move from Active Directory to Azure AD, but we recommend incorporating them into your environment. These items are also recommended in the Zero Trust guidance.

Deploy passwordless authentication

In addition to the security benefits of passwordless credentials, passwordless authentication simplifies your environment because the management and registration experience is already native to the cloud. Azure AD provides passwordless credentials that align with various use cases. Use the information in this article to plan your deployment: Plan a passwordless authentication deployment in Azure Active Directory.

After you roll out passwordless credentials to your users, consider reducing the use of password credentials. You can use the reporting and insights dashboard to continue to drive the use of passwordless credentials and reduce the use of passwords in Azure AD.


During your application discovery, you might find applications that have a dependency or assumptions around passwords. Users of these applications need to have access to their passwords until those applications are updated or migrated.

Configure hybrid Azure AD join for existing Windows clients

You can configure hybrid Azure AD join for existing Active Directory-joined Windows clients to benefit from cloud-based security features such as co-management, conditional access, and Windows Hello for Business. New devices should be Azure AD joined and not hybrid Azure AD joined.

To learn more, check Plan your hybrid Azure Active Directory join implementation.

Next steps


Cloud transformation posture

Implement a cloud-first approach

Transition to the cloud