Microsoft Entra recommendation: Migrate apps from ADFS to Microsoft Entra ID

Microsoft Entra recommendations provides you with personalized insights and actionable guidance to align your tenant with recommended best practices.

This article covers the recommendation to migrate apps from Active Directory Federated Services (AD FS) to Microsoft Entra ID. This recommendation is called adfsAppsMigration in the recommendations API in Microsoft Graph.


As an admin responsible for managing applications, you want your applications to use the security features of Microsoft Entra ID and maximize their value. This recommendation shows up if your tenant has apps on ADFS that can 100% be migrated to Microsoft Entra ID.


Using Microsoft Entra ID gives you granular per-application access controls to secure access to applications. With Microsoft Entra B2B collaboration, you can increase user productivity. Automated app provisioning automates the user identity lifecycle in cloud SaaS apps such as Dropbox, Salesforce and more.

Action plan

  1. Install Microsoft Entra Connect on your AD FS server.
  2. Review the AD FS application activity report to get insights about your AD FS applications.
  3. Read the solution guide for migrating applications to Microsoft Entra ID.
  4. Migrate applications to Microsoft Entra ID. For more information, see the article Migrate from federation to cloud authentication.

Guided walkthrough

For a guided walkthrough of many of the recommendations in this article, see the migration guide Migrate from AD FS to Microsoft Entra ID for identity management when signed in to the Microsoft 365 Admin Center. To review best practices without signing in and activating automated setup features, go to the M365 Setup portal.

Next steps