Migrate from Active Directory Federation Services (AD FS) to Microsoft Entra ID, previously known as Azure Active Directory. The new version includes features catered to address several obstacles encountered in the past. Features such as group filtering, token augmentation, certificate-based authentication, and group transformation are included. Additional capabilities now made accessible include phish-resistant passwordless authentication and conditional access.
- Jeremy Chapman, Director at Microsoft 365, discusses the process to migrate from AD FS to Microsoft Entra.
- He gives an in-depth view of the management experience and IT perspective.
- He provides a detailed guide on how to execute the migration process and walks through the setup.
- A discussion on Salesforce process is also included in his talk.
- Detailed documentation regarding the migration process and tutorials for common apps are available at https://aka.ms/migrateapps and https://aka.ms/adfs2 respectively.
Active Directory Federation Services (AD FS) is a single sign-on service that provides users with authenticated access to applications that are not capable of using integrated authentication methods. While effective in many ways, it has its limitations such as:
- Complexity in deployment and management
- Requires internal network to function
- Limited capability in terms of conditional access and threat intelligence
To improve upon these limitations, organizations are encouraged to migrate to Microsoft Entra ID, previously known as Azure Active Directory. This service has resolved many significant challenges that were present in AD FS:
- Certificate-based authentication: Improved security by identifying devices or users with a certificate.
- Group filtering: Enhanced management and organization with specific group targeting.
- Group transformation: Efficiently manipulate and transform data from one group to another.
- Token augmentation: Additional security through augmentation of tokens.
Microsoft Entra ID not only addresses these challenges but also introduces advanced features such as:
- Conditional access: Policies that enforce security rules whenever resources are accessed.
- Phish-resistant passwordless authentication: Enhanced protection from phishing with passwordless authentication.
Jeremy Chapman, the Director at Microsoft 365, provides an extensive guide to transitioning from AD FS to Microsoft Entra. This guide also gives an exclusive insight into the management and IT experience associated with this migration.
Further Discussion on Microsoft Entra
Microsoft Entra ID, initially called Azure Active Directory, is an identity as a service (IDaaS) solution that offers a number of capabilities. These include B2B and B2C identity services, machine learning-driven adaptive access controls, security alerts and reporting. Its integration with Microsoft 365, Azure and many third-party applications makes it a comprehensive solution for businesses. It offers flexibility, scalability, and security, making it a popular choice among organisations that are looking to unify their distributed IT ecosystem and secure their data.
Learn about AD FS to Microsoft Entra | How to migrate your cloud apps
In order to migrate from Active Directory Federation Services (AD FS) to Microsoft Entra ID, formerly Azure Active Directory, users need to understand the capabilities that are available with Microsoft Entra ID, such as certificate-based authentication, group filtering, group transformation, and token augmentation. Additionally, users need to understand the steps involved in migrating from AD FS to Microsoft Entra, as well as the management and IT experience with Microsoft Entra. The steps for migrating from AD FS to Microsoft Entra include comparing the management experience, understanding the IT perspective, walking through the setup, and understanding the Salesforce process. Tutorials and resources for the most common apps can be found at aka.ms/migrateapps, and hands-on guidance and detailed documentation for migration can be found at aka.ms/adfs2.
More links on about AD FS to Microsoft Entra | How to migrate your cloud apps
- Plan application migration to Azure Active Directory
- Jun 9, 2023 — Resources to help you migrate application access and authentication to Azure Active Directory (Azure AD). Understand the stages of migrating ...
- Understand the stages of migrating application ...
- Jun 9, 2023 — The migration process ; Stage 1 – Current state: The production app authenticates with AD FS. Diagram showing migration stage 1. ; Stage 2 – ( ...
- Migrate apps from ADFS to Azure AD
- Apr 4, 2023 — The Active Directory Federation Services (AD FS) application activity report lets you quickly migrate applications from AD FS to Azure Active ...
- Migrate from federation to cloud authentication
- May 4, 2023 — Migrate app authentication from AD FS to Azure AD Migration requires assessing how the application is configured on-premises, and then mapping ...
- Review the application activity report - Azure
- Mar 23, 2023 — The Active Directory Federation Services (AD FS) application activity report lets you quickly migrate applications from AD FS to Azure ...
- Upgrade from AD FS to Azure AD | Microsoft Security
- Migrate your app authentication to the cloud. Secure and manage all your apps from a single control plane by migrating app authentication and authorization from ...
- Phase 1: Discover and scope apps - Microsoft Entra
- May 31, 2023 — This article describes phase 1 of planning migration of applications from AD FS to Azure Active Directory.
- Resources for migrating apps to Azure Active Directory
- May 31, 2023 — The Active Directory Federation Services (AD FS) application activity report lets you quickly migrate applications from AD FS to Azure Active ...
- Migrate from federation to Azure AD CBA
- Feb 1, 2023 — The Active Directory Federation Services (AD FS) application activity report lets you quickly migrate applications from AD FS to Azure Active ...
Azure Active Directory, Certificate-based Auth, Group Filtering, Group Transformation, Token Augmentation, Conditional Access, Phish-resistant Passwordless Authentication, Migration Tutorials, Migration Resources, Migration Hands-on Guidance, Migration Detailed Documentation