Blog Post

Core Infrastructure and Security Blog
4 MIN READ

Empower Your Cloud Identity: How to Convert User SOA from AD to Entra ID

Farooque's avatar
Farooque
Icon for Microsoft rankMicrosoft
Dec 15, 2025

Moving users from an on-premises identity model to a cloud‑first approach is a key milestone in modernizing your organization’s security and lifecycle management. For years, hybrid identity meant that Active Directory remained the Source of Authority (SOA), limiting what administrators could edit in the cloud and creating unnecessary dependencies on on‑prem infrastructure. With Microsoft’s new capability to transfer the user SOA to Entra ID, organizations can finally unlock full cloud‑native identity governance, streamline provisioning, reduce attack surface, and eliminate AD‑based constraints on user attributes. This shift enables a cleaner, more secure, and more scalable identity posture fully aligned with a modern Zero‑Trust cloud environment.

For years, hybrid identity has been the standard. We synchronize users from on-premises Active Directory (AD) to Microsoft Entra ID (formerly Azure AD), giving our people one set of credentials for b...
Published Dec 15, 2025
Version 1.0
Azure AD
entra id
smukherjee's avatar
smukherjee
Copper Contributor
Dec 16, 2025

Thanks for sharing this thread. This is what exactly I wanted to do for my client. One concern I have little bit concerned with accessing legacy applications using Kerberos (cloud kerberos trust will work anyway) and LDAP those cannot be used Entra SSO feature or cannot be migrated to cloud immediately. 
Also, if the AD join is removed from the end user devices and migrated to Entra join only then how would be the execution process?