Best approach for migrating AD joined devices to Entra ID without wiping user profiles?

Currently on the same situation and we have used before EBF for our Mobile Device Migration and now we are evaluating if EBF can do Hyrbrid>Entra ID migration on the same tenant without WIPE. Will share details soon if it works!

Microsoft currently does not support an in-place conversion from traditional Active Directory (AD) or Hybrid AD to Microsoft Entra ID join. The official recommendation remains a wipe/reset followed by Autopilot deployment.

You can try scripted migration approach to avoid user disruption. This involves transitioning devices individually from on-prem AD to Entra ID.

A few key considerations if you go down this path:

• Keep Azure AD Connect in place during the transition so user identities stay consistent while devices are migrated gradually.
• Prepare your environment in advance: Move Group Policy Objects (GPOs) to Intune, Enable automatic MDM enrollment
• Review Conditional Access policies, Validate line-of-business apps and file share access
• Ensure a local admin account is available on devices to prevent lockouts
• Back up user data (e.g., OneDrive Known Folder Move or local backup) before starting
• Typical migration flow (no wipe approach)
• Remove the device from the on-prem domain and restart
• Join the device to Microsoft Entra ID (via Access work or school or provisioning package)
• User signs in with Entra ID → a new profile is created
• Migrate data from the old profile (manually or using a tool)
• Re-enroll the device into Intune
• Reapply applications, policies, and security configurations
• Validate core services (Outlook, Teams, OneDrive, internal business apps)

Tools worth considering

Depending on your scale and budget, these tools can simplify the process:

1. Opsole (Recommended) - https://opsole.com/migrate-hybrid-joined-to-entra-id-without-wipe Preserves BitLocker, apps, user state, also handles tenant to tenant works without VPN or DC connectivity
2. Profile Wizard (Profwiz) - https://www.forensit.com/domain-migration.html + Scripted workflow
3. Quest Software - https://www.quest.com/products/on-demand-migration/device-migration.aspx
4. PowerSyncPro - https://kb.powersyncpro.com/en_US/migration-agent/how-to-bulk-migrate-workgroup-joined-endpoints-to-entra-id

In many enterprise environments, avoiding wipe-and-reimage is actually the preferred approach.

Traditional migration methods often lead to profile loss, application reconfiguration, downtime, and poor user experience  especially when managing hundreds or thousands of devices.

A better strategy is preserving user profiles, applications, and settings while transitioning identity management to Microsoft Entra ID.

Starting with pilot devices, validating identity synchronization, checking compliance readiness, and planning rollback options before full rollout makes the migration much smoother and far more practical at scale.

Pranavsethuraman10​ 

Hi, you are right — the business disruption and also user availability when you are working worldwide is very difficult.
So Steve Weiner (@stevecapacity) has a nice tutorial to follow.

https://www.linkedin.com/posts/stevew25_how-to-migrate-a-pc-from-hybrid-join-to-entra-activity-7284924798168694785-4VKD

For a small to medium migration, I was using this script that I was optimizing especially for this kind of stuff.

https://github.com/FlyOnCloud/ms-entra-intune-scripts/blob/main/Win_Clean_EnrollmentID.ps1

I would say just balance your needs in this case and take the most suitable option for you. I am quite sure there is no 100% reliable product that fits all scenarios, so based on your scenario, adapt this.

Good luck!

The Microsoft recommended & supported migration method for devices is reset and Autopilot provisioning with Entra ID identity of the destination tenant. If you don’t care about the supported method then Quest migration is an industry wide used tool. #notanaigeneratedresponse