Microsoft Entra Connect: Migration to Application Based Authentication (ABA)

[Max Coder]

Hi,

Entra Connect 2.4.131.0 is currently running on 2022OS.

My questions are :


1 - According to Microsoft, auto-upgrades will begin on August 14.

Will there be any interruptions to Password Sync or Sync object during the auto-upgrade?

07/31/2025: Released for download via the Microsoft Entra admin center. Existing installations will be auto-upgrades to this build starting August 14th, 2025, and will be done in multiple phases.

https://learn.microsoft.com/en-us/entra/identity/hybrid/connect/reference-connect-version-history#25760

2 - Will migrating from Legacy Service Account to Application Based Authentication (ABA) cause any problems? What should we pay attention to? Has anyone experienced any problems?

[Mike]

Sync stops during the upgrade.

I have not tried switching to the App based identity yet. It’s been in preview up until now and is only generally available with this latest version…which is set to auto-upgrade and auto-migrate to the App based identity, so that’s nice. /s

--
You received this message because you are subscribed to the Google Groups "ntsysadmin" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ntsysadmin+...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/ntsysadmin/093b974a-8746-4cc1-aa06-8cc0d2163613n%40googlegroups.com.

[David Svirskis]

I wasn’t keen on having Entra Connect auto-upgrade and potentially break things when least convenient so I completed the upgrade manually.

 

The switchover to app-based authentication was seamless – I authenticated with a suitable (HA) credential and it automatically created the app registration and hard-deleted the legacy sync account.

 

This was detailed in the Entra audit logs:

 

 

The documentation here - https://learn.microsoft.com/en-us/entra/identity/hybrid/connect/authenticate-application-id?tabs=default#remove-a-legacy-service-account - suggests you need to identify and remove the legacy service account yourself. In my case this wasn’t required but I have a fairly default Entra Connect setup, so possibly it recognised it was safe to auto-delete. Presumably if you are using some custom account setup it won’t proactively remove it but I guess that’s something to look out for..

 

Cheers,

David

 

From: ntsys...@googlegroups.com <ntsys...@googlegroups.com> On Behalf Of Mike
Sent: Wednesday, 13 August 2025 3:16 AM
To: ntsys...@googlegroups.com
Subject: Re: [ntsysadmin] Microsoft Entra Connect: Migration to Application Based Authentication (ABA)

 

You don't often get email from craigs...@gmail.com. Learn why this is important

To view this discussion visit https://groups.google.com/d/msgid/ntsysadmin/CA%2BSdsNHFCGTvTkuE7rvwF8vpCRfNRNwB3JuMyj1nBzStZH5fzQ%40mail.gmail.com.