Microsoft has implemented a “hardening update” to Entra Connect Sync, with a breaking-change deadline of April 7, 2025. If you’re running a hybrid AD and Entra configuration and are using Entra Connect Sync, take note that your time to upgrade without disruption is short.
But…are you actually using Entra Connect Sync at all, and if so, should you rush to upgrade or consider migrating to Microsoft’s “future-proof” new sync tool: Entra Cloud Sync? The two products are confusingly similar in name (especially when looking at the history of the former’s name, which has gone through so many iterations it’s difficult to keep track), but VERY different in functionality.
Microsoft considers Entra Connect Sync to be the legacy solution. It’s installed on a server (or servers) in your datacenter, and all the configuration is handled on the server through a configuration wizard. It’s gone through a lot of changes over the years, and supports complex synchronization scenarios.
Microsoft advises migrating to their newer Entra Cloud Sync solution. This solution is configured in the cloud and relies on agents on the customer side to manage changes. It’s where all of their future development work is focused, which should be taken to mean that the legacy solution is a “fully-developed” product that will receive no further features or enhancements.
The hardening change applies only to the former, and only to versions below 2.4.18.0 for commercial cloud customers.
If your version falls below that number, you don’t need to worry that your identity synchronization will fail abruptly on April 7. This change largely impacts configuration of the service, so your identities will still flow, but your ability to modify that flow, will fail because the wizard will not be able to authenticate to Entra.
This is not a ‘drop everything now’ / work-stoppage event. If you’re unable to complete the upgrade prior to April 7, simply performing the upgrade afterward should restore your ability to make configuration changes.
While I don’t recommend using a potential disruption to plan a service change, Microsoft does recommend migrating to the newer agent-based future-proof Entra Cloud Sync, if possible. To see if your organization’s needs are a good fit for the new tool, there’s a convenient checker at https://setup.cloud.microsoft/entra/add-or-sync-users-to-microsoft-entra-id. Once there, find the “Check sync tool” button around the middle of the page and pick your favorite options.
Note that selecting any of the last 4 checkboxes will change the default recommendation from Entra Cloud Sync to the legacy Entra Connect Sync.
Don’t wait until functionality breaks to review this configuration in your environment! Whether you need support upgrading or guidance on which tool is best for your individual needs, give us a call, we're always here to help.
Comments