Tools for Azure AD B2C migration now available
If you rely on Azure AD B2C for customer identity, you’re likely starting to evaluate what comes next. With Azure AD B2C no longer receiving new features and several features recently added to Microsoft Entra External ID, planning your migration is easier and can help you with this important next step in your identity strategy.
Below you’ll find tooling, guidance, and a partner ecosystem resource to help you migrate with confidence. This post walks through what’s available and how to get started.
What’s new: Platform updates and migration tooling
Microsoft has invested significantly in Microsoft Entra External ID to help Azure AD B2C customers migrate with confidence and ease. Over the past three months, several new features have reached general availability.
Azure AD B2C Migration tooling: Just-in-Time (JIT) migration, High-Scale Compatibility (HSC) mode, and the published Migration Guidance document and architecture blueprint.
Native authentication GA features in Entra External ID: Email and SMS one-time passcode (OTP) MFA, social identity providers via browser-delegated (web-view) flows, single sign-on (SSO) from native apps to web views, and refresh token transfer to Apple Watch.
Web and federated in Entra External ID: Sign-in and sign-up with alias, Microsoft Entra ID federation with External ID (public preview), and self-service password reset (SSPR) with phone SMS OTP.
For a complete list of recent platform updates, see the What’s new in Microsoft Entra blog.
Where Azure AD B2C stands today
Azure AD B2C has reached a significant milestone in its lifecycle. It has served as a reliable foundation for customer identity, and that doesn’t change for existing customers. What has changed is where Microsoft is investing going forward. Two facts define what that means for existing customers:
- May 2025 — End of sale: New Azure AD B2C tenants can no longer be purchased. Existing tenants remain supported.
- No new features: All platform innovation is now exclusive to Microsoft Entra External ID. Azure AD B2C will not receive new capabilities going forward.
Your existing Azure AD B2C environment continues to function. Starting your migration early helps you stay in control of sequencing, validation, and user experience. For questions about planning, contact support.
What is Microsoft Entra External ID?
Microsoft Entra External ID is a purpose-built, next-generation customer identity platform. It is not a rebrand of Azure AD B2C. It is a new foundation designed to simplify implementation, improve extensibility, and align with the broader Microsoft Entra ecosystem. Key platform improvements include the following.
Modern extensibility model — Custom authentication extensions replace complex custom policy XML, helping reduce implementation complexity.
Microsoft Entra ecosystem integration — Full alignment with Microsoft Entra ID, Conditional Access, Identity Governance, and Microsoft’s broader security stack.
Continuous platform innovation — Native Authentication SDKs, advanced branding controls, fraud protection, and passwordless-first flows are built exclusively into External ID.
Improved observability — Enhanced monitoring, diagnostics, and audit capabilities for identity and security teams.
Migration tooling
Two primary migration paths are available, and both are now generally available.
|
|
Just-in-Time (JIT) Migration |
High-Scale Compatibility (HSC) Mode |
|
Status |
Generally available |
Generally available |
|
Best for |
Most customers seeking a clean cutover with minimal user disruption |
High-scale environments (5M+ users) or complex architectural constraints |
|
How it works |
Migrates users progressively as they sign in — no bulk password reset required |
Moves application traffic to External ID first |
|
Key benefit |
Full External ID feature parity from day one with minimal user impact |
Supports parallel operation of B2C and External ID during transition, reducing cutover risk |
|
Documentation |
Choosing between JIT and HSC is less about technical capability and more about migration priorities. JIT prioritizes user experience and simplicity, while HSC prioritizes scale and operational continuity.
Alongside these tools, Microsoft has published a comprehensive migration guide and architecture blueprint covering end-to-end migration scenarios, credential migration approaches, and application sequencing guidance.
Partner ecosystem
For organizations with complex environments, migration is not just a technical exercise. It involves coordinating identity flows, applications, and user experiences across systems.
Microsoft has established a global ecosystem of qualified migration partners across EMEA, the Americas, LATAM, ANZ, and the Middle East.
Partner support includes:
- Mapping custom policies to External ID equivalents
- Designing credential migration strategies
- Sequencing application cutovers
- Running staged validation and testing
- Supporting production deployment
Qualified partners meet criteria such as proven Azure AD B2C experience, active engagement with External ID, and participation in Microsoft migration readiness programs.
Examples include EY, Avanade, Edgile, Slalom, Plan B, WhoIAM, and Grit.
You can explore the full partner directory in the Migration partner directory.
Next steps: How to get started
The organizations that navigate migration most successfully are the ones that start planning early. Beginning now gives you greater control over sequencing, application transitions, and user experience changes before they become urgent. Migration challenges rarely come from the tooling itself; they come from coordination across systems, teams, and timelines.
A structured approach can help accelerate progress:
- Assess
- Inventory Applications, user populations, and custom policies
- Understand dependencies and integrations
- Inventory applications, user populations, and custom policies
- Understand dependencies and integrations
- Decide
- Review migration guidance
- Choose between JIT and HSC based on your priorities
- Execute
- Run a proof of concept in a non-production environment
- Validate identity flows and user experience
- Engage a qualified partner if needed
- Align with your Microsoft account team
Migrating from Azure AD B2C to Microsoft Entra External ID is an opportunity to modernize your customer identity platform while reducing operational complexity. With the right planning, tooling, and support available today, you can move forward with confidence while maintaining a seamless experience for your users.
For additional support, contact support.
-Namita Singh - Senior Product Manager, Microsoft Entra External ID
-Pawan Nrisimha - Principal Manager of Product, Microsoft Entra External ID
-Isaac Christian - Product Marketing Manager, Microsoft Entra
Additional resources
- Microsoft Entra External ID – Platform Overview
- Azure AD B2C Migration Guide & Architecture Blueprint
- Just-in-Time Migration Documentation
- High-Scale Compatibility (HSC) Mode Documentation
- Qualified Migration Partner Directory
Learn more about Microsoft Entra
Prevent identity attacks, ensure least privilege access, unify access controls, and improve the experience for users with comprehensive identity and network access solutions across on-premises and clouds.
What's Your Reaction?
Like
0
Dislike
0
Love
0
Funny
0
Wow
0
Sad
0
Angry
0
Christopher Holloway is the founder and director of Progressive Robot, a UK-based technology company. A full-stack engineer with more than two decades of experience, he works across PHP development, ecommerce, Linux infrastructure, technical SEO and AI automation, and writes here on technology, AI, hardware and software.
Comments (0)