![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(192, 18%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMA%3C/text%3E%3C/svg%3E)
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
13,622 questions
Hi @Mytoast Admin ,
Thanks for reaching out, and posting your question in Q&A. Migration of an app to Entra ID based authentication is never a 'one size fits all' thing. Each application has it particularities and these should be considered in detail before choosing the right migration strategy. However, in general you can use the following as reference...
For NTLM/Kerberos-based Apps
Option 1: Azure AD Kerberos (Hybrid Kerberos Authentication)
- Azure AD Kerberos allows cloud authentication for apps that still rely on Kerberos.
- Requires Hybrid AD Join for devices.
Option 2: Modern Authentication (Preferred)
- Migrate apps to Entra ID authentication using OAuth 2.0, OpenID Connect, or SAML.
- Configure Entra ID Application Proxy if the app must remain on-prem but needs modern auth.
Option 3: Use Windows 365 or Azure Virtual Desktop
- If the app cannot be modernized but still needs on-prem access, use Cloud PCs.
B. For LDAP-based Apps
Option 1: Azure AD DS (Managed Domain Services)
- Azure AD DS provides LDAP, Kerberos, and NTLM support in the cloud.
- Requires synchronization with Entra ID.
Option 2: Modern Authentication
- Replace LDAP authentication with Azure AD authentication via OAuth 2.0/SAML.
- Consider using Microsoft Graph API for directory queries instead of direct LDAP calls.
As usual, if this answers your question, do click Accept Answer and Yes for what if this answer was helpful. And, if you have any further queries do let us know.
Cheers