Azure B2C replacement. Seamless migration to Entra External ID.

Microsoft Entra External ID is the Azure AD B2C replacement. It is not a rebrand or an upgrade. Entra External ID is a new platform built on the core Entra ID infrastructure with native Conditional Access, modern authentication APIs, and full identity protection. Microsoft closed Azure AD B2C to new customers in 2025 and will end all support in May 2030.

Azure AD B2C is a standalone directory with its own custom policy XML language, limited Conditional Access, and no active development from Microsoft. Entra External ID is built on the core Entra ID platform and provides full Conditional Access, native authentication APIs, Microsoft Graph integration, passwordless support including passkeys and FIDO2, and active feature development. The key difference is that Entra External ID gives your CIAM environment the same security and extensibility as your workforce Entra ID tenant.

Azure AD B2C was a separate, standalone directory designed specifically for customer-facing identity. Entra ID (formerly Azure AD) is the workforce identity platform for employees and internal users. With the introduction of Entra External ID, Microsoft has brought customer identity into the core Entra ID platform. This means your external (CIAM) tenant now shares the same infrastructure, security capabilities, and management tools as your workforce tenant, rather than operating as a separate product with its own limitations.

Azure CIAM (Customer Identity and Access Management) is Microsoft's approach to managing customer, consumer, and citizen identities. Azure AD B2C was the original Azure CIAM platform. Microsoft Entra External ID is the current Entra CIAM solution and the direct successor to B2C. When people refer to Entra ID CIAM or Entra CIAM, they are referring to Entra External ID. All new CIAM investment from Microsoft is in this platform.

Claims mapping policies must be rebuilt as part of the migration. Azure AD B2C uses custom XML policies in the Identity Experience Framework to define claims transformations, input validation, and token enrichment. Entra External ID uses a different model based on custom authentication extensions, token issuance policies, and claims mapping policies configured through Microsoft Graph. We reverse-engineer your existing B2C claims logic and rebuild it using native Entra External ID capabilities, ensuring your applications receive the same token claims they depend on.

Yes, with the just-in-time migration approach. Users log in with their existing B2C password and the migration happens silently on first login. From the user's perspective, nothing changes.

Depends significantly on B2C complexity. A straightforward migration with no custom policies is typically 8 to 12 weeks. A complex migration with custom policies, multiple user flows, and a large user base can be 4 to 6 months.

We recommend maintaining the B2C tenant in read-only mode for a period after migration to allow for any edge cases. Once confirmed complete, the tenant can be decommissioned.

Azure AD B2C P2 was retired in March 2026. If your B2C tenant relied on Identity Protection features such as risk-based Conditional Access, risky sign-in detection, or user risk policies, that functionality is no longer available. Migrating to Entra External ID restores and upgrades these capabilities through native Entra ID Protection integration.

Microsoft identity access management for external users in Entra External ID works differently from B2C. External users are managed within a dedicated Entra External ID tenant with full Conditional Access, identity protection, and Microsoft Graph API support. You get the same identity governance, access reviews, and audit logging that you use for workforce identities, applied to your customer population. This brings customer identity management into the same operational model as your internal Microsoft identity access management.

Yes. We use our Apporetum platform to deliver closed community CIAM solutions for organisations that need invite-only access for trusted vendors, partners, and suppliers. This provides governed external identity management integrated with your Entra External ID environment.

Yes. We bring our Identity Observability platform and Apporetum CIAM tooling to every engagement. This means faster delivery, lower cost, and proven approaches rather than building from scratch. If we have existing IP that covers your requirements, we use it and the price reflects that.

Azure AD (Azure Active Directory) was Microsoft's cloud identity and access management service. In 2023, Microsoft renamed Azure AD to Microsoft Entra ID as part of a broader rebranding of its identity product family under the Microsoft Entra umbrella. The product itself is the same — Entra ID is not a new platform, it is Azure AD with a new name and continued feature development. Similarly, Azure AD B2C (the customer identity platform) is being replaced by Microsoft Entra External ID, which is a genuinely new platform built on the core Entra ID infrastructure. If your organisation still references Azure AD in its documentation or search, you are looking for Microsoft Entra ID. For customer-facing identity (CIAM), Azure AD B2C is being retired and organisations should plan their migration to Entra External ID before the May 2030 end of support. Modern 42 specialises in both workforce Entra ID security and CIAM migrations to help organisations transition smoothly.