Microsoft is pushing forward: Application-Based Authentication is now the recommended standard for Entra Connect (formerly Azure AD Connect). And the best part? Switching is dead simple. Most of the time, it’s literally just next – next – done if you use the Managed by Microsoft Entra Connect (recommended).

💡Why Switch?

• Stronger security: No more storing credentials on the server. Authentication uses certificate-based access via Entra ID apps.
• Modern approach: App-based auth aligns with Microsoft’s modern identity platform. Legacy authentication is being phased out.
• Future-proof: MS announced that basic auth methods will be deprecated. If you’re not switching now, you’ll have to soon anyway.
• More control: You get better visibility and control over who/what has access in Entra ID.

🛠️ How It Works

When updating Entra Connect to the latest version, the setup automatically suggests the switch to App-Based Authentication. If you accept the recommendation (you should!), it sets everything up for you.

You can also do it without upgrading or if you already have the newest version from here:

Before changing to ABA there are a sync user:

After enbaling the sync user is gone:

And also a new app registraion is added to your tenant:

🔚 Summary

If you’re already using Entra Connect, the switch to app-based auth is:

• Highly recommended
• Mostly automatic
• A no-brainer

Just do it. It takes a few minutes and saves you from future headaches.