Azure AD B2C tenants retire March 15, 2026, migration to Entra External ID required
Microsoft confirmed the Azure AD B2C retirement timeline: end-of-sale to new customers May 1, 2025; existing tenants retired March 15, 2026. All B2C customers must migrate to Entra External ID before that date.
What happened
Microsoft's Azure AD B2C retirement timeline:
- May 1, 2025, End-of-sale to new customers; no new B2C tenants accepted.
- March 15, 2026, Existing tenants retire; the service ends.
The successor product is Microsoft Entra External ID, which went GA in September 2024. Microsoft has been guiding existing B2C customers to migrate throughout 2025-2026.
Why it matters
Azure AD B2C had a significant install base, particularly among Microsoft-shop B2C deployments and regulated workloads (FedRAMP, government). Retiring the service forces every one of those customers into a migration project, not optional, not deferrable.
The migration to Entra External ID is materially cleaner than B2C ever was; the policy model is modernized, the admin experience is rationalized, and the developer ergonomics are improved. But "cleaner" doesn't mean "trivial", custom B2C policies don't port directly, and at meaningful scale the migration is a real engineering project (3-9 months for typical mid-market deployments).
Deepak's take
The B2C retirement is the right call from Microsoft, but the timeline is tight for customers who haven't been planning. Microsoft has been talking about this transition since External ID's preview launch in 2023, but enterprise procurement cycles being what they are, plenty of customers will be in active migration planning in mid-2026 with only a few months before the cutover deadline.
The good news: the modern target product (Entra External ID) is meaningfully better than the legacy source product (B2C). The bad news: every custom B2C policy and integration is a piece of work that needs to be intentionally re-implemented, not auto-migrated. Plan accordingly.
For customers asking "should we migrate to Entra External ID or evaluate alternatives," the honest answer depends on whether you're a Microsoft-aligned shop. If yes, External ID is the easier path and ships real improvements; if no, this is a reasonable moment to evaluate the developer-first tier.
What to do
Today, if you're on Azure AD B2C:
- Confirm your tenant migration date. Microsoft has been notifying customers; verify yours.
- Inventory custom policies. B2C XML custom policies have to be re-expressed in External ID's policy primitives.
- Plan the user-data migration. JIT password verification, federated rebinding, MFA re-enrollment, the standard managed-CIAM migration pattern applies.
- Communicate to users. Even with seamless backend migration, users will see UX changes (especially around MFA factor re-enrollment).
If you're considering alternatives:
- Entra External ID for Microsoft-aligned shops or FedRAMP-bound workloads.
- Auth0, Stytch / Twilio, MojoAuth, Clerk for everyone else, the modern developer-first tier.
- See the vendor selector tool to apply the framework to your specific scope.
For the broader migration framework, see build vs buy CIAM and the Cognito-to-Stytch playbook (the pattern generalizes to Entra source).