Microsoft Entra External ID reaches GA, Azure AD B2C on the clock
Microsoft Entra External ID went generally available in September 2024 as the modern successor to Azure AD B2C. Azure AD B2C entered end-of-sale on May 1, 2025; existing tenants retire on March 15, 2026. Every B2C customer should be in active migration.
What happened
Microsoft Entra External ID reached general availability in September 2024 as the consolidated CIAM offering that replaces Azure AD B2C. The migration timeline:
- September 2024, Entra External ID GA.
- May 1, 2025, Azure AD B2C end-of-sale to new customers.
- March 15, 2026, Existing B2C tenants retire.
Existing B2C customers must migrate to External ID before the March 2026 retirement date.
Why it matters
Azure AD B2C had a difficult reputation among CIAM practitioners, the policy XML model was legendary for its complexity, the developer experience trailed the modern tier by years, and pricing was opaque. Entra External ID materially modernizes the policy model, the admin experience, and the developer ergonomics. For Microsoft-shop teams, it represents an honest improvement over what came before.
For non-Microsoft customers, External ID is still a Microsoft-first product. The integration value is real for organizations standardized on Microsoft 365 and Azure; outside that ecosystem, the modern developer-first tier (Auth0, Stytch / Twilio, Clerk, MojoAuth) usually wins on velocity and ergonomics.
Deepak's take
Microsoft's identity strategy in 2024-2026 has been one of consolidation: Azure AD became Entra ID, Azure AD B2C is becoming Entra External ID, B2B Collaboration is being absorbed into the broader Entra family. The branding rationalization is overdue and helpful, the Azure AD vs Azure AD B2C confusion was a real friction point for buyers.
The substantive improvement is the policy model. B2C's XML-driven custom-policy framework was punishing for non-trivial flows; External ID's policy primitives are dramatically more approachable. For buyers who chose B2C and regretted it, External ID is the version of the product Microsoft should have shipped years earlier. The honest assessment is that even with the improvements, External ID still trails the developer-first tier on velocity for non-Microsoft-native architectures, but the gap is narrower than it was, and the FedRAMP High compliance posture is genuinely differentiated.
What to do
If you're on Azure AD B2C:
- Start migration planning immediately. March 2026 is closer than it sounds; the realistic window is 6-12 months for a typical B2C deployment.
- Inventory custom policies. B2C custom XML policies don't port directly; map each policy intent to External ID's primitives.
- Plan a JIT migration for password hashes, verify on next login and re-hash. Standard pattern for managed-CIAM migrations.
If you're evaluating CIAM in 2026 from a Microsoft-aligned organization:
- In-scope: Entra External ID is on the shortlist alongside Auth0, MojoAuth, and (for B2B-only) WorkOS.
- Decision point: if FedRAMP High or Microsoft 365 / Azure-native integration is a hard requirement, Entra External ID likely wins. Otherwise, evaluate broadly.
For migration framing, see the Auth0-to-self-hosted playbook (the pattern generalizes) and the build-vs-buy guide.