Upgrading from on-prem LDAP to Azure

I asked the same question of my success manager in September. We're in a similar condition.

success manager

Thanks for reaching out. Unfortunately, we do not have a migration assistant yet to move from Azure AD with Cloud Identity Providers. Please let me know if you have any further questions.

Me: 

Thank you for letting me know.

Will you contact me when you do have that?

success manager

I hope your day is starting off. Since there is no notification for this, I would suggest checking the release notes. The creation of the migration assistant will be included in that documentation. Let me know if you have any additional questions about this.

So If the migration assistant is not in the release notes, don't try to migrate. My day is starting off.

We've looked into this too.  We're using NoMAD for our AD LDAP services.  From everything I've read, we would need to move over to Jamf Connect to use Azure which NoMAD doesn't do.  If anyone can chime in on if moving to Jamf Connect to use Azure AD is the key?

@Just_Jack  What exactly are you trying to accomplish? Are you trying to configure Azure for LDAP services in your Jamf Pro server or are you trying to configure Jamf Connect for Identity management and local password syncing?

Thanks to @chris_hansen and @Just_Jack for replying.  It's good to know we're not alone but still doesn't explain why the warning disappears from their documentation in v10.30 onwards if it's still an issue.

I've opened a support call on the off chance that there's an answer to this but I'm not going to hold my breath.

Yes, for both Identity management and local password syncing.

Then yes, you need to move to Jamf Connect to use cloud IDP, but I would also suggest testing your corporate wifi if you use 802.1x EAP-TLS.

Thanks for pointing that out, I hadn't spotted it (obviously).  I suppsoe we'll just need to make do with on-prem AD for the time being.

No problem.  I also thought they had removed it originally.  Took a bit of scanning to notice it.

We're in the same boat and getting off our on-prem AD config is getting a bit urgent.  I'd be interested to hear if anyone else has tried to migrate without the migration assistant and what exactly broke and how it was fixed.

We have migrated and the only real issue (that we haven't been able to fix), is the users assigned to machines were all done when LDAP was out auth point. We have not found an easy way to migrate those to Azure AD accounts.

Update to doing this. (Or maybe I am the only one that did not see this.)
https://learn.jamf.com/bundle/jamf-pro-documentation-current/page/Azure_AD_Integration.html

And more specifically the https://learn.jamf.com/bundle/jamf-pro-documentation-current/page/Azure_AD_Integration.html#task-3852 which has a migration assistant.

Unfortunately my ad proxy has stopped proxying, so I don't think the assistant can assist until I fix.

But if you have one going, you should be able to jump to the other without rebuilding everything.

There is a migration path for those who have not seen it.

We just moved from a JIM with AD Proxy to Entra ID.

We also use DUO as our MFA, so the SSO was also required

https://learn.jamf.com/bundle/jamf-pro-documentation-current/page/Azure_AD_Integration.html#task-3852 to enable Entra ID. Bring your Azure Global Admin along and screen share, so. they can log in to Azure when you are redirected.

Second we enabled SSO, and for us the key was to match based on email address rather than username. https://learn.jamf.com/bundle/jamf-pro-documentation-current/page/Single_Sign-On.html