How to Convert External Users to Internal Microsoft Entra Users: A Step-by-Step Guide

Microsoft introduces a pivotal feature in Entra, enabling the smooth conversion of external IDs to internal Entra IDs. This innovation is key for organizations navigating mergers or reorganizations, streamlining the management of user accounts without compromising data integrity or access.

By facilitating this transition, Microsoft ensures that external users—previously authenticated through various external mechanisms—can be seamlessly integrated as internal users. This process preserves user histories and access levels, aligning with organizational security and compliance requirements.

It’s important to note that this conversion process does not inherently change a user’s userType (i.e., ‘member’ vs. ‘guest’), which is a separate attribute defining the level of permissions a user has within the tenant. The userType distinction remains an important consideration for administrators in defining the scope of access and permissions post-conversion.

In a previous post, I have create a PowerShell script to change the UserType from guest to member: How to Automate Guest Account UserType Updates in Microsoft Entra with PowerShell

Implementing this feature streamlines user management and ensures a smoother transition during significant organizational changes, providing a straightforward path to internalize external users without compromising security or user experience within the Microsoft Entra platform.

Prerequisites

Before embarking on this conversion process, ensure you meet the following requirements:

• You must possess at least the User Administrator role.
• The users eligible for conversion should be configured with an authentication method external to the host organization.

Conversion Process Overview

External user conversion can be performed using the Microsoft Graph API or directly through the Microsoft Entra ID Portal. This guide focuses on the latter, providing a straightforward method to convert users directly within the portal.

Initiating the Transition: A Guide to Converting External IDs to Internal Entra IDs

First, sign in to the Microsoft Entra admin center with a user account that has the User Administrator role or higher.

Once logged in, navigate to Identity > Users > All users to access the list of users within your organization.

Browse through the list to find the external user you wish to convert. External users are typically those with a userType of ‘guest’, though some may have a ‘member’ designation if they authenticate externally.

Click on the desired external user to view their profile. Look for the B2B Collaboration Convert to internal user option and select it. This action will bring up the conversion options.

In the Convert to internal user section, you’ll be prompted to make several decisions:

• User Principal Name (UPN): Specify the new UPN for the user. For cloud-only users, ensure the UPN domain is nonfederated. On-premises synced users will continue using their existing credentials.
• Password: Decide whether to auto-generate a password or specify one manually. Note that for on-premises synced users or those in federated tenants without Password Hash Sync (PHS), manual password setting may not be an option.
• Change Email Address: Optionally, specify a new email address for the user, applicable for cloud users.
• After configuring these details, click Convert to finalize the user’s transition to an internal user.

Post-Conversion Testing

It’s advisable to conduct testing with test accounts or non-critical users to ensure the conversion process does not disrupt business operations. This step is crucial for validating the conversion and ensuring users maintain their access and permissions within the tenant.

Conclusion

Transitioning external users to internal ones within Microsoft Entra simplifies user management during organizational changes. By following these steps, you can ensure a smooth conversion process, preserving user history and access without the need for creating new user objects. This guide provides a foundation for administrators to adapt to their specific organizational needs, ensuring a seamless transition for users amidst the complexities of mergers and acquisitions.

Sharing is caring!