Microsoft Entra Connect Sync version 2.5.79.0 builds on the application-based authentication feature that was introduced in v2.5.76.0, but existing Entra Connect Sync installations won't be migrated automatically

What's New

Entra Connect Sync v2.5.79.0 offers five application-based authentication improvements:

Application-based authentication now uses TPM

Starting with Entra Connect Sync v2.5.79.0, Entra Connect Sync comes with an improved setup process for Application-Based Authentication to handle certificates protected by a Trusted Platform Module (TPM). The system now tests a certificate’s signing capability upfront and automatically falls back to software-based certificates if TPM signature fails.

Automatic certificate removal if application-based authentication setup fails

Starting with Entra Connect Sync v2.5.79.0, Entra Connect Sync implements automatic removal of certificates if an application-based authentication configuration fails after a certificate is created. This prevents unused certificates from lingering on the Windows Server installation running Entra Connect in failure scenarios, improving security by avoiding accumulation of orphaned certificates.

Application-based authentication now available on FIPS-enabled servers

Microsoft resolved an issue on FIPS-enabled servers that was causing setup failures. Application-based authentication now works correctly on servers with FIPS mode enabled by using FIPS-compliant cryptographic algorithms.

FIPS (Federal Information Processing Standards) mode is a Windows security setting that enforces the use of cryptographic algorithms for sensitive data. When FIPS mode is enabled, only FIPS-compliant algorithms can be used, which is why this fix ensures compatibility for environments requiring strict security standards.

Application-based authentication now correctly reports auto-rotation

Microsoft fixed an issue where certificate auto-rotation was incorrectly reported as active when the scheduler was suspended. The auto-rotation logic now checks the scheduler’s state before indicating status, ensuring the View or export current configuration wizard accurately reflects whether auto-rotation is enabled.

Application-based authentication auto actions no longer show in administrator auditing

Microsoft removed the admin audit event that was being logged for automatic certificate operations by application-based authentication. These background certificate actions no longer generate administrative audit log entries, resulting in a cleaner audit trail as only actual administrator-initiated changes will appear in the Entra Connect Sync audit logs.

Version information

Version 2.5.79.0 of Entra Connect Sync (previously known as Azure AD Connect Sync) was made available for download on september 1st, 2025 and is available for automatic upgrades starting September 4th, 2025.

Admins can download the latest version of Entra Connect Sync from the Entra admin center.

Superseded versions

Past versions of Microsoft Entra Connect Sync 2.x are retired 12 months from the date they are superseded by a newer version. With the release of Entra Connect Sync v2.5.79.0, support for Entra Connect Sync version 2.5.76.0 stops on September 1st, 2026.

Support for Entra Connect Sync v2.3.20.0 and earlier versions of Entra Connect Sync has already stopped.

If you run a retired version of Microsoft Entra Connect, it might unexpectedly stop working.