Merge pull request #9067 from MicrosoftDocs/genlin-patch-35

genlin · web-flow · commit 80db00459a11 · 2025-06-05T16:27:57.000+08:00
Update use-upn-matching-identity-sync.md
diff --git a/support/entra/entra-id/user-prov-sync/use-upn-matching-identity-sync.md b/support/entra/entra-id/user-prov-sync/use-upn-matching-identity-sync.md
@@ -1,10 +1,10 @@
 ---
 title: How to use UPN matching for identity synchronization in Office 365, Azure, or Intune
 description: Describes how to use UPN matching for identity synchronization in Office 365, Azure, or Intune.
-ms.date: 05/11/2020
+ms.date: 06/05/2025
 ms.reviewer: willfid
 ms.service: entra-id
-ms.custom: sap:Microsoft Entra Connect Sync, has-azure-ad-ps-ref
+ms.custom: sap:Microsoft Entra Connect Sync, no-azure-ad-ps-ref
 ---
 # How to use UPN matching for identity synchronization in Office 365, Azure, or Intune
 
@@ -37,19 +37,32 @@ The UPN matching process has the following technical limitations:
 
 ## How to use UPN matching to match an on-premises user to a cloud identity
 
-[!INCLUDE [Azure AD PowerShell deprecation note](~/../support/reusable-content/msgraph-powershell/includes/aad-powershell-deprecation-note.md)]
-
 To start the UPN matching process, follow these steps:
 
-1. If you started syncing to Microsoft Entra ID before March 30, 2016, run the following Azure AD PowerShell cmdlet to enable UPN soft match for your organization only:
+1. If you started syncing to Microsoft Entra ID before March 30, 2016, run the following [Update-MgDirectoryOnPremiseSynchronization](/powershell/module/microsoft.graph.identity.directorymanagement/update-mgdirectoryonpremisesynchronization) cmdlet to enable UPN soft match for your organization only. 
+
+    For more information, see [Get started with the Microsoft Graph PowerShell SDK](/powershell/microsoftgraph/get-started).
 
     ```powershell
-    Set-MsolDirSyncFeature -Feature EnableSoftMatchOnUpn -Enable $True
+    Import-Module Microsoft.Graph.Identity.DirectoryManagement
+    
+    # Replace with your actual Directory Sync ID
+    $onPremisesDirectorySynchronizationId = "<your-directory-sync-id>"
+    
+    # Define the parameters to enable SoftMatchOnUpn
+    $params = @{
+        features = @{
+            SoftMatchOnUpnEnabled = $true
+        }
+    }
+    
+    # Run the update
+    Update-MgDirectoryOnPremiseSynchronization -OnPremisesDirectorySynchronizationId $onPremisesDirectorySynchronizationId -BodyParameter $params
     ```
 
     > [!NOTE]
     > UPN soft match is automatically enabled for organizations that started syncing to Microsoft Entra ID on or after March 30, 2016.
-2. Obtain the UPN from the user account in Microsoft Entra ID. To do so, use one of the following methods:
+4. Obtain the UPN from the user account in Microsoft Entra ID. To do so, use one of the following methods:
 
      - Method 1: Use the Office 365 portal.
 
@@ -65,8 +78,8 @@ To start the UPN matching process, follow these steps:
         3. Go to the users management page.
         4. Find and then select the user.
         5. Note of the user name, which is the UPN.
-3. On a domain controller or a computer that has the Remote Server Administration Tools installed (RSAT), open Active Directory Users and Computers. Create a user account, or update an existing user account, by using a user name/UPN that matches the target user account in Microsoft Entra ID. For more information, see [Create a User Account in Active Directory Users and Computers](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd894463(v=ws.10)).
-4. Force directory synchronization. For more information, see [Force directory synchronization](https://techcommunity.microsoft.com/t5/itops-talk-blog/powershell-basics-how-to-force-azuread-connect-to-sync/ba-p/887043).
+5. On a domain controller or a computer that has the Remote Server Administration Tools installed (RSAT), open Active Directory Users and Computers. Create a user account, or update an existing user account, by using a user name/UPN that matches the target user account in Microsoft Entra ID. For more information, see [Create a User Account in Active Directory Users and Computers](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd894463(v=ws.10)).
+6. Force directory synchronization. For more information, see [Force directory synchronization](https://techcommunity.microsoft.com/t5/itops-talk-blog/powershell-basics-how-to-force-azuread-connect-to-sync/ba-p/887043).
 
 ## More information
 
