diff --git a/api/types/common/constants.go b/api/types/common/constants.go
index c01b7404fdeb4..84c4c5e0c17d8 100644
--- a/api/types/common/constants.go
+++ b/api/types/common/constants.go
@@ -61,6 +61,10 @@ const (
 	// OriginDiscoveryKubernetes indicates that the resource was imported
 	// from kubernetes cluster by discovery service.
 	OriginDiscoveryKubernetes = "discovery-kubernetes"
+
+	// OriginEntraID indicates that the resource was imported
+	// from the Entra ID directory.
+	OriginEntraID = "entra-id"
 )
 
 // OriginValues lists all possible origin values.
@@ -72,4 +76,5 @@ var OriginValues = []string{
 	OriginKubernetes,
 	OriginOkta,
 	OriginDiscoveryKubernetes,
+	OriginEntraID,
 }
diff --git a/api/types/constants.go b/api/types/constants.go
index e40b917aeb534..9a7d2bd5d18fa 100644
--- a/api/types/constants.go
+++ b/api/types/constants.go
@@ -637,6 +637,10 @@ const (
 	// from kubernetes cluster by discovery service.
 	OriginDiscoveryKubernetes = common.OriginDiscoveryKubernetes
 
+	// OriginEntraID indicates that the resource was imported
+	// from the Entra ID directory.
+	OriginEntraID = common.OriginEntraID
+
 	// IntegrationLabel is a resource metadata label name used to identify the integration name that created the resource.
 	IntegrationLabel = TeleportNamespace + "/integration"
 
diff --git a/e_imports.go b/e_imports.go
index 012ce4063ced0..f71cda307ebf0 100644
--- a/e_imports.go
+++ b/e_imports.go
@@ -85,6 +85,7 @@ import (
 	_ "github.com/mailgun/holster/v3/clock"
 	_ "github.com/microsoft/kiota-authentication-azure-go"
 	_ "github.com/microsoftgraph/msgraph-sdk-go"
+	_ "github.com/microsoftgraph/msgraph-sdk-go-core"
 	_ "github.com/mitchellh/mapstructure"
 	_ "github.com/okta/okta-sdk-golang/v2/okta"
 	_ "github.com/okta/okta-sdk-golang/v2/okta/query"
diff --git a/go.mod b/go.mod
index 9cb194f870621..b15d5810b295c 100644
--- a/go.mod
+++ b/go.mod
@@ -146,7 +146,8 @@ require (
 	github.com/mdlayher/netlink v1.7.2
 	github.com/microsoft/go-mssqldb v0.0.0-00010101000000-000000000000 // replaced
 	github.com/microsoft/kiota-authentication-azure-go v1.0.2
-	github.com/microsoftgraph/msgraph-sdk-go v1.37.0
+	github.com/microsoftgraph/msgraph-sdk-go v1.38.0
+	github.com/microsoftgraph/msgraph-sdk-go-core v1.1.0
 	github.com/miekg/pkcs11 v1.1.1
 	github.com/mitchellh/mapstructure v1.5.0
 	github.com/moby/term v0.5.0
@@ -426,7 +427,6 @@ require (
 	github.com/microsoft/kiota-serialization-json-go v1.0.7 // indirect
 	github.com/microsoft/kiota-serialization-multipart-go v1.0.0 // indirect
 	github.com/microsoft/kiota-serialization-text-go v1.0.0 // indirect
-	github.com/microsoftgraph/msgraph-sdk-go-core v1.1.0 // indirect
 	github.com/mitchellh/colorstring v0.0.0-20190213212951-d06e56a500db // indirect
 	github.com/mitchellh/copystructure v1.2.0 // indirect
 	github.com/mitchellh/go-homedir v1.1.0 // indirect
diff --git a/go.sum b/go.sum
index 982a86cfbf14b..1dc2962eae268 100644
--- a/go.sum
+++ b/go.sum
@@ -1868,8 +1868,8 @@ github.com/microsoft/kiota-serialization-multipart-go v1.0.0 h1:3O5sb5Zj+moLBiJy
 github.com/microsoft/kiota-serialization-multipart-go v1.0.0/go.mod h1:yauLeBTpANk4L03XD985akNysG24SnRJGaveZf+p4so=
 github.com/microsoft/kiota-serialization-text-go v1.0.0 h1:XOaRhAXy+g8ZVpcq7x7a0jlETWnWrEum0RhmbYrTFnA=
 github.com/microsoft/kiota-serialization-text-go v1.0.0/go.mod h1:sM1/C6ecnQ7IquQOGUrUldaO5wj+9+v7G2W3sQ3fy6M=
-github.com/microsoftgraph/msgraph-sdk-go v1.37.0 h1:wD62FzIBu4gVg70ikAm7D45tFqvDKo+K6aJ+zeNWlAE=
-github.com/microsoftgraph/msgraph-sdk-go v1.37.0/go.mod h1:xYBUc+4LGRjYRyTF4CLiKAqb981AhlSfvRX11is25q4=
+github.com/microsoftgraph/msgraph-sdk-go v1.38.0 h1:pxVMih65Iul2yIUVE5PUqdw5Q4eFuH+eb4ZTxR3oGag=
+github.com/microsoftgraph/msgraph-sdk-go v1.38.0/go.mod h1:u/ciVhK5eBqzQvsVnTVdeEl+Jgy9WbUoUHHKgcw54hk=
 github.com/microsoftgraph/msgraph-sdk-go-core v1.1.0 h1:NB7c/n4Knj+TLaLfjsahhSqoUqoN/CtyNB0XIe/nJnM=
 github.com/microsoftgraph/msgraph-sdk-go-core v1.1.0/go.mod h1:M3w/5IFJ1u/DpwOyjsjNSVEA43y1rLOeX58suyfBhGk=
 github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg=
diff --git a/lib/services/compare.go b/lib/services/compare.go
index 69d7e1180ea71..8eff6cbf846cc 100644
--- a/lib/services/compare.go
+++ b/lib/services/compare.go
@@ -28,6 +28,7 @@ import (
 	"github.com/gravitational/teleport/api/types"
 	"github.com/gravitational/teleport/api/types/accesslist"
 	"github.com/gravitational/teleport/api/types/compare"
+	"github.com/gravitational/teleport/api/types/header"
 )
 
 // CompareResources compares two resources by all significant fields.
@@ -42,6 +43,7 @@ func CompareResources[T any](resA, resB T) int {
 			cmpopts.IgnoreFields(types.DatabaseV3{}, "Status"),
 			cmpopts.IgnoreFields(types.UserSpecV2{}, "Status"),
 			cmpopts.IgnoreFields(accesslist.AccessList{}, "Status"),
+			cmpopts.IgnoreFields(header.Metadata{}, "ID", "Revision"),
 			cmpopts.IgnoreUnexported(headerv1.Metadata{}),
 			// Managed by IneligibleStatusReconciler, ignored by all others.
 			cmpopts.IgnoreFields(accesslist.AccessListMemberSpec{}, "IneligibleStatus"),