Introducing Azure AD B2B
This book is focusing on Azure AD from a developer's perspective. This means that, as a developer, you will not work with Azure AD B2B very often, although Microsoft Graph does offer APIs for Azure AD B2B that you can leverage inside your custom applications. You may encounter Azure AD B2B users in the solutions you build.
But, to give a complete overview of the different products and services that Azure AD has to offer, I will give a short introduction to this feature as well.
Azure AD B2B collaboration is a feature on top of Azure AD. You can add external identities to your Azure AD tenant to collaborate with external users inside your organization. Partners or individuals are not required to have an Azure AD or even an IT department. Azure AD B2B uses a simple redemption process to give access to your company resources, Azure environment, or Office 365 environment, using their own credentials. Partners use their own Azure identity management solution with Azure AD B2B. This reduces the administrative overhead that comes with managing accounts with external users. External users can log in to Azure AD-connected apps and services using their own work, school, personal, or social media identities.
Azure AD B2B APIs (using Microsoft Graph) can be used by developers to customize the invitation process or write applications such as self-service sign-up portals. Azure AD External Identities uses a billing model based on monthly active users (MAU), which is basically the same for Azure AD B2C. The first 50,000 users are free, then there is a monthly charge per monthly active user.
Azure AD B2B offers the following features:
- Management portal: Azure AD B2B is part of Azure AD, which means that all external users can be managed from the Azure portal. This is fully integrated with Azure AD, and the user experience is completely the same as for internal users.
- Groups: You can create groups for external users or add them to dynamic groups. With dynamic groups, administrators can set up rules to populate groups based on user attributes.
- Conditional Access: With Conditional Access, you can set conditions for your users. You can enforce external users to use MFA or give them access to certain applications or access from limited locations or devices.
- Auditing and reporting: Azure AD B2B is an add-on to Azure AD, which means you can use the auditing ad reporting capabilities that are part of Azure AD. For instance, you can look into the invitation history and acceptance details.
In the next section, we will introduce Azure AD B2C.