Azure identity, access, and security
📘Microsoft Certified: Azure Fundamentals (AZ-900)
In Azure, External Identities allow users outside your organization to access your applications and resources safely. This is important for businesses that collaborate with other companies or provide apps to customers.
There are two main types:
1. Azure AD B2B (Business-to-Business)
Purpose:
- B2B is used when external partners, suppliers, or vendors need access to your organization’s resources.
- It allows secure collaboration without giving full internal accounts.
Key points:
- Invite external users: You can invite users from other organizations using their email addresses. They will use their own work credentials (from their company) to sign in.
- Access management: You control what external users can access. For example, you can give them access to specific applications or files in SharePoint.
- No need for new passwords: Since they log in with their existing accounts, you avoid managing extra passwords.
- Collaboration example: External consultants can access your Microsoft Teams environment without being internal employees.
Exam tip:
- Remember: B2B = collaboration with other companies’ users.
- External users are added to your Azure AD as guest accounts.
- You can apply conditional access policies (like multi-factor authentication) to guest accounts.
2. Azure AD B2C (Business-to-Consumer)
Purpose:
- B2C is used when customers or end-users need to access your applications or services.
- It allows people outside your organization (like app users) to sign in with social accounts or local accounts.
Key points:
- Identity providers: Users can log in using accounts like Google, Facebook, Microsoft, or local accounts (email + password).
- Customizable: You can fully customize the login experience for your applications, including branding, forms, and multi-factor authentication.
- Scalable: Designed to handle millions of users, so it works for large consumer applications.
- Security: You can enforce security policies, like requiring strong passwords or multi-factor authentication.
Exam tip:
- Remember: B2C = customer-facing access.
- B2C focuses on identity management for consumers rather than business partners.
- Often used in web or mobile apps where users self-register.
Differences Between B2B and B2C
| Feature | Azure AD B2B | Azure AD B2C |
|---|---|---|
| Users | Business partners, vendors | Customers, end-users |
| Account Type | Guest account in your Azure AD | User account in your B2C tenant |
| Identity Providers | External Azure AD accounts | Social accounts + local accounts |
| Access Focus | Collaboration inside organization | Access to applications/services for customers |
| Management | IT manages external users | Self-service by the user |
Important Notes for the Exam
- B2B uses Azure AD external collaboration. It’s about inviting existing work accounts.
- B2C uses Azure AD external identity. It’s about letting customers sign in with social accounts or self-created accounts.
- Conditional Access applies to both B2B and B2C: You can require MFA, device compliance, or location-based restrictions.
- Integration with apps:
- B2B: Office 365, SharePoint, Teams, internal apps.
- B2C: Web apps, mobile apps, SaaS applications for customers.
Summary for Easy Recall
- B2B: Invite other companies → Collaboration → Use their work accounts → IT controls access.
- B2C: Enable customer login → Apps for consumers → Can use social or email login → Users self-manage accounts.
For AZ-900, focus on what B2B and B2C are used for, who the users are, and how they are different. You don’t need to know deep technical setup; just the concepts and use cases.
