Beta

AZ-305: Microsoft Azure Solutions Architect Expert

Design for authentication and authorization

Design for Azure AD B2B

This article details the design considerations for implementing Azure AD B2B. It focuses on integrating with on-premises Active Directory Domain Services and outlines the invitation process used to grant external users secure access to organizational resources.

Integration with On-Premises Active Directory Domain Services

Azure AD B2B enhances your on-premises Active Directory Domain Services by enabling collaboration with guest users from other organizations. It does this by leveraging a secure invitation process that ensures only trusted participants gain access.

The Invitation Process

Azure AD B2B uses an invitation-based system to onboard external users. When a guest receives an invitation—sent to their email address (for example, [email protected])—they are guided through a sign-in process. Depending on the account configuration, the guest may need to authenticate using their Microsoft Account or Outlook password.

Note

If the invitation process is not clearly understood, remember that the external user must complete the same secure steps as internal users to ensure compliance with your organization's access policies.

Secure Access and Conditional Access Policies

After accepting the invitation and signing in, additional security measures come into play. Administrators can enforce Conditional Access policies that may include Multifactor Authentication (MFA) or other access restrictions to ensure that only authorized users are allowed access.

The image outlines best practices for Azure AD B2B, including managing guest users, using conditional access, leveraging MFA, integrating with third-party identity providers, and enabling self-service sign-up.

Additional Security and User Flow Considerations

Best PracticeDescription
Leverage MFAEnforce Multifactor Authentication for enhanced security.
Self-Service Sign-UpImplement a streamlined self-service sign-up process.

Warning

Ensure that all external user access complies with your organization’s security protocols, including regular reviews of guest access and MFA policies.

This strategic approach to designing Azure AD B2B not only secures collaboration with external partners but also guarantees that the access management complies with organizational policies and industry best practices.

Watch Video

Watch video content

Previous
Design for Azure AD
Next
Design for Azure AD B2C