Azure AD B2B (Business-to-Business)

Purpose:
Allows secure sharing of company applications and services with external partner organizations while maintaining control over corporate data.

Key Features:

• Works with external partners even if they don’t have Azure AD or IT infrastructure.

• Partners use their own credentials; no need for your organization to manage external accounts or passwords.

• No synchronization of accounts or lifecycle management is required.

• Developers can customize the invitation process or create self-service sign-up portals using Azure AD B2B APIs.

Benefits:

• Minimal external administrative overhead.

• Secure collaboration with partners.

• Easy invitation and redemption process.

Azure AD B2C (Business-to-Customer)

Purpose:
Provides customer identity management as a service (CIAM), allowing customers to use social, enterprise, or local accounts for single sign-on (SSO) access.

Key Features:

• Scales to millions of users and billions of authentications.

• Protects against threats such as denial-of-service, password spray, or brute force attacks.

• Standards-based authentication protocols: OpenID Connect, OAuth 2.0, SAML.

• Directory supports 100 custom attributes per user and can integrate with external systems (e.g., CRM, loyalty databases).

• Supports identity verification by collecting user data and passing it to third-party systems for validation and trust scoring.

Benefits:

• Flexible user provisioning (invited party controls provisioning).

• Integration with modern apps and commercial off-the-shelf software.

• Facilitates secure and scalable authentication for customers.

Demonstration: Users and Groups in Azure AD

1. Determine Domain Information

• Navigate to Azure Active Directory in the Azure portal.

• Note your domain name (e.g., usergmail.onmicrosoft.com).

2. Explore User Accounts

• Go to the Users blade → New user → Option to create New guest user.

• Review user details:

  • User name

  • Groups

  • Directory Role

  • Job Info

• After creation, check additional information about the user.

3. Explore Group Accounts

• Go to the Groups blade → New group.

• Example configuration:

  • Group type: Security

  • Group name: Managers

  • Membership type: Assigned

  • Add your newly created user as a member

• After creation, review group details.

4. PowerShell for Group Management

1. Create a group:

   New-AzADGroup -DisplayName Developers -MailNickname Developers


2. Retrieve group ObjectId:

   Get-AzADGroup


3. Retrieve user ObjectId:

   Get-AzADUser


4. Add user to group:

   Add-AzADGroupMember -MemberUserPrincipalName "myemail@domain.com" -TargetGroupDisplayName "MyGroupDisplayName"


5. Verify members of the group:

   Get-AzADGroupMember -GroupDisplayName "MyGroupDisplayName"


✅ Summary:

• B2B: Secure collaboration with external organizations, minimal admin effort.

• B2C: Scalable customer identity management with integration flexibility.

• Users & Groups: Can be managed via Azure Portal or PowerShell, giving control over access and membership.