Upgrade to Pro — share decks privately, control downloads, hide ads and more …


Sjoukje Zaal
February 01, 2020


Collaboration between organizations becomes more and more important these days. Azure Business to Business (B2B) offers an out-of-the-box platform which can be used for secure collaboration with external users. With Azure B2B organizations can provide access to documents, resources, and applications to their partners, while maintaining complete control over their own corporate data.

This session will give you insights on how to control and manage access to your external users and partners using Azure B2B. You can expect lot's of demos on how to control access and keep your data safe as well as integrating various services to automate adding guest users inside your Azure AD tenant.

Sjoukje Zaal

February 01, 2020

More Decks by Sjoukje Zaal

Other Decks in Technology


  1. © Sjoukje Zaal Key Benefits & Capabilities Demo Invitations &

    Entitlement Management Demos PowerShell & Graph API Demo Sample App Demo Step 05 Step 04 Step 03 What & Why Step 02 Step 01 Agenda
  2. © Sjoukje Zaal What is Azure Active Directory B2B Azure

    Active Directory Business-to-Business (B2B) enables any organization to work safely and securely with users from any other organization.
  3. © Sjoukje Zaal Documents & data Third party apps Custom

    apps Azure & Office 365 Why use Azure AD B2B Gives access to
  4. © Sjoukje Zaal Works with any user Azure AD not

    required Users can use their own identities No external directories No need to sync accounts Simple & Secure Easy for admins and users Access to any app and data Enterprise-grade security for apps and data No external account management Key benefits
  5. © Sjoukje Zaal Licensing ratio 1:5 b Add single users

    or in bulk c Invite guest users using their own email address g Sharing policies Turn off & delegate the invitation of guest users to others h
  6. © Sjoukje Zaal d b Auditing and Reporting Provided by

    Azure AD Conditional Access Policies e Azure AD Identity Protection Azure AD Premium P2 g PowerShell & Invitation APIs Bulk invitations & customizing onboarding Azure AD B2B Guest users sign in to your apps and services with their own work, school, or social identities.
  7. © Sjoukje Zaal Admin adds guest user to Azure AD

    Guest user receives an invitation email Guest user clicks link in the invitation Guest user logs in with own account Guest user accepts the privacy statement Guest user is redirected to the App landing page Flow of Adding Guest Users
  8. © Sjoukje Zaal Add Guest user with a personal Microsoft

    account to Azure AD Add group to an application Add Guest user to a group Step 1 Demo summary Step 2 Step 3
  9. © Sjoukje Zaal RBAC Add guest users without invitation Guest

    Invitor Director Role Sending out a direct link Direct &
  10. © Sjoukje Zaal User receives invitation User can access the

    applications User accepts the privacy terms User logs in using own credentials User accepts the invitation Step 1 Demo summary Step 2 Step 3 Step 4 Step 5
  11. © Sjoukje Zaal x t x b Identity Governance Access

    Packages Connected Organizations Internal and external users Entitlement Management
  12. © Sjoukje Zaal Created a new access package Used Access

    link to get access Shared the access link Enabled guest users and set expiration Added a group and application Step 1 Demo summary Step 2 Step 3 Step 4 Step 5
  13. © Sjoukje Zaal MS Graph APIs & PowerShell B2B collaboration

    invitation APIs PowerShell for bulk invitations PowerShell &
  14. © Sjoukje Zaal Customize email messages Add a display name

    for the user Add CCs to the messages Suppress invitation email messages altogether Set the invitation redirect URL Invitation Customization With PowerShell / API Invitations you can:
  15. © Sjoukje Zaal Download the latest Azure Active Directory PowerShell

    for Graph Create accounts with PowerShell Create a CSV file with email addresses Step 1 Demo summary Step 2 Step 3
  16. © Sjoukje Zaal x t x b Premium Azure AD

    At Tenant, app or user level Same policies as internal users Easy to set policies for guest users (Preview) Conditional Access Policies
  17. © Sjoukje Zaal Create a new Conditional Access Policy Used

    MFA to access the application Logged in as a guest user Enable MFA for guest users Select “All Guest Users” Step 1 Demo summary Step 2 Step 3 Step 4 Step 5
  18. © Sjoukje Zaal O365 uses Azure AD B2B Different invitations

    Different licensing Except for SharePoint Online & OneDrive External Sharing in Office 365 VS Azure B2B
  19. © Sjoukje Zaal Before Differences Invitation Redemption in Azure B2B

    & Office 365 B2B users can be selected before accepting the invite Office 365 users can be selected after accepting the invite After &
  20. © Sjoukje Zaal Graph API Step 04 Azure AD app

    Step 03 Flow Step 02 Power App Step 01 Solution Components No code solution Automate tasks using workflows Register an app in Azure AD with the proper permissions Gateway to all data in Azure & Office 365
  21. © Sjoukje Zaal Created an Azure AD Application Set the

    application permissions Used the PowerApp in SharePoint Online Created a PowerApp for sign-up form Used the MS Graph to add guest users Created a Flow Called the Azure AD App from Flow Step 1 Demo summary Step 2 Step 3 Step 4 Step 5
  22. © Sjoukje Zaal 01 02 03 Possible double multi- factor

    authentic ation Azure AD Directory Limits Replication Latency b C s Current limitations