External_collaboration_with_Azure_B2B.pdf

Transcript

1. External Collaboration with Azure AD B2B Sjoukje Zaal

2. About me @SjoukjeZaal https://www.sjoukjezaal.com Sjoukje Zaal Managing Consultant / Azure

   MVP

3. © Sjoukje Zaal Key Benefits & Capabilities Demo Invitations &

   Entitlement Management Demos PowerShell & Graph API Demo Sample App Demo Step 05 Step 04 Step 03 What & Why Step 02 Step 01 Agenda

4. © Sjoukje Zaal What is Azure Active Directory B2B Azure

   Active Directory Business-to-Business (B2B) enables any organization to work safely and securely with users from any other organization.

5. © Sjoukje Zaal Documents & data Third party apps Custom

   apps Azure & Office 365 Why use Azure AD B2B Gives access to

6. © Sjoukje Zaal Works with any user Azure AD not

   required Users can use their own identities No external directories No need to sync accounts Simple & Secure Easy for admins and users Access to any app and data Enterprise-grade security for apps and data No external account management Key benefits

7. © Sjoukje Zaal Licensing ratio 1:5 b Add single users

   or in bulk c Invite guest users using their own email address g Sharing policies Turn off & delegate the invitation of guest users to others h

8. © Sjoukje Zaal d b Auditing and Reporting Provided by

   Azure AD Conditional Access Policies e Azure AD Identity Protection Azure AD Premium P2 g PowerShell & Invitation APIs Bulk invitations & customizing onboarding Azure AD B2B Guest users sign in to your apps and services with their own work, school, or social identities.

9. © Sjoukje Zaal Admin adds guest user to Azure AD

   Guest user receives an invitation email Guest user clicks link in the invitation Guest user logs in with own account Guest user accepts the privacy statement Guest user is redirected to the App landing page Flow of Adding Guest Users

10. © Sjoukje Zaal Demo Inviting guest users

11. © Sjoukje Zaal Add Guest user with a personal Microsoft

    account to Azure AD Add group to an application Add Guest user to a group Step 1 Demo summary Step 2 Step 3

12. © Sjoukje Zaal Invitation email Company branding / information Subject

    Personal Message Redemption URL

13. © Sjoukje Zaal RBAC Add guest users without invitation Guest

    Invitor Director Role Sending out a direct link Direct &

14. © Sjoukje Zaal Demo Invitation email and redemption

15. © Sjoukje Zaal User receives invitation User can access the

    applications User accepts the privacy terms User logs in using own credentials User accepts the invitation Step 1 Demo summary Step 2 Step 3 Step 4 Step 5

16. © Sjoukje Zaal x t x b Identity Governance Access

    Packages Connected Organizations Internal and external users Entitlement Management

17. © Sjoukje Zaal Demo Entitlement Management

18. © Sjoukje Zaal Created a new access package Used Access

    link to get access Shared the access link Enabled guest users and set expiration Added a group and application Step 1 Demo summary Step 2 Step 3 Step 4 Step 5

19. © Sjoukje Zaal MS Graph APIs & PowerShell B2B collaboration

    invitation APIs PowerShell for bulk invitations PowerShell &

20. © Sjoukje Zaal Customize email messages Add a display name

    for the user Add CCs to the messages Suppress invitation email messages altogether Set the invitation redirect URL Invitation Customization With PowerShell / API Invitations you can:

21. © Sjoukje Zaal Demo Sending invitations Using PowerShell

22. © Sjoukje Zaal Download the latest Azure Active Directory PowerShell

    for Graph Create accounts with PowerShell Create a CSV file with email addresses Step 1 Demo summary Step 2 Step 3

23. © Sjoukje Zaal x t x b Premium Azure AD

    At Tenant, app or user level Same policies as internal users Easy to set policies for guest users (Preview) Conditional Access Policies

24. © Sjoukje Zaal Demo Conditional Access and MFA

25. © Sjoukje Zaal Create a new Conditional Access Policy Used

    MFA to access the application Logged in as a guest user Enable MFA for guest users Select “All Guest Users” Step 1 Demo summary Step 2 Step 3 Step 4 Step 5

26. © Sjoukje Zaal O365 uses Azure AD B2B Different invitations

    Different licensing Except for SharePoint Online & OneDrive External Sharing in Office 365 VS Azure B2B

27. © Sjoukje Zaal Enable Azure B2B in SharePoint Online &

    OneDrive

28. © Sjoukje Zaal Before Differences Invitation Redemption in Azure B2B

    & Office 365 B2B users can be selected before accepting the invite Office 365 users can be selected after accepting the invite After &

29. © Sjoukje Zaal Demo Sample Application

30. © Sjoukje Zaal Graph API Step 04 Azure AD app

    Step 03 Flow Step 02 Power App Step 01 Solution Components No code solution Automate tasks using workflows Register an app in Azure AD with the proper permissions Gateway to all data in Azure & Office 365

31. © Sjoukje Zaal Created an Azure AD Application Set the

    application permissions Used the PowerApp in SharePoint Online Created a PowerApp for sign-up form Used the MS Graph to add guest users Created a Flow Called the Azure AD App from Flow Step 1 Demo summary Step 2 Step 3 Step 4 Step 5

32. © Sjoukje Zaal 01 02 03 Possible double multi- factor

    authentic ation Azure AD Directory Limits Replication Latency b C s Current limitations

33. ? any Are there questions?