External_collaboration_with_Azure_B2B_Dev.pdf

Transcript

1. Collaboration External With Azure AD B2B

2. About me @SjoukjeZaal https://www.sjoukjezaal.com Sjoukje Zaal Managing Consultant / Azure

   MVP

3. © 2019 Sjoukje Zaal Key Benefits & Capabilities Demo Invitations

   & Entitlement Management Demos PowerShell & Graph API Demo Sample App Demo Step 05 Step 04 Step 03 What & Why Step 02 Step 01 Agenda

4. © 2019 Sjoukje Zaal What is Azure Active Directory B2B

   Azure Active Directory Business-to-Business (B2B) enables any organization to work safely and securely with users from any other organization.

5. © 2019 Sjoukje Zaal Documents & data Third party apps

   Custom apps Azure & Office 365 Why use Azure AD B2B Gives access to

6. © 2019 Sjoukje Zaal Works with any user Azure AD

   not required Users can use their own identities No external directories No need to sync accounts Simple & Secure Easy for admins and users Access to any app and data Enterprise-grade security for apps and data No external account management Key benefits

7. 7 MASSIVE X presentation to DesignTuts team Licensing ratio 1:5

   b Add single users or in bulk c Invite guest users using their own email address g Sharing policies Turn off & delegate the invitation of guest users to others h

8. 8 MASSIVE X presentation to DesignTuts team d b Auditing

   and Reporting Provided by Azure AD Conditional Access Policies e Azure AD Identity Protection Azure AD Premium P2 g PowerShell & Invitation APIs Bulk invitations & customizing onboarding Azure AD B2B Guest users sign in to your apps and services with their own work, school, or social identities.

9. © 2019 Sjoukje Zaal Admin adds guest user to Azure

   AD Guest user receives an invitation email Guest user clicks link in the invitation Guest user logs in with own account Guest user accepts the privacy statement Guest user is redirected to the App landing page Flow of Adding Guest Users

10. © 2019 Sjoukje Zaal Demo Inviting guest users

11. © 2019 Sjoukje Zaal Add Guest user with a personal

    Microsoft account to Azure AD Add group to an application Add Guest user to a group Step 1 Demo summary Step 2 Step 3

12. © 2019 Sjoukje Zaal Invitation email Company branding / information

    Subject Personal Message Redemption URL

13. © 2019 Sjoukje Zaal RBAC Add guest users without invitation

    Guest Invitor Director Role Sending out a direct link Direct &

14. © 2019 Sjoukje Zaal Demo Invitation email and redemption

15. © 2019 Sjoukje Zaal User receives invitation User can access

    the applications User accepts the privacy terms User logs in using own credentials User accepts the invitation Step 1 Demo summary Step 2 Step 3 Step 4 Step 5

16. © 2019 Sjoukje Zaal x t x b Identity Governance

    Access Packages Connected Organizations Internal and external users Entitlement Management

17. © 2019 Sjoukje Zaal Demo Entitlement Management

18. © 2019 Sjoukje Zaal Created a new access package Used

    Access link to get access Shared the access link Enabled guest users and set expiration Added a group and application Step 1 Demo summary Step 2 Step 3 Step 4 Step 5

19. © 2019 Sjoukje Zaal MS Graph APIs & PowerShell B2B

    collaboration invitation APIs PowerShell for bulk invitations PowerShell &

20. 20 MASSIVE X presentation to DesignTuts team Customize email messages

    Add a display name for the user Add CCs to the messages Suppress invitation email messages altogether Set the invitation redirect URL Invitation Customization With PowerShell / API Invitations you can:

21. © 2019 Sjoukje Zaal Demo Sending invitations Using PowerShell

22. © 2019 Sjoukje Zaal Download the latest Azure Active Directory

    PowerShell for Graph Create accounts with PowerShell Create a CSV file with email addresses Step 1 Demo summary Step 2 Step 3

23. © 2019 Sjoukje Zaal x t x b Premium Azure

    AD At Tenant, app or user level Same policies as internal users Easy to set policies for guest users (Preview) Conditional Access Policies

24. © 2019 Sjoukje Zaal Demo Conditional Access and MFA

25. © 2019 Sjoukje Zaal Create a new Conditional Access Policy

    Used MFA to access the application Logged in as a guest user Enable MFA for guest users Select “All Guest Users” Step 1 Demo summary Step 2 Step 3 Step 4 Step 5

26. © 2019 Sjoukje Zaal O365 uses Azure AD B2B Different

    invitations Different licensing Except for SharePoint Online & OneDrive External Sharing in Office 365 VS Azure B2B

27. © 2019 Sjoukje Zaal Enable Azure B2B in SharePoint Online

    & OneDrive

28. © 2019 Sjoukje Zaal Before Differences Invitation Redemption in Azure

    B2B & Office 365 B2B users can be selected before accepting the invite Office 365 users can be selected after accepting the invite After &

29. © 2019 Sjoukje Zaal Demo Sample Application

30. 30 MASSIVE X presentation to DesignTuts team Graph API Step

    04 Azure AD app Step 03 Flow Step 02 Power App Step 01 Solution Components No code solution Automate tasks using workflows Register an app in Azure AD with the proper permissions Gateway to all data in Azure & Office 365

31. © 2019 Sjoukje Zaal Created an Azure AD Application Set

    the application permissions Used the PowerApp in SharePoint Online Created a PowerApp for sign-up form Used the MS Graph to add guest users Created a Flow Called the Azure AD App from Flow Step 1 Demo summary Step 2 Step 3 Step 4 Step 5

32. © 2019 Sjoukje Zaal 01 02 03 Possible double multi-

    factor authentic ation Azure AD Directory Limits Replication Latency b C s Current limitations

33. ? any Are there questions?