Successfully reported this slideshow.
Your SlideShare is downloading. ×

Dear Azure: External collaboration with Azure AD B2B

Loading in …3

Check these out next

1 of 82 Ad

More Related Content

Slideshows for you (20)

Similar to Dear Azure: External collaboration with Azure AD B2B (20)


Recently uploaded (20)

Dear Azure: External collaboration with Azure AD B2B

  1. 1. Dear Azure External collaboration with Azure B2B
  2. 2. About Me Sjoukje Zaal Principal Expert Microsoft / Azure MVP T: @SjoukjeZaal W:
  3. 3. Agenda What is Azure B2B? Why Azure B2B? Key Benefits and Capabilities Demos! Azure B2B & Office 365 More Demos!
  4. 4. What is Azure Active Directory B2B? Azure Active Directory Business-to-Business (B2B) enables any organization to work safely and securely with users from any other organization.
  5. 5. Why use Azure Active Directory B2B? -Gives Access to: • Azure & Office 365 resources • Custom Applications • Third Party Applications • Documents & data
  6. 6. Key Benefits • Works with any user • Azure AD not required • Users can use their own identities • No external directories • Simple & Secure • Easy for admins and users • Access to any app and data • Enterprise-grade security for apps and data • No external account management
  7. 7. Capabilities • Invite guest users by email • Conditional Access Policies • Sharing Policies • Azure AD Identity Protection • Auditing and Reporting • Customize onboarding using PowerShell & Invitation APIs • Licensing: 1:5 ratio
  8. 8. Flow of Adding Guest Users Admin adds guest user to Azure AD Guest user receives an invitation email Guest user clicks link in the invitation Guest user logs in with own account Guest user accepts the privacy statement Guest user is redirected to the App landing page
  9. 9. Inviting guest users Demos
  10. 10. Demo Summary • Add Guest user with a personal Microsoft account to Azure AD • Add Guest user to a group • Add group to an application
  11. 11. Invitation Email • Company branding / information • Subject • Personal Message • Redemption URL
  12. 12. Invitation Email & Redemption
  13. 13. Demo Summary • User receives invitation • User accepts the invitation • User logs in using own credentials • User accepts the privacy terms • User can access the applications
  14. 14. Add Guest Users Without Invitation Guest Invitor Directory Role Sending out a direct link
  15. 15. APIs & PowerShell B2B collaboration invitation APIs PowerShell for bulk invitations
  16. 16. Invitation Customization • With PowerShell / API Invitations you can: • Customize email messages • Add a display name for the user • Add CCs to the messages • Suppress invitation email messages altogether • Set the invitation redirect URL
  17. 17. Sending invitations using PowerShell Demo
  18. 18. Demo Summary • Download the latest Azure Active Directory PowerShell for Graph • AzureADPreview/ • Create a CSV file with email addresses • Create accounts with PowerShell
  19. 19. Conditional Access • Premium Azure AD • At Tenant, app or user level • Same policies as internal users • Easy to set policies for guest users (Preview)
  20. 20. Conditional Access - MFA Demo
  21. 21. Demo Summary • Create a new Conditional Access Policy • Select “All Guest Users” • Enable MFA for guest users • Logged in as a guest user • Used MFA to access the application
  22. 22. Microsoft provides sample code for a Self- Service Portal on GitHub.
  23. 23. Azure B2B Self Service Portal • MVC sample application • Uses the Graph API • Approve / deny guest users • Custom email templates • Custom redirect URL
  24. 24. Self Service Portal Demo
  25. 25. Demo Summary • Add a guest user using Self Service Portal • Approve or deny guest user • Create custom email templates • Set a different redirect URL
  26. 26. External Sharing in Office 365 VS Azure B2B • Office 365 uses Azure B2B • Except for SharePoint Online & OneDrive • Different Invitations • Different Licensing
  27. 27. Enable Azure B2B in SP Online & OneDrive
  28. 28. Differences Invitation Redemption in Azure B2B & Office 365 B2B users can be selected before accepting the invite Office 365 users can be selected after accepting the invite
  29. 29. Adding guest users using PowerApps, Flow and the Graph API in SharePoint Online Demo
  30. 30. Solution Components PowerApp Flow Azure AD App Graph API
  31. 31. Demo Summary • Create an Azure AD Application • Setting the Application Permissions • Create a Flow • Call the Azure AD App from Flow • Use the MS Graph to add guest users • Create a PowerApp for sign-up form • Use the PowerApp in SharePoint Online • Detailed blog post: sharepoint-online-solution-using-powerapps-flow- and-the-graph-api/
  32. 32. Current Limitations • Possible double multi-factor authentication • Azure AD Directory Limits • Replication Latency
  33. 33. Questions?

Editor's Notes

  • - External users without a personal Microsoft account or Work / School account, need to provide an password when they log in to the site for the first time.

    Install-Module -Name AzureADPreview -Scope CurrentUser -Verbose
  • Install-Module -Name AzureADPreview -Scope CurrentUser
  • Install-Module -Name AzureADPreview -Scope CurrentUser
  • enable the following permissions
    Application Permissions:
    Read and write directory data
    Invite guest users to the organization

    Hover over the settings to see the Internal names used on