Azure AD B2B and B2C Part 1

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with

Already have an account? Sign In »

14 hours 28 minutes
Video Transcription
Hello, Siberians. Welcome to Lesson 1.10 Off. Discuss titled A Visit to Israel one. Microsoft Azure Architect Design
here. The objectives that will cover in Disservice of Lessons
and Pat One will start by covering an overview off a joy d B to B on as your a d B to C
that we're going to modern tales with as your a d B to B
Impacts to work a version of a D. B to C in mar. Details.
Let's get into this.
So one of the first things that I want you to understand about as your a B B to be an azure 80 B to C
is that to a certain extent, the save similar pop owes so bored I joy it'd be to be an azure 80. BTC allows us to give external users access to resources and service. Is that trust our azure Haiti? So what that means is in my organization
with my a jury de tenant, I have said in service is on applications and resources that I need to give external users access to
violent creating accounts for them individually or separately managed in my organizations as you're a determined I can invite them, which their credentials in order, Grady Tenant or in even in our guidance, the providers to access my resources. That's sort of like the Overwatch in
on poppers off this, too.
Service's artist or solutions. Now that's about where the similarities end.
When it comes to as your a d B to B. It's mainly for partner collaboration. So that's talking about an organization collaborating with their partners that they're working on doing business together,
whereas as your a d B to see as the name implies business to consumer, it's for external customer access applications. So, for example, I have an e commerce website where I'm gonna be selling, said in Service is or setting product toe external customers.
They're not partners that I collaborate with. Andi needs to be able to authenticate maybe to my e commerce sites, to be ableto
patches. Might. My products and service is I can use as a lady Beatrice see as the identity provider for that external face an application.
Let's talk a bit more about as i e. D. B to be so one of the faces. It is a functionality off your head. It's no different service. So this can get a bit confusing, cause if you go to the Microsoft Azure Pato on your typing adieu, lady B to C going to see a different service. There's a different service, whereas your Lady Beatrice is different
from a JD itself.
But when we talk about actually a d B to B, it's not. It's this other service that you can go to implement. It's just an additional functionality that we get with azure Haiti,
where we can collaborate between organizations as your 80 tenants. That's actually what I joined. It'd be to be peace.
It happens to avoid federation and extra service. So in the past, if we wanted to do that, we'll have to deploy federation, sever and then configure federation across two organizations as your A B B to B. That functionality off actually hit. It just makes it as easy as I invite users
from other Azure Bay detainment into my organization and all the federation processes and all of the extra stuff
that on dude, almost transparently to the administrator.
So a cz Why mentioned earlier, it's about inviting users from Oda a detainment and inviting them into your own organizations tenant
and one of the men finished, Remember, Is that you? As an organization, you're in control off the invitation to the other side, right? You're in control. US tow, How relaxed you wants to make. That's to be. And we can invite other users from orders. You're a detainment into your organization. You can control that.
So let's see conflict visual representation of that. So that's organizations this canto. So on this fabric among the right inside.
So Kant also was an organization of the azure lady tenant and fabric cam, as the azure lady tenant with the identities in the regulations are as your lady tenant.
Now Contessa has an application I content. That's the wants. Users
in fabric came to be able to access because they're collaborating and walking together
Now. One way to solve that would be to create
on a different identity for fabric. Um, Jesus Incanto So But that will be an effective way to do that because you have no idea of the life cycle of that user. They've changed apartment in fabric. Campion aware off all those processes. Ideally, you want to the users to still be managed by fabric. Campbell being able to give them access to resources or applications in the own organization.
So what do you do it? You invite the user from fabric, come into your organization, and then you give them access to the content on the application that you want to be able to access.
Now what that means is whenever he wants to access the daughter, indication against become saturated talents. But then David to use that claymore, that talking to access content within the application within your own organisation.
At the end of the day, it's about the Coplin authorization from authentication.
So what does Mrs authentication happens in the organization where the azure Lady tenant or the organization where Theo identity than its access comes from? But out of a decision as to access happens in your own actually detainment, where the application and the content. Actually he's
So here's a quick break down off, like the steps off that.
So you just so we have
Contessa Sinan in the middle. We have fabric, um, user trying to access it
content application that belongs to Kanto. So So he tries to access the content on dhe, Then they're gonna be redirected to consciousness as your Haiti, which is goingto
have a look at that authentication request.
Andi Contos recognizes that this is a guest user from another, as waded in, and so it's redirect or recognises that and read the rex to fabric came for authentication.
Now, fabric amount indicates the user and then sense contest organization. They're talking Thio say this district has been validated
on then contest of validates the talking and then sends a new talking to the content for auto physician. So you can see where the Coplin happens between authentication on authorization.
So when it comes to what sort of identities are supported? So this is so it's not just about orders your lady tenants, right, even though that's a big part of that. So that is, or the Azure A D tenants. It's a big part of that.
But there's also support for Google Federation. So what that means is if immigration issues in the Gist Streets organization that you can guide and invite such uses to be able to access content within the organization, so Google Federation is supported.
But if you're dealing with a small business where they don't use, didn't have a nauseated tenants. They don't use the gist rates application set.
If they haven't outlook dot com accounts, you can actually go ahead and invites them.
We better not talk from account into your organization to be able to access content within your organization. Authentication. We are happily gains out of the car. Motivation happens in your R J D tenant
on, then the other one that he puts down there, so that's currently in preview. But it's direct federation, where you can essentially say any organization that supports the right authentication protocol, seeking just to a direct federation with that organization to give access to content or applications.
So some quick architectural considerations for as your a. D. B to B
the 1st 1 is guest user M. F. A s and forced in resource and frosting. Resource organization requires a license. One visual five. What do I mean by this? What we mean by this is when you invite a user from another organization into your azure a determinant,
and then you configure policies against your applications to enforce that Emma for Israel,
because M. Murphy is a life sensed feature off as your 80. What? That Mrs If you have like, let's say, an agile 80 premium P one license that allows you Emma Fay.
One license will allow you to be able to do M F A for five guests. User. So it's like, ivanovich your fight, so it's not gonna be one visual one, cause it's not fair because they're not gonna be using all the full functionality.
But it's the licensing. It's around one. Wish your Fife.
So as your a d B to B is subject to Azure Aid, the service director limits, remember that your it'd be to be is a functionality off as your lady. It's nice, separate service by itself, the same way that a joy to be to seize
and I just need to be to be. Collaboration is not supported across national cloud boundary. So with azure, we have different cloud. Why we have the azure government. We have a job China, which is your friends as your Germany, which is also fenced.
For example, you can't invite users for much of government to access
resources in a jar
in as our public or vice versa. So this this it's not supported across national cloud boundaries away. What we called your fenced regions. That way I'll stop in this part of the video. So in the next part of the video, our pick up from here on I will talk about as your a d B to C.
Up Next
AZ-301 Microsoft Azure Architect Design

This AZ-301 training covers the skills that are measured in the Microsoft Azure Architect Design certification exam. Learn strategies to plan for the exam, target your areas of study, and gain hands-on experience to prepare for the real world.

Instructed By