Azure AD B2B and B2C

all right my name is John Samuel and in this quick video I want to just talk about Asia ad b2b business the business and Asia ad b2c business to consumer so take a really quick step back if I think traditionally I have my own premises and I have my Active Directory and then in Asia we create and Asia ad instance and when I have my object is kind of created in my on-premises OD I want those object to project into Azure ad and the way we do there is we connect them together we have a component adder ad connect and its component synchronizes between AD and Azure ad it can do things like password right back if I change my password up here but essentially now my identity has a version in Azure ad as well and then through this cloud through the Azure ad I can collaborate I can think well then other cloud services that as your ad Federation Swift and I think about things like office 365 I can think as your services and they all going to be enabled through that as Radia count that’s fantastic for my company as with my users but now let’s take an example of well I have a partner company there’s a partner company over here they have their own Azure ad I don’t want to create an entirely separate user over here that then has its own password and then have to worry about how users add multiple passwords I want to take advantage of the account of that user already has over here so we have is a should be to be and what I should be to be does is it mate was me to invite a guest so if I quickly kind of go and look at the portal if I look at my various users my users could be cloud users they were dinner’s ready they could source from Active Directory but I can do a new guest user when I do that new guest user I can just type in an email address and a message saying hey I want to invite you to sort collaborate with me in my organization now that target person is there in your ad they’re gonna get that invite they’ll redeem it and at that point I basically create kind of like a stub object in my local as rady that I can then give that permissions of my resources for example in office 365 I could now collaborate with them we could do SharePoint collaboration documents when I think about more advanced features of azure ad might as ready premium for every one user I have license for as ready premium I can able the various capabilities for five users that are connected by a b2b so this is my b2b connection now what if they’re not in Azure ad what if they have a Microsoft account that works as well so I can have a music here and they have a Microsoft ID and once again they’ll get that invite they’ll sign into their Microsoft account and they can redeem it and then they’ll have a stub object in my answer ad as well and I can collaborate with them I can give them access to various resources in that invite I can stop any email address I want I could have done a gmail account I could have done a Facebook it doesn’t matter but what happens there is when I send that in fact let’s say two gmail accounts example the Gmail inbox will get that invite the user would then click the link and in that link is going to say you need a Microsoft account it would then talk to me and help me create the Microsoft account and then that is what would then get linked in to my eyes or a deer might be to be so I can invite any Microsoft ID or any other email address Gmail Facebook it doesn’t matter but when that user redeems it they’re not signing in with their Google account or their Facebook account they’re signing in with a new Microsoft account it will make them create but it could be their gmail email address so that’s very clear the difference yes it’s the gmail address but I’m just using that dress to create a Microsoft account I’m not logging in with my Google account to access this so b2b as your ad

Microsoft ID and it’s focused around I want to collaborate they’re my partners because these beats be users well they have these objects in my Azure ad and give them rights to resources as your services they can access and collaborate in my SharePoint in my office 365 so this is a true business collaboration and that’s what that’s aimed at I want to collaborate with my partners for my internal type services as your ad Microsoft account but now I’m saying okay well that’s fine but I actually wanna work with my customers I want to publish an application to my customers and I want them to be able to actually sign in with a Facebook ID or Google ID or maybe I want them to actually go and create their own accounts and actually should have said as you very quickly this email that’s fine for sort of one-off users if you want to import a bulk of users another option is through PowerShell I can basically give it a whole list of accounts then it can go and read in and not require Redemption it will just add them on github is actually a self-service portal so I could pre-approve certain suffixes and then the users on those pre-approved suffixes could just go self-serve to say hey I want to be added as a b2b user and then they would be available so I don’t have to use that kind of one at a time approach I can bulk in pull I can able kind of a self-service now that’s up on github portal so back to my consumer 1 hey I have this app I’ve got this fantastic app and all my customers we have to sign in with the existing social identities so for that solution we have Asia ad b2c now the azure ad b2c is a completely different construct it is in no way tied to my regular as your ad with b2b I’m using my existing Azure ad to add my partners in so I can collaborate and work with them on my internal services with b2c my focus is hey I want to publish we’re back to my customers I want to publish a mobile to my customers and all my customers those consumers to use those consumer identities so if b2c I create a b2c instance so if I kind of jump over here super quick I would have to change my body pretty crazy one I would change to a b2c instance once I do that I would actually go and find so for those my all services and if I quickly type in jump over here there’s my either ad b2c just gonna go and find that sort of a service that I have available in my Azure ad you can see I’ve created it already and so it’s a different object it’s not linked to my ad at all so what can I do with the b2c so if the b2c there’s a number of different options for me because I already have all these various users sitting out here maybe it’s a Google account maybe it’s a Facebook account maybe it’s Azure ad so maybe it’s a consumer but they want to use an azure ad account so hey I have an azure ad with a user in it maybe it’s a Microsoft account and maybe they don’t have any kind of social account my wife recently got me some edible cookie dough and it was fantastic and the first thing I did was go to the website and when I went to the website you probably seen this yourselves there was like a button to sign in with a Google account button sign in with a Microsoft account or I could create an account so I didn’t want to use an existing social identity I can just create one local to the service and so I could do the same thing in b2c yes I can allow consumers to use their existing consumer identities yes I can go and use an azure ad account into here or I can create local accounts based on maybe it’s an email address maybe a certain used name I’m going to configure so b2c I actually go and light up which identity providers do I wanna support so yes there’s local accounts I’m gonna use an email address or some kind of username but I can add various identity providers so here you’re gonna see ones like that Microsoft account Google accounts Facebook Linkedin Amazon Weibo QQ we check – it’s a github so all of those different accounts I pick the ones I want to light up for my b2c so that when users actually sign into my

application and either once I’ve enabled they can then use that identity so think b2c I have a customer facing app so we’re bout a mobile app I want them to use social ID an azure ad or a local account but I cannot use b2c to collaborate on office for example office 365 has zero clue what I can do with a b2c I can’t go and climb rate on SharePoint I can’t go and give access b2c to as your resources b2c is I have my web and my mobile that I want to give it to my customers social identity as your ad local account b2b hey I want to collaborate with my partner as your ad or Microsoft ID again I can use other email accounts but I’m still gonna create a Microsoft account for that this is who I want to collaborate you’d like office 365 and those services that’s really the big difference and the name kind of tells you that a b2b business to business on a collaborate with you B to C I want to offer something it to my customers so that kind of clears up where we would use one over the other I’m gonna use that b2b when I want to collaborate with my partner’s b2c I want to enable my customers to use some identity for that customer facing app thank you