CSF18 - External Collaboration with Azure B2B - Sjoukje Zaal
0 likes108 views
The document discusses Azure Active Directory B2B, which allows organizations to securely share access to resources with external users. It covers why organizations use AAD B2B, key benefits like access from any app or identity, and security capabilities. The document demonstrates inviting guest users through the AAD portal and via PowerShell/APIs, applying conditional access policies, and automating guest user management with Azure Functions. It addresses some current limitations and takes questions at the end.
CSF18 - External Collaboration with Azure B2B - Sjoukje Zaal
- 3. About Me Sjoukje Zaal Principal Expert Microsoft / Azure MVP T: @SjoukjeZaal W: https://www.sjoukjezaal.com
- 4. Agenda What is Azure B2B? Why Azure B2B? Key Benefits and Capabilities Demos! Automating Adding Guest Users More Demos!
- 5. What is Azure Active Directory B2B? Azure Active Directory Business-to-Business (B2B) enables any organization to work safely and securely with users from any other organization.
- 6. Why use Azure Active Directory B2B? -Gives Access to: • Azure & Office 365 resources • Custom Applications • Third Party Applications • Documents & data
- 7. Key Benefits • Works with any user • Azure AD not required • Users can use their own identities • No external directories • Simple & Secure • Easy for admins and users • Access to any app and data • Enterprise-grade security for apps and data • No external account management
- 8. Capabilities • Invite guest users by email • Conditional Access Policies • Sharing Policies • Azure AD Identity Protection • Auditing and Reporting • Customize onboarding using PowerShell & Invitation APIs • Licensing: 1:5 ratio
- 9. Flow of Adding Guest Users Admin adds guest user to Azure AD Guest user receives an invitation email Guest user clicks link in the invitation Guest user logs in with own account Guest user accepts the privacy statement Guest user is redirected to the App landing page
- 23. Demo Summary • Add Guest user with a personal Microsoft account to Azure AD • Add Guest user to a group • Add group to an application
- 24. Invitation Email • Company branding / information • Subject • Personal Message • Redemption URL
- 30. Demo Summary • User receives invitation • User accepts the invitation • User logs in using own credentials • User accepts the privacy terms • User can access the applications
- 31. Add Guest Users Without Invitation Guest Invitor Directory Role Sending out a direct link
- 32. Sending out a direct link Demo
- 40. Demo Summary • Enabled Self-Service Group Management • Add an owner to the group • Configure app for self service • User adds guest user to the group
- 41. APIs & PowerShell B2B collaboration invitation APIs PowerShell for bulk invitations
- 42. Invitation Customization • With PowerShell / API Invitations you can: • Customize email messages • Add a display name for the user • Add CCs to the messages • Suppress invitation email messages altogether • Set the invitation redirect URL
- 47. Demo Summary • Download the latest Azure Active Directory PowerShell for Graph • https://www.powershellgallery.com/packages/ AzureADPreview/2.0.1.18 • Create a CSV file with email addresses • Create accounts with PowerShell
- 48. Conditional Access • Premium Azure AD • At Tenant, app or user level • Same policies as internal users • Easy to set policies for guest users (Preview)
- 57. Demo Summary • Create a new Conditional Access Policy • Select “All Guest Users” • Enable MFA for guest users • Logged in as a guest user • Used MFA to access the application
- 58. Microsoft provides sample code for a Self- Service Portal on GitHub.
- 59. Azure B2B Self Service Portal • MVC sample application • Uses the Graph API • Approve / deny guest users • Custom email templates • Custom redirect URL
- 65. Demo Summary • Add a guest user using Self Service Portal • Approve or deny guest user • Create custom email templates • Set a different redirect URL
- 67. Automation vs Functions Azure Automation • Free 500 min/month • Startup SLA: 1 min • Input via JSON • No upgrade options Azure Functions • Free: 1 million requests & 400,000 GB/s/month • Startup cold: 10 sec • Multiple input, trigger and output options. • Basic, Standard and Premium Plans
- 68. Adding guest users using Azure Functions & PowerShell Demo
- 85. Demo Summary • Create an Azure Function • Add PowerShell script to Function • Call API from PowerShell
- 86. Current Limitations • Possible double multi-factor authentication • Azure AD Directory Limits • Replication Latency
- 87. Questions?