The Azure Active Directory is the central authentication service for Microsoft Cloud Services. Even your own applications can use this service as a signup database, which makes it easy to use Azure AD security features, such as two-factor authentication, for dedicated services. A solution for external users creates Azure B2C.
Frequently there is the requirement to release company resources to external users. A distinction must be drawn between a business-to-business relationship (see the article on Azure AD B2B) and a business-to-consumer / business-to-client relationship (B2C). While you usually want to integrate partners into internal resources in B2B, B2C services are mostly provided for customers, separate from internal use.
WHAT CAN AZURE AD B2C?
In the vast wide world of the Internet, a handful of identity providers has established themselves. In addition to maintaining your own user system, entering an e-mail address and setting your own password, many services offer the possibility to log on to a service through a Facebook, Google or Microsoft account. A popular example is the app Wunderlist. This saves the user the maintenance and the provision of different access data and considerably shortens the registration process. Even a not insignificant security factor, which is linked to the leaks of credentials in recent years, posed a major problem for the user (as well as the administrators): they had to change their access data because they were now known, and – oh God – where did I actually use this combination of username and password? The great search is going on; Or ignore it…
Even controversial services like Facebook now offer two-factor authentication. When logging in, for example, you get a code on your mobile phone and cannot log in until you enter this code. The probability that someone has access to my username, my password, my mobile phone and the PIN to unlock my mobile phone is negligible. Provocatively one could almost say that I cannot care if someone has my P @ ssw0rd .
It is, therefore, frightening how many services miss this security function. However, if you want to deploy such a service yourself, this is accompanied by considerable effort, since your own infrastructures and applications must also be provided for this security service. The motivation to use Identity Promoters, which offer this function, is therefore fast.
HOW DO I USE AZURE AD B2C?
The creation of an Azure AD is quickly done – as soon as a Microsoft Cloud Service (like Office 365) is put into operation, this is provided immediately. A separate application must, therefore, be “docked” to this system. In the Azure portal, you can now add the B2C service and specify which identity providers are to be used for the app.
By default, registration is offered via an email address. So the maintenance of your own username and password. In the background, this user is then created in the Azure B2C AD – because this is technically an Azure AD account, which the user does not have to differentiate himself, so are the Azure AD security functions, as well as the two-factor authentication or Thread Analytics. Furthermore, rules can be used to define registration rules, for example for a release process, so that the uncontrolled growth of accounts is inhibited.
AUTHENTICATE WITH BUSINESS OR SCHOOL ACCOUNTS TO AZURE B2C
Now it is possible that a consumer already has his own Azure AD account, i.e. a business or school account – for example, if the company already uses Office 365. Correspondingly, it is then sensible that such users can also register with their existing accounts. This requires an administrative intervention on the part of the consumer. This can be accomplished by a few manual steps. This process is to be further automated and simplified in the future. An administrative intervention will remain with companies that have at least a basic security when registering in their company environment. If the registration is released to any foreign service (default setting for a naked Office 365 environments), it may still be possible in terms of data security, if the user services such as Wunderlist, which were purchased from Microsoft, have been used. When I was asked as an external auditor and found a local network disk in the customer environment that fully pumped the company data back home and back, the customer felt this was not so fun.
Azure AD B2B & B2C meet many requirements for modern collaboration and provision of services. The security features of the Azure AD and its high availability provide a great added value and spare some effort. If you have any questions regarding the security of your identity management, cloud services and the connection to Azure AD please contact us.
Azure Web Development Services in California, Hawaii, Florida, Texas, Massachusetts, Alabama, Alaska, Georgia, Minnesota, North Carolina, Pennsylvania, Kentucky, New Jersey, Virginia, Washington, Illinois, Colorado, Arizona