Supported Microsoft Entra ID features
An Azure Active Directory B2C (Azure AD B2C) tenant is different than a Microsoft Entra tenant, which you may already have, but it relies on it. The following Microsoft Entra ID features can be used in your Azure AD B2C tenant.
| Feature | Microsoft Entra ID | Azure AD B2C |
|---|---|---|
| Groups | Groups can be used to manage administrative and user accounts. | Groups can be used to manage administrative accounts. You can't perform group-based assignment of enterprise applications. |
| Inviting External Identities guests | You can invite guest users and configure External Identities features such as federation and sign-in with Facebook and Google accounts. | You can invite only a Microsoft account or a Microsoft Entra user as a guest to your Microsoft Entra tenant for accessing applications or managing tenants. For consumer accounts, you use Azure AD B2C user flows and custom policies to manage users and sign-up or sign-in with external identity providers, such as Google or Facebook. |
| Roles and administrators | Fully supported for administrative and user accounts. | Roles are not supported with consumer accounts. Consumer accounts don't have access to any Azure resources. |
| Custom domain names | You can use Microsoft Entra custom domains for administrative accounts only. | Consumer accounts can sign in with a username, phone number, or any email address. You can use custom domains in your redirect URLs. |
| Conditional Access | Fully supported for administrative and user accounts. | A subset of Microsoft Entra Conditional Access features is supported with consumer accounts Learn how to configure Azure AD B2C conditional access. |
| Premium P1 | Fully supported for Microsoft Entra ID P1 features. For example, Password Protection, Hybrid Identities, Conditional Access, Dynamic groups, and more. | Azure AD B2C uses Azure AD B2C Premium P1 license, which is different from Microsoft Entra ID P1. A subset of Microsoft Entra Conditional Access features is supported with consumer accounts. Learn how to configure Azure AD B2C Conditional Access. |
| Premium P2 | Fully supported for Microsoft Entra ID P2 features. For example, Identity Protection, and Identity Governance. | Azure AD B2C uses Azure AD B2C Premium P2 license, which is different from Microsoft Entra ID P2. A subset of Microsoft Entra ID Protection features is supported with consumer accounts. Learn how to Investigate risk with Identity Protection and configure Azure AD B2C Conditional Access. |
| Data retention policy | Data retention period for both audit and sign in logs depend on your subscription. Learn more about How long Microsoft Entra ID store reporting data. | Sign in and audit logs are only retained for seven (7) days. If you require a longer retention period, use the Azure monitor. |
| Go-Local add-on | Microsoft Entra Go-Local add-on enables you to store data in the country/region you choose when your Microsoft Entra tenant. | Just like Microsoft Entra ID, Azure AD B2C supports Go-Local add-on. |
Note
Other Azure resources in your tenant:
In an Azure AD B2C tenant, you can't provision other Azure resources such as virtual machines, Azure web apps, or Azure functions. You must create these resources in your Microsoft Entra tenant.