Thank you for posting this in Microsoft Q&A.
I understand that you want to manage Azure access across multiple external organizations.
B2B collaboration is a capability of Microsoft Entra External ID that lets you collaborate with users and partners outside of your organization. This B2B collaboration user can then access the apps and resources you want to share with them. A user object is created for the B2B collaboration user in the same directory as your employees.
To avoid the challenges that you are facing, B2B collaboration is an only one way for you. With B2B collaboration, an external user is invited to sign in to your Microsoft Entra organization using their own credentials.
Azure Active Directory Conditional Access is an advanced feature of Azure AD that allows you to specify detailed policies that control who can access your resources. Using Conditional Access, you can protect your applications by limiting users' access based on things like groups, device type, location, and role. For more information about conditional-access polices
Conditional access policy works below users
- All users that exist in the directory including B2B guests.
- Select users and groups Guest or external users i.e. B2B collaboration guest users, B2B collaboration member users, B2B direct connect users, Service provider users, for example a Cloud Solution Provider (CSP) Other external user, or users not represented by the other user type selections.
Template categories to create Conditional access policies: https://learn.microsoft.com/en-us/entra/identity/conditional-access/concept-conditional-access-policy-common?tabs=secure-foundation
What is the option which you use to create accounts for Orgs B and C in your OrgA. Can you confirm the user type in your Org A for B and C in orgs accounts?
Any best practices or pitfalls to avoid in setting up Conditional Access or other policies?
Please follow the document to configuring and providing user lifecycle management in Microsoft Entra multitenant environments.
What Azure AD features or tools have you used for managing authentication across multiple tenants?
When you build a multitenant solution, there are special considerations and approaches for several aspects of the authentication process. For more information: Authentication
Hope this helps. Do let us know if you any further queries.
Thanks,
Navya.
If this answers your query, do click Accept Answer
and Yes
for was this answer helpful. And, if you have any further query do let us know.