Share via

Azure AD functionality available in Azure B2C

DB74 1 Reputation point
2022-11-01T14:17:41.393+00:00

Hi,

we are busy implementing a solution based on Azure B2C. We are checking which functionality is available in B2C versus functionality available in Azure AD. Based on the documentation it is not clear if all functionality is available in B2C.

I therefore have the following questions:

  1. In Azure AD you have Azure AD Password protection, see https://learn.microsoft.com/en-us/azure/active-directory/authentication/concept-password-ban-bad. Is this functionality also available in B2C?
  2. In Azure AD you have functionality available regarding leaked credentials, see https://learn.microsoft.com/en-us/azure/active-directory/identity-protection/concept-identity-protection-risks#leaked-credentials. Is this functionality available in B2C?
  3. In Azure AD MFA you have the option for session controls under conditional access. In Azure B2C this option is not available under conditional access. Is this functionality planned for Azure B2C conditional access as well or can it be added in some way?
  4. If you use Azure B2C MFA service the push notification is not available. Unless you use 3rd party solutions but that is not what we want. At the moment you have authentication strengths in Azure B2C and this makes it possible to use password + Microsoft Authenticator with push notifications. Can you get MFA with push notifications for B2C via this way?

Thanks in advance.

Microsoft Security | Microsoft Entra | Microsoft Entra External ID
Microsoft Security | Microsoft Entra | Microsoft Entra ID
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Marilee Turscak-MSFT 37,271 Reputation points Microsoft Employee Moderator
    2022-11-02T23:11:55.327+00:00

    Hi @DB74 ,

    Thanks for your post!

    1) Yes, password protection is supported for B2C. For more information, see Manage threats to resources and data - Azure AD B2C | Microsoft Learn. However, it is only supported for "Cloud-only" scenarios which do not require licensing. This means that you cannot use custom banned password lists out-of-the-box and of course, you cannot use on-premises password protection on B2C. Password protection in Azure Active Directory | Microsoft Learn

    There is, however, a workaround of adding a banned password list via custom policies.

    2) No. In Azure AD B2C tenants, only a subset of the Azure AD Identity Protection risk detections is available. These are documented in the Identity Protection risk detection: B2C guide:
    256548-image.png

    3) The most recent information I have says that session control is not yet available for B2C and the closest thing seems to be third party integration with Ping Federate. But I have also reached out to the product team to share your ask with them. You can also create a feature request in the feedback/ideas forum.

    4) No. I checked and as of a few days ago, there was an update from the product group that B2C MFA Push Notification for MsAuth app are planned, but we do not have an ETA available yet. Like you said, there are third party MFA partners who provide custom MFA with B2C and support push notifications. For instance, authy (Twilio) is an option. You can create a feedback request to help raise the priority of this feature, and check the release page for updates.

    -
    If the information helped you, please Accept the answer. This will help us and other members of the community as well.

    1 person found this answer helpful.

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.